hxxps://strongrill[.]com[.]br/js/pj/oafrro/YWRpbC5raGFuQGRyZWMuYWU=

Analysis

max time kernel
242s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2023, 10:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://strongrill.com.br/js/pj/oafrro/YWRpbC5raGFuQGRyZWMuYWU=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
3544	msedge.exe
3544	msedge.exe
3228	identity_helper.exe
3228	identity_helper.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 4908	3544	msedge.exe	2
PID 3544 wrote to memory of 4908	3544	msedge.exe	2
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1292	3544	msedge.exe	87
PID 3544 wrote to memory of 1552	3544	msedge.exe	86
PID 3544 wrote to memory of 1552	3544	msedge.exe	86
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88
PID 3544 wrote to memory of 1136	3544	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://strongrill.com.br/js/pj/oafrro/YWRpbC5raGFuQGRyZWMuYWU=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4e4246f8,0x7ffe4e424708,0x7ffe4e424718
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,3773389140231195708,7063049586848154761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,3773389140231195708,7063049586848154761,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,3773389140231195708,7063049586848154761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3773389140231195708,7063049586848154761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3773389140231195708,7063049586848154761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,3773389140231195708,7063049586848154761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,3773389140231195708,7063049586848154761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3773389140231195708,7063049586848154761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3773389140231195708,7063049586848154761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3773389140231195708,7063049586848154761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3773389140231195708,7063049586848154761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,3773389140231195708,7063049586848154761,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d5af55f794f9a10c5943d2f80dde5c5

SHA1
5252adf87d6bd769f2c39b9e8eba77b087a0160d

SHA256
43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764

SHA512
2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
b8ef31ae9b3af909743111d284e21c56

SHA1
8d4c778be1f008113126d08e9cc5222d251ea418

SHA256
d97fdec0835dc184167ac5d9b42169fd14590fe7864e68ac62a9ab5c7464efc7

SHA512
8026d160dd6fcaf00af585825fa703a6ae456baed7a9e2125897f4e5506b5c9bcfb99198022bd59c6dcc3828ddd6f764084c7017db9fb1b94baeee0d17f53234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
102KB

MD5
03c0f2128c8dd615b1691c168f1d4456

SHA1
defa44bed1f35ec899cfd358ca911390bca53e67

SHA256
67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694

SHA512
01485475aec2d490e75dc76aea6e011541edcff527e85a773644accf101175b619e10b4d3a5cdb5926669559782bc33df483fe9cc3de9d3431e08123ce5d0853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
17KB

MD5
ce795adb7e7594cbc25f9fd2d6e1a2fd

SHA1
4db09326441814d65f42f835a7102d28459363b0

SHA256
50bb7c36ecca26ef05a1d308ca06ca7f60740c7e95d20a8971909303f4fa8657

SHA512
1f24b56fc13ce0294f2ac45e6c90e2400324e1d4727db99eb72ffb13733543916e2cfedf102cb37ff5614fd41c88a7ead87238dfc57eaa2958b64d066c953e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
72KB

MD5
68a2e1c3048033103d11856810f40fb2

SHA1
2f8390ae10db4881fe44e016a7c2d87cd28b9457

SHA256
f7d4c54dc556bce61c6a59150788149f9310dcf3f1deba151612334afd20e726

SHA512
efe85d67fb1d5420eff7763136b2256874bc57f9a02025ec6d7e43436bf6a823eb7e076d4981dab4e64c22ca6c151bf91f57553a4abf823fc7040dae6cf1b752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
266KB

MD5
3668483d6bec85381fa572cfb16064de

SHA1
952493239758661ed29f5b153bf39d6de22a0895

SHA256
285eb0d78fa0be3b46c229e1823d7b735c4629db98d0673e20204da8e4653a06

SHA512
a08f83f1c874f1aa28c76ca1ef3f81ab866b33091a0d72266d51b1e072fe58e338ad53f8d6739c0d045aa570f7c794dc5b2d8b6b4a215f5e4f93727e68b24b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
66KB

MD5
1278a495e69e4bc630b71501c0b77880

SHA1
456f14212f63fb6438e7ebbcebdd5f7469cbc9e3

SHA256
1e9fb2be403cb66947da2fd5dd2c4a352f86dcab9d50817130fe0fd78f36cb34

SHA512
5dbd1f755946e3d727187e50afb59f9081f7a37f99eec18bb8e6379e6433ccf8e77e783ba4f532ccd362c6c8f8d3225342f0c39de845ee2a299346d3be22fddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
86KB

MD5
ddd998628c6cc500c093ac4dacb67b51

SHA1
2c64eb675a6858327522c3dc3d760e30e6f3749f

SHA256
4a8ad093e3917e3ff1ac90e3da581a1988d6b0fb6159c82366d3ca99c78d21af

SHA512
fbd26e01c4f1778a28c5e6d7fc6e56fc52fd4b0175fb0f09028729e99b459b030642b96e8a1c7170a83cf2e4851d7ffbf1b28d8f8ea42b3aee61ee2a609afe07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
183KB

MD5
41d3da6cf5ad69bdd564a750565b1624

SHA1
a204aca7cedbbb08dc5d2d95d7440da8e05661ca

SHA256
a06a9922c183383c121c8b990c12ffa475ccf88dfffc7313fa096037ccfde330

SHA512
fea54a2940aee3697d8b6f8ea3e53f3ab0dfdf39c02a8ee923a39fac26f24d87591b2ecbcb506c8efe7f0d576844d5e4743037d7f9b8ce5b4c456fee79e5f209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
89KB

MD5
9ce11f13aa52d6c6e4478a92e2c25df1

SHA1
f647379bed2affe6cc4d74e124aee4323233b04e

SHA256
677e1d888a0b08dd17d535cda230b8e9a3002bd5c01340fd588f6eb41c60c757

SHA512
67da4cf92a22d9270547627267b31542fa7b2604792b762b34eb868e10941110c4d515f8d0a03723247fd4e4fdb716fd3089e30ba266965da9a3021cffaaefc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
52KB

MD5
c1dd4de6f5c15d6bbfe624ef0824e163

SHA1
a0a956904d2644b279bb7e6c95cc14bd5048fd05

SHA256
48ea954df72b56e6e7bbc8582cd6d4b9db03191b5d4206fe76956b843df851eb

SHA512
bc24eb4e84d17a36677ead2c9cfe1b4a7949e4cf9b5722313599cd920d287f5c02e4b632a76a093fc7a33b6fad6268a33e44a6c933518509a21cba7bbaf621dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
81KB

MD5
121c079c75f6ba61f38d117af0e3bdb4

SHA1
a71ebe44d2e4cba1233e097fffaa1202be4b9f74

SHA256
b5b46c7bbd47ff4c387fd2edb86049a890e5889529ee3c59c2017bc9ef49416e

SHA512
74c69f3098bb95f62339fc25a8b9d7dd674283ecb72da40232b7976277f48858447830a1607187211ac61bba602a62af7b82c951ed6c6f25e3a5b20d64937bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
34KB

MD5
a2009a8dc5ac9411f2f89e7653fe0d5b

SHA1
1e85b8b730ad3394436e76232babab11e3b1c3c3

SHA256
66715fddd2ec4504e55312148c99e4cf8ad42e4b87b84981d97777d096757764

SHA512
d075c93c8fa154d7c76f45f9bb20535b99a34808e0b0cb177bb0d82817b9eaf3abfb5ff238b988f32d3af9d27687c6d62db0492bfa66249192e79f1c02873767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
18KB

MD5
4cc444663c1e69cb8ac7b909e7192bca

SHA1
d00ddc5b9526193fa99bc3995a6d05f995452ea1

SHA256
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

SHA512
ae37d08d11aa4337650cbec0d0f1205a5505cb3e82373873e82cba093019521cd2b93cfe2dbe4840ce098717287e1f732e9330c90063b122f1c6358664f1b8ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
33KB

MD5
4e9a873ad8059c84e10ab85affe56652

SHA1
3acd80a34f66da886d22d5aac5a88ea8e4489757

SHA256
9e23d8a93b2eaf985166352f17f3fdcbacb1e9cfbddb9919c1e3cf46d3e84a61

SHA512
528808a67a70a66d7762221216e082eff767323056c18c9e2dd9c15ded1497f5474c1536bb04099241425511b8152af3b856bc4264d15372e51b14f74ee1122b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
96ff4608d5016824c5f203023c8bacd2

SHA1
ab125c89377c166e0e992d1020b64bb9d77024df

SHA256
8790d0638a3cdc7a983a9e64b5b3bc133c2dad7743ac5736639a19f505682563

SHA512
743d6352d33b8ab6217f04ec2d005a884540d704f52cf6de6a4041c3b331ba71d228bb8150a1415e94004cd679e5fbe77627b1934be2fc1d85eccb760ac01f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
91b59ff82b7b8eb9c92382544caf83a7

SHA1
4b6439b7bc30e85e4e9868e0cb259d624d51099d

SHA256
0c9f3f8c68eb09e1890da3ae0ade9e84ab78e3ddc11f64fb11762b7655effc49

SHA512
b91db8c2985fe4e4670de64a61b215e9a9c7faaf4381210acebe235a1b2b16d3365a046a66a631d7f685375ed48266a2f89b7671d0854e6f8d3177f0bd2ffc62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5b9db8241ac430d86051f87d51cc72ab

SHA1
7e65bc7ca120d3fa4859873003d867c5b923b889

SHA256
7ace2754058b17c22a1522c9f9deb196b5aa3a8488551c8682c43344bb890757

SHA512
5f4b25b53628984173ffa042648184a07d50a4a3df0225a3e3a859da0bd4f6382261cb0c96b895e182ab6bab103805ad47f1d8a1a88661dc424bf6f1b6194072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5e7a1ff11e06bd081c5704000a6e6005

SHA1
5a0973fd31dfc3c4f918dca651abd322e356c9bf

SHA256
413f9105be51f966039569d2cece54d5a9594bc29708d299d904f3bd3d78f621

SHA512
0fe9d80bbfb4aefc75d007e8f19ea6c9298fa715e8fda31399412daaefaa989d516853d8db5ad9a2188a6b472ce0e4a1eacec23739da5720afde5ebefd6a0848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
53f7fa08f4156755cc2c57b0beceecc0

SHA1
fabddb1eebddc6e63743068e0a643fa22d72cea6

SHA256
5832ed57ca66aed9bb6fb609ade7e92a7d06bdc8aad177ffb4dfb3814d66b6ea

SHA512
044d0775dfb6c2f6f61193fddc622538eac5b98548b5cf6d63a9c328041a181d8e151bd28760d5cf7a8fe307133d9e0a7c790a22bd9bf763d0edba2812a7c9fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
214fd54edf73c7762cff3c5bcee31b8e

SHA1
aba0344c276354220a7503682ed9be27c030cfd9

SHA256
e88954d6e7ff0b2482dbcd2b61b91435fa6078857c6d8bf2d897e795bef8b2f8

SHA512
f9a0ec52baff6b3558271df39b8934cddec43714d0347d471e9eee9490628825eae8b7a668b620e61caed36b2ac4c2878e6b0c65ffa2dc4f3ec920f47eee1752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1739bca4ef8b8f06710e01920e618a23

SHA1
f167dc5aa00c4a482d08a6d9ae7b6162ab63189b

SHA256
5199972f3c8381194d4e1800ec10af4f0ffd5da95bc5541dde90c7ca10e80028

SHA512
5782d0e7db5d355537445a2299cb9f36759ea16ab8948452e87f217a331182bfb9268be61795a681d2fb74bd78ef3f8aa1ee88980c544fda5ba56d6cfeaf6b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d259dc6fb61f3b1e5de62f1bb4efe6a0

SHA1
2a7c035d4c429d433033468f741eaa7cedcbbe05

SHA256
969bae301f904cd0b95907e2fba1541240ef803651e999a5360cc0de873b9f2d

SHA512
c626cc45d2ed0575c78bb8fafe7c350cbc15a546489516271f45d9007fa6b4fae26c9e55d1326e890cb68b30639e1c3e69e4b150b63f49af7d65dfa2d45d1c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3af2cb2bc727ae5121ad31c524fb15c

SHA1
98944da69ea2b59c35fa6e2e17e19716de521b21

SHA256
4c583c07863514c98ace17c997e37f5d5d1b98455a47064a8dc4c2f0e43b15e4

SHA512
b57fdbb5ed90f3b5e16e62b47c2be509502ac276fe6d503a5065b616cb76faa46e2516f10f7716a5fbd4faf17fbcf8519e22031e83af927d750a95c3c1194285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
10f5b64000466c1e6da25fb5a0115924

SHA1
cb253bacf2b087c4040eb3c6a192924234f68639

SHA256
d818b1cebb2d1e2b269f2e41654702a0df261e63ba2a479f34b75563265ee46b

SHA512
8a8d230594d6fade63ecd63ba60985a7ccd1353de8d0a119543985bf182fdbb45f38ccc96441c24f0792ea1c449de69563c38348c2bedb2845522a2f83a149db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
948d723ca8d9c9f3056c96fe4fff59df

SHA1
86f161962842cb7380eb67988bb0552fab19ef03

SHA256
07d74fd8acad534aa73b1121b0b4ca1d99fca8e1512229b9b311e5464d8ae892

SHA512
0ea05a2aeab58407365b2b5f11ad2b2d962e2c9a02f8dd2b64045daaa8a84e07f44366d0c33b2d895d5038e683fc62e4b9767490060775d0d2f70bf758f11db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5883b2.TMP

Filesize
1KB

MD5
952119efb2ce7528e85546a7345f84c3

SHA1
c6071e888f8811e34ca8408fe1b4eaa89246cd6a

SHA256
7f6c322fa293c731d285ad2414bb16589d18337b4966740e37406d041e529eb7

SHA512
ed696fc9f04c3996a19e81119a0faabe0a6f2b46efa32e3dcdc9a332230e7053b305b598ec893cd96f585a64c6163ac2fcec9da1bad68024304a98a10af3fa0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
89e06673d8351846c1b654a04cdc1f9c

SHA1
ce028e0b7ccb2da1c752845f87daedc82dfe72af

SHA256
bb2366105bfcdb2991822b7169661b99c5132b72c668ef699e87debd5ce972f4

SHA512
01f80485225e4eb8dd8f707f21d4ed1e2bd5b45c24e481274c463ca3a946eb54c669d72b8d2b35a48e5cc3be9fd61820be8eb8e73a41b74ddbd3bc3cefcaec9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cfd8892f65a1d834755b05a4d0d6befd

SHA1
e416b9df49a8488e18433a786af8c6cef7c8368e

SHA256
078e04aead087453572e8e9870465fb5770781ccbc9c4050e8f8bfe3f2b8027a

SHA512
e72a80763ae9e486151d2bb978a6df5e6887b4c5951b4f67cc7ebebea1247891c0e215632d5f5de36b16d2ef752bb9faa4a7524a157093a93a43cae6d42da67d

Download Submit