hxxp://tr22k8eo3d4l9rtt7ezm[.]uv2y[.]ru

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2023, 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tr22k8eo3d4l9rtt7ezm.uv2y.ru

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4332	msedge.exe
4332	msedge.exe
4512	msedge.exe
4512	msedge.exe
3752	identity_helper.exe
3752	identity_helper.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 3416	4332	msedge.exe	81
PID 4332 wrote to memory of 3416	4332	msedge.exe	81
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 3412	4332	msedge.exe	83
PID 4332 wrote to memory of 4512	4332	msedge.exe	82
PID 4332 wrote to memory of 4512	4332	msedge.exe	82
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84
PID 4332 wrote to memory of 4352	4332	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tr22k8eo3d4l9rtt7ezm.uv2y.ru
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2fa346f8,0x7ffe2fa34708,0x7ffe2fa34718
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2796 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7117903560778293141,8707272766232095073,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
48KB

MD5
41f064d61d9855ba702bec9a3a4f5aa2

SHA1
427dbd25d04ba4050541863c886b1ba90c431293

SHA256
9c93d4fa6f24150f077f61ab45375b2925c612fe578033f44418172e8b5882ed

SHA512
05f3d4b329e0f5978eca42e90910dec23ce8a4a5ae28229bb3522d9bc620805b81798687c5d578a9f20bc78d804a68ad7bffa10fb519d839de53a336dd9a3b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
46KB

MD5
2219a032f1ce868555072d6950e96013

SHA1
53aa0781ae3ed024622c21eb7d82b56f256567b2

SHA256
2deb7de7687d9d3c88c1ad2b116e2b26c2d86fddc25d9f5ae64cade824c2c8ca

SHA512
d323adc2242ba0674a820a684d22f0ffbbb901f0fbf751ea4e9f91cb06763d0e95d71dabcfc5e0e582953a2561f1525e6c3b1427321c8182f8fe7a14b9197a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
58KB

MD5
1a20835382afa7b35d8d7715dca7f7e6

SHA1
f6afd2579415b151d3a8b05f6b5bfe23fd4e48a6

SHA256
87b42b461db0ef5526ada66617d413aeea35ac759d9981fae533896862310d59

SHA512
fdb755d5d72b9d9fafec7470afed743ae790290a414e28eefcb82a446205cd3f23bc8b8ce91a2f8bc7cde41e5b0bafe8a76bef3fa54c01f27520e6f44b180609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
90KB

MD5
79b1f24f4eeb453a4446b9f3a052c961

SHA1
46cbb21d9dc2887c4f0b06d2e26bae537e72b45d

SHA256
10410619e46ca3ab696879ab780ae74c519e7862dc6124e97adf58be26c08896

SHA512
44a18475853c4f69ddc96fa0bb03c816841c5ff5d9960bda5486378dcc9da3945d8dd7618b9fbc18729bc5a9823148894469b96c337ed43edcd98ddedda10243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
82KB

MD5
ca03f213e9522973042d8d88fc403535

SHA1
64ad837fd31d3e75428adbb4795b66bd67ec300e

SHA256
85a175cd7308768362b8cfc3f7f0cd2aedb585c0a74c43fed7285cab228f0f9b

SHA512
52c2e4975c53ca0514a9cdda10b890977401acf57d4c4ee317da025424872d9332a08533ab79bb99c73b98998a71b61568263da1992bce0bf1e9a1b5d5072a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
87KB

MD5
0e37924c6e99b59f15bec3c40811ad29

SHA1
f8e7269e509b761e88cc7f90960edb1f2ecd15d3

SHA256
579852cdfc47e7d38c008fdf12536975faf8eb710429ae0917c5f02ba32b8215

SHA512
d3d2474cb4b90d9e8fc6c3844276716e9f1e8bd95167e8371b8dbc5ca338567f653889e35993029176d0e3b1705a9e19a72a5efc6283689588dd38ba254b22f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
67KB

MD5
ee11b1449b494a831ae892f5ff16f9bf

SHA1
4ca20e305eaee9e2113f19aece994ec306c39657

SHA256
e7832de62f70543ecac1f9a4fe8cb09a46e4484fa6fd35f09d5e24381cf9f2c7

SHA512
bb18afe830aef0cb71960d5ba3d64627670681f97725720b458a8a42f5e32fa429c06551f12aa8f7ffc0e5f6ae125daa189113652c25954abe0481c55b9cca9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
28KB

MD5
9d48b3e1c0d2731d1889901c94a9e4df

SHA1
9ac78ac442f0c94237f9d6e470543bc8a5c06142

SHA256
8bb81cedd8389919f912cc5189e132bb1f1cfe924e47c281ff929bf777093294

SHA512
ab0e4b6a4a9b2f4d3790405d1d1e39830f6c55e6a8f32a48ecc956532de9708c41751748e6f9abee42b8dda20915c2a3351b5c5937d7d16e5e8e107105596fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
d8c66abe5e0a07eb466176c2e043ea6d

SHA1
8fc0d62db433cb1c9aab9204b0debb1e24e9479f

SHA256
9aeda22eeed5a45ffc405c8aa3c84ca2d835c11f552d3e17276c26effb74e424

SHA512
201ed650986b6e8803acdb9816f550fa23f38931dda44eeaef03ddbc9330a3671a18ff391cc5de58cbca7d38e0bf4ee16d849978e6571d611558736b1c1abc58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
fe2b59a238e0e1ec029d752733e76a2d

SHA1
9d184ffb422de662c2e77b096516b4156f26f526

SHA256
b5d6f723aa566eb339212f4763b2f4c7867fa0e187d047a1d1662cbefa7559e4

SHA512
3d51fd13e60733a364fab29515cec72ba12cf03beba344e040887b42976955d920bf066dc55f70584b90c9b06656788373cc21ecfabf3d11a874ddd4d57dd17b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
9b23a1ef5c12206a78992c8b7e00681b

SHA1
fd4ea18db20098ff8b52bda3540e39569ae51637

SHA256
12feccdc5cc55500e2d295cbe7e7d732ad96a2f6277912bac7480c11af05d339

SHA512
0859e3d8d737c37bf326b710ed1ad9f000d6d3955a234372187035b028957b50d4eb75f6038b094df5e13b840bce51327913f01e77ecbc204b7975cb9acc64ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
630f5a90af8f8f449beb0389a699487a

SHA1
238127a21597301a69c2ab8ffb63c99610807714

SHA256
2d157edb22e51d0c5681c1898d98de772d4adca90c1d65862684dd5759f56174

SHA512
2b7e039b30da10198406245917694c47269d7e6c1f102b3b6e6fe0ab901a0451135f6aaa680d7c27d9f6f25a6a1eaf77084ab67f56725e28556799ad23c60738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
50d274260d747c26f2dac65db21cc172

SHA1
0079d354104d4645e10993e6c1d218905006d7bd

SHA256
b93f9e0bdc7f1d25f68c1d573eb0eb46ced791ebe0f43e80962e880839c07f18

SHA512
afe89bd9a3f596f22be8e1915401c847eefffba732cfe924c24d1feee300721fc4f10619f55f5b48b8c9a5ea74f3557e3f8bc3da8dd03be3d25a14d04410399e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
66d6326243e5afb9f90e627370c752cc

SHA1
5c3d008963e2c609aae2f8e036ed6f655840be90

SHA256
06969b38f19431f10d687826f863d7bef3d8e2d15464b739291967b0c31a4c12

SHA512
3c9f21065ee81bb6468bdf3779f1d473160b2eb0b986417fa1bda956f8a95e5232f624cc6ee9a370b799858b4baf3fd77349ded4a6653755e9a58476084f5f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5d7b9383a183581012c64ecfef29e766

SHA1
7b4964d1828c516eebf07864e9d2cca46990ff8a

SHA256
56e09fd152449392e6a296a473ac216fd1d675efb3ddb3a76d8c630fd6d10e1d

SHA512
270ef3d74b4fcaaf86b346b2db24d198fdf6c79103f95c8b314cfdfc10fcbdcb72c570720916f1f602b8f8c1e32a2d67aa7929d59a3bb5a3f9d2b9abdc2316b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e07e9ca1d8127c8a82a9bb1cd7cae324

SHA1
5db8fbfe2f630c8931b8a33ce0ee759d6efebe67

SHA256
c55b6731067aeacaa7e75541d95aeb7c9d3b1dc2b23697ddb9aec9953cbde469

SHA512
86a75bae953a34872da250d328580ebd58179a159693067ce9e2351d413501f4dbbf6472f7ed93e6e6ab304384b946d44f772194ff01eb0c9c08cbe63b404fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3aa3d5b8495cd89c5b5557db6d3aa18b

SHA1
e99134735cc874423c8a3ae6299e506a08b39128

SHA256
d482c11fda624bf66ac0e574a4bd2b072657776269f468b57fdb69d6873f183a

SHA512
d05138a76343a5c637a7c0ea7b8c46c325961cb4d7dee33bbc7ac073698e17784c8256629ec82014b087abbf95465d0bf3eb8455bef9163c9d77f3fb39567fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
96f00bbd6a174879c58220f95f0115f5

SHA1
d3d7f82b0bf27daf1b3903bfe050c2d05422050f

SHA256
644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107

SHA512
e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6930f4e8a23bff35d289b2d59a50a062

SHA1
6e6f8fa831bc3ef447f25e3c810a72df40dbca52

SHA256
67ff776a812a227296ce5f88c55babac45d3881912ff95926a2a069989f0debc

SHA512
25838d05bc6f288c4a5934cabb8bb54f9754fda447f264d4e3cb8a67f3e900af3007593f87e1482cc8e3426e76391bdbfe6ebb5ec14b0e9efa254ce41c2ceae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
415d2fabbe76183a236d4d6d1c1f21a8

SHA1
2f110c1bd2f3889c158014c363a078cfb7b2b293

SHA256
7020a2608b94c2bfaeb6d9aa37783defcb66550587c10a78de03efbfc207ae43

SHA512
0de42cea3a6aaa554df9a989b30bdefe1106d9f51b046617874adb9716d908bb24f4adfc9a10f0a3d5e50ef0e750fe3e62c0051d850825ccd80f3bd5077eaea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7bffc1d46459b3402779261d416f7aa0

SHA1
31e03cc27a2e5471ba741f9af7c067a72db66ffc

SHA256
02bc39d6a3d705aae86967c7ffc8c3f6e65f15d3272df828ee995089eee58cc8

SHA512
bd98f7a6d32622908e5730bca499ed8534fe5b8ecc94cb80f72a555a8a76f55fe38979cf4edbb7b4ac93b8bfa0894b7b64c75a2a7836ff0db4fd15cdbf3dc457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
823d10035fb549ca507f95eac8a39189

SHA1
e60c340bf9f7650db70adc0e207c169846e6a668

SHA256
d9137b014b90b56e23f51348b906827dfc7d5c76bbd50fb401d70d5e2896d7be

SHA512
2c5238720efec9c81388c694512be25b318c931f663c8b8aae6aeb80bcfe4e8a595092a768b8f6a4a3730d84f68ff71b368d49374ae753d842b7db266b9597ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
72d0aa07c2bab2413dfefeb1a2d1e1e2

SHA1
f16beca77ae40dbfba23be23d8458ed2bd62bc05

SHA256
40880b0685169f1dae5ab33a78d7dab8b0943de9ed83cd846580217ff8ad6a1f

SHA512
9d0ebe638dc11fd53f8fd99cd3ded2d244ed6a8aba337816ed327bbb7c1b8949dabcb76a8f04f09ef14c6aee918f581ede13c2bb8cda887679f9cb0aaf2df52f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586c61.TMP

Filesize
1KB

MD5
c3f66d8e64f4310a5132cd454af7520e

SHA1
dd55aca09f77047dec84881cbfc61a8422528159

SHA256
25b73c9ee2b2ec420b044baec46119e731e5a8811a0d8437b417732519130ca9

SHA512
acc60837e353cd5e688ae74a18a196c428976297cd0ab7aeb55b09a0151ae7412e44554b4001ec0114cdc61334612e49f287a859957b3d8eccceea1ef61f264d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8261ddd470e2602f6a2000e151742e12

SHA1
7eff4b0208e1c11d08d8f31dce6a0fac62946059

SHA256
00cd436eaf9bfc00f05fde881380aad6787b80a83e1aa902f3099d0f093a9047

SHA512
c0c5b917fa4b9498dcfd91f61ef5e39f8414b83ece02309411398a9013f3b8e51826f1ed9c48c9f4e55a335eedb725e4a768f05e7d9169f0bbcd14bf8347e8c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit