hxxp://pornhub[.]com | Triage

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28-08-2023 23:23

Sharing

Report Analysis Logs

General

Target

http://pornhub.com

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2884	2244	WerFault.exe	43

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
2196	msedge.exe
2196	msedge.exe
2168	identity_helper.exe
2168	identity_helper.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2280	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2280	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 4592	4608	msedge.exe	64
PID 4608 wrote to memory of 4592	4608	msedge.exe	64
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 4332	4608	msedge.exe	88
PID 4608 wrote to memory of 2196	4608	msedge.exe	87
PID 4608 wrote to memory of 2196	4608	msedge.exe	87
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86
PID 4608 wrote to memory of 5100	4608	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0b2546f8,0x7ffb0b254708,0x7ffb0b254718
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2836 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3997774900385960928,5032490588666025877,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 440 -p 2244 -ip 2244
1⤵
PID:1796

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2244 -s 2660
1⤵
- Program crash
PID:2884

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x490 0x240
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
20KB

MD5
c0c549deff63ddf3032cddfa9ee8f31d

SHA1
6aaab3c2560b0253d996c49e9c88b52f26016598

SHA256
4aa2905906370445b9a3725f9c0019e46c67df72eefe47bc5b797bf8b9a39751

SHA512
cb4036f25323ce685eb438a0181846dd929e4aaf75d29ee676633e12f25559cdd33adc0d2b74bf0c5b5b290835cb2851dfc92269927d1eb299394c81907d6ea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
97bb54156cf344c1cfae1e3a67e9ce3e

SHA1
7b2914a232a188ac8d2e57d1ff4108a78d86f1bc

SHA256
6fb51b1f863bae5baff0b5f1ff01e79c3145b8e91aa6922fb5d4fcc698843afe

SHA512
8a930dc24998c1c8a38005cb0c600122de5dfdaa0be5cd338e2121a170146c6ad46908d5ffb06f867dfa8a83e8cba5617b525337d658bae4bb013a1ada6d5f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
29fba39d6e7b2df6a2f291bb51710363

SHA1
f6a6b67d427d3977b2bd7797a3c09dd9d06208a1

SHA256
3aa3f07abde6ae04627d74542f74af83d18b69e79efd508519b9a4f3f41c785e

SHA512
f8244cd116bc4fc853e2b1a73cad4fb262fc778c422eea4a738269d9543976a82767e7377fcd5b935763df72920b5d461486d7acebb488925d9d39b65e1187de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
84KB

MD5
76ebdfb6d4294b68bda7303bdcb7c370

SHA1
5075d683b0f0979705d5e8a2e8ffee07a709064e

SHA256
dedea38eeed3f10eedbfdcae874754a1cadfde71d4c9c8eeebed2eff7582cb12

SHA512
df2a5bfc9a02f69c9317cb332f1a7e1dab26de1770beec4e94f28a30d0411ca959775e72f116aa11041bfcea9337c091e336a3ed5fd93b26e38ef3e42523049a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
17KB

MD5
62a707260fc6c8d9cee535fbd161fe05

SHA1
2d21e1d7800ae2ab8b0bc00ee538383c799fb16d

SHA256
10522ea2b9e5d5a60b3e0a210ef64580d5e8b3d5e4a19376d01698d5cf214f41

SHA512
acfb5de939bbab077c78c43bf5ff64f1ad5cf9d06eb30838f7d606c97b10253c82de3dbc6bccfdc91823e1a6b4b82ef84b8827135715553d4c6e95500c48f2c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
afa6428924e0f20fe7fda33bf56ffaaf

SHA1
bc2229b6799244d3d37b23d0711d4728e996f8ad

SHA256
131c0c78a8f48f45684f48a39e5c529c8ca3cbecf96cebf709fb0d66526db5fe

SHA512
ab2ae5a62424b1be5baff74c14a30cdb14315af3d01db061ced2e11494aaee8d8a9708ffac3d1da2cef6d0b92e8f1ee8d4c04a59a818a03e8c73faeaea2930b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
758097d319aa13a1f9e953a652a33a58

SHA1
39f762f34c1c7c5dc9395d2e21d44bb265a67a6d

SHA256
ce13527e5ed7e93db6e2c0a8662895cbaa88cf63de6dfab30ca2c8efacd06b1c

SHA512
cde9a722a884fbc0a8ea7bb0a4153ac4c2d9c2c63fa74c4c6056c2303a5a9b0d8cfeb79d9e396e704a7e68372ac94c6969e1d99ecbd4ef18c9d25bf30b77ea0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
59a3c2eddcb1bc164ec6c447ec40a347

SHA1
5bad30c8bf9c3565504fad5e8f10cb670ef5d268

SHA256
023560c305c2dc63dad337cf57853c77dfc5aeb455420314dc0e0308dfb01b4d

SHA512
266cc144578e80f9e1a10df83f8602d5ab6dc9807b42e0128f926d1b927aa14a25904d6f7cdb88e3f335f65e5d313a92cf47e2da5db01072afe0efbc28c9da40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d127e734e1ecc0f7ce1e6a06661dceaf

SHA1
829a2a1037ba6fb8b9e60b3862249a270d5375bf

SHA256
a055f074e881b9f45f77a5bf5ab9cde6cc38e36f4558f5bd5bdcb060db6c6dd1

SHA512
e7849f1afa2da5f2c9850e4510950312eda0b64ddd75e264274616bffc9fc08efc1816ac652e46f63afcd9e66c849f4a716d0b7f61b80a549b2377878b8d20b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f593138372ee49c8c121b45bb66e88f1

SHA1
1fbee6632ebb55d54f7ddc0b1c6bc7e757b4edc7

SHA256
98447814c7759ea6a69ba01cddf6d162b30d2a41fe59a9bb78b36b70d48af62a

SHA512
87e315a1af7203805379a4efd27e243347aaf9e790a97d20899cd6bc94271005c96b20df4b57791c79ed4160f8b6b04b448898d2ea7b1ce80f7e3cbe0fb98e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e96a35fc71fbe0ce78d0395b8ec5a62d

SHA1
8713e50666f2c3860b1e193c8198731e5f344a17

SHA256
de35718e6fcf1c5a78bba52b3d2a7f87f5518f0af484eb2b389f7735ad850025

SHA512
9d67152375f6a4afefc4512c0933de4d8d14a0983673f51eb87dcabbd32d0d1a2cd797867b0bfc8a3ad1dc920510d19607753824909d8c5f9ce8bdf4ef13dacc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a444300fc8bd6ca6cd9c19ecb254084b

SHA1
d941c23c65bf80f7204c2b5557600a70d04744b4

SHA256
bc9b2c47b6278b8c1fce09fbb519e10316ee5ccc24c09ba2a86e2009735dcc1d

SHA512
7f3fcbd435dd1bdbf1620c42c8881031a82906e825a818c6e28f2f4501208f717b39a0df2daa266f0e060e184e5af881042c36decc8aaf94190484a143c31288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1061f680e3488838c6ba14e742b06bca

SHA1
ffbe27c58de050b4d3a66bd23a244edd95b3b8e2

SHA256
cfb0ff69bdfe3b3a4ec17a8f00a1207831c71c76c69df725e736626a7deb9394

SHA512
ee9a9e34fd81d7923eedde6fa2779ca1eb3fbdb9e4a468cf4f399f30a52dfe6110e03f2b80bdf6d955aeae0bfcd7104c1f5131cac7f27b6ab54eb57d2dce73bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
02181490260f17c9ca22b7d594c46eea

SHA1
47487cc86f9f999cfc564db9761b03ab8ac95fe9

SHA256
90efb85096bcff817aa5b0b47fab0304c7f1b84101ac809046047cc01c721a9c

SHA512
96465552b989d3d4be81a142fdf464e7363952ef2d57eceebc8e498ef3ff44b08df69b884a499137f84af013391295c63f8964d0350620725f8215bd0ddd7dbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
bdb7913fb5966fe79fff5bb426010313

SHA1
792c5e429110ef5674931461b603c75c1dca5eec

SHA256
570ce6827671579dc68b7489e8c01dedbce01cac4a8fb9702600d977092349a1

SHA512
9fc7ac14ff67d6b3743373d95079d7f15b464ab4eb04ff1860f529b354490c3f076a1c4c3d0decfd531760a6f4a7d594d9b98b5d95a9ba72cb7e4c9b7ed99b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586712.TMP

Filesize
48B

MD5
e20c37d4ca038364c21b1111f2bd644f

SHA1
ef3365a9ebe7ec484580106f4a31a0d7324d97ec

SHA256
ce013e603ccfba0d368fc52243199b8639514e2b628cede5b78391136be8279a

SHA512
c46043ff59c643bd1a19d37d39a88ea630811d79bf22fcf17dcaad55a83d59e6873dd52d76d4dd33be936e5499ab0e5a502657cd47e88aa7675dddee7a3d190c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
870f25ea2ed2c7a4e15584325b46fc83

SHA1
910e3c1db245bafbf140f2c027045877bda8bf23

SHA256
e8477f040180c475549779121dd939e104397d511ae938774e2230f18d8b7693

SHA512
73367b4ea8b93c89ab8815e52dd238169f023faa1a16382e2b8f6a76016418bee8f4d56fc5ba95a1c496232c038036e2f3f672458ea3c32fb07954122575810a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ea99bc9691ec0cd70a4a03a6fec1212c

SHA1
1fec86e55cf25f1f1c16b96d618f0cf82b829160

SHA256
96291b1f6d06e421c5a926124e0dd689ef021e19ac774d2c9f7b5102ea3fcfaa

SHA512
1e791b79d4d52214fde515e362d55e60383ab02d100e1764233faac44d6254602b85acd82f8c1ba8357835880b80c9a1d4f2e3766e9b3cc4e4f1ffde20310649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0dc43fe8265b7b5bb7e88ec0a79a5bae

SHA1
38691f4ca4fb0a0a5b32e422f4cebf9c96f0607d

SHA256
ae1fb5f6061ef08ac1e511e92b8c4210d4d9002bc671be544b4128ff41f9ee1b

SHA512
c2a5f16d1cf1899c2ceba07f6eced12a27e5f4942b050a982926d28dcc19c3367a42457db17914be2c74689842507d9225e4538ccab9e7f4415d5ca34dbd505e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5c85b496e9990defe83e37353d5028ba

SHA1
87abb20ca989bf2851a32338b491dbe3e2f0f2fe

SHA256
0236f843e1cab3414786e53d0a94b0b271e2d2988710648f4c2c319d5a06c1d3

SHA512
3d571cd37cc29d6b708bb961587b3a85be737b6edfcb31a0684ce4f9381df9832eb69b49c40d2b7148be26bfaaa2620eb6b1ff69a18e7ba18a9f159aaf573e35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
323c9859d58610cf49a46ad04eca48b4

SHA1
7b7013b843717187be728fa299380b26f1b5e6fd

SHA256
7fc938a05a300c5c31711b38e23afd81f6fb6bc971b5955fe5868b3ebbc92797

SHA512
0a769784dfdba1437182f60e9492c9cb5cc9b78157ce33606d28480bd8f4f71b2d6263a706638bc3e828aac32448fa4d8976d7cb2ee830d345ef8981dae0e836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c60a.TMP

Filesize
871B

MD5
b9fb80db0f3a1acd72e2d20ae61dae7e

SHA1
70d3ad02514b3828fe546399a92dd1a782f14eaa

SHA256
814b468e2cbea8a435be8d36309eade9432f38e296822b20848664dd408a1d1e

SHA512
a6ba98e2ea712cc78c3d3642f86151b4702508bc03ac3c9500deb4d426e358ba6d8341d1a271e88868d5e1785a9c42362fc7c081eabe5f1261d253da9fcc2214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b1a17281081fda2f21a2b2c476aceed2

SHA1
c8b587c78e0073d7cdcf6f5dfcfd824883fc5712

SHA256
66ff431b245e9b5b41fb4c68bb44591c927fe30e762aec1f3cced8fad9c96d7e

SHA512
4c1d451e3ae0428dd655a0025e6a23f6ae6bc5d02e8ad4d20f13b874e5a71ecddb3ff78233bbb00b22189861a079a17b4da5b6af84ea39ad85b9814fc718ba26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6abd6322c0d708d3194624adf3d47cd1

SHA1
79befe4b13873eae557259cb52d8741ffe0bca07

SHA256
78454843ea77741f2a0a04a1d9a83d6f790d945d099b416ae89f771e1278017e

SHA512
b64f51046776aedf726469750882d56e46d75bd7e31966208040146a3b9f48635473c24e61962d3fde62a1a810af5f74c515ce774291f92865996fcb620f4431

Download Submit