hxxp://185[.]22[.]172[.]106

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2023 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://185.22.172.106

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3350690463-3549324357-1323838019-1000\{420D9F7C-1DBC-4395-BC50-93B9E8172ECD}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
1584	msedge.exe
1584	msedge.exe
420	identity_helper.exe
420	identity_helper.exe
3508	msedge.exe
3508	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 4808	232	msedge.exe	15
PID 232 wrote to memory of 4808	232	msedge.exe	15
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 4048	232	msedge.exe	24
PID 232 wrote to memory of 1584	232	msedge.exe	22
PID 232 wrote to memory of 1584	232	msedge.exe	22
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23
PID 232 wrote to memory of 468	232	msedge.exe	23

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://185.22.172.106
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd47746f8,0x7ffbd4774708,0x7ffbd4774718
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3616869706733052833,10440993055350006852,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
PID:4184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
77c9febe3e4dbf5111f52e13a5eb247b

SHA1
e2c4f8d1c01e5ae2492759c8903e40f2752932f2

SHA256
70290d00a49f7ca5910343537033ca8ae6b54ff846d3c82a00613a33cadf51d5

SHA512
2b6c46d9bbd9b6ac3046a4532f8f5b8de6203a0ddee3f03e84fc4c6954d2e227a76613ee2dda7572fa8587f27de7800637caa95aad15d9f0818d502127c37b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
69KB

MD5
f658006220c88b9fd1029bd3e0e6db32

SHA1
b49befbed57d1d77696889e050d5b9f1d0294566

SHA256
c1669907d00ff2d6f449d00b050f92438b8d0cb7ed61ad4768670404792636e4

SHA512
ba098902c00099dc78a56b85af6da2c2b238697bad36936bf3211725b8d55115710dc6f278a6bbf9e5e925e7ed7f02019dd2512c42cd730cc14b0049ac8bdc1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.0MB

MD5
a445ee7efaa1d64a3f4847b2b3bb2984

SHA1
57d2431f05387d25640456c8f405f635c9a016a2

SHA256
7091926a217a5483c1b68ac757bd5bae502629f4fc773b429b8c008b1a784890

SHA512
170fef846eda3ea79175c743f8fe8fd8a1d2fb9f816f12a1165d1ec979d0340c9108587b698ee26cb892dfa4e960fa1b8ec6618a2c0ccbcaf54bab95098c1130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1d7cb9f9791bd8a405420eaff841585a

SHA1
3d2c2177630a1a5dc8b4434c53c6c6bde85179f8

SHA256
5b68f54621ae4f8fc353f5df362cb73c85de65463b143fb26c35324b176148e4

SHA512
ec7ddefd44c56f89bb6dacb5cdf127a289685145a7dc87a239271b440e31119a1b7b4bb3e9dd3e5c96c5068fccf05d05f781375151f3575b0c91a41de7a52065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
467B

MD5
54dd20af23dd54e67ca05518ee7731be

SHA1
372eb77e0d8d0f243353c54d114fb6fe336460ba

SHA256
764a80e703e029499fc0629a91029bdcc3875b066920c94374e62ebcbb0ce2a1

SHA512
0790415af6b784ad3a48babe4df1d94cc30c0e780f255ff45ebcedf010163c76cfdacef90c423ba3791e49379869b3ecd6d77b0ffe080ae0e42bafc769fa9b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
71fbe57d3fc72206493cc758afc35908

SHA1
157d20a8a567bddef915def86fc20fa95e9ad8c0

SHA256
c4a2578baab76899efb817569e81f5a88cb0d02535a0ecdc3e5cb1dc136c4654

SHA512
83a416d54a89608a523650feb6525223acf6d4d9aa2c7329729ce69273687244c09f025164b0a1873436a97ec3da958bc005fd2a07c6c1239ae745c2dfae8edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c533c311f6428cfc738f89e085253ac

SHA1
19011b4e9e9765b6edc06295648e9144506d96f9

SHA256
371e67b5210e41328e2bd28e38ec54da46b0cf01f3b68badfee1ae0ee796fd60

SHA512
42814d319874b276d7946487505a593b385646cc85a2e86d3b5fb0dbee8bed3c7c612aad11e52fc5aa5a9ee5eac45111498b6d960db27a5809dae4f2ddbf91f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a5c039fe8212cdb3a1d57949c436d54

SHA1
a0ccf36650441d28391338966184a5f9a3152e3c

SHA256
9a7d4f87fbb70e97a0125a418d1edd5a77d888cf69e934dbd9796981e79c3503

SHA512
9c9877b33a9e12afa06412830faf6db3a2c1ff9ed6314e0ad03ddf94959d9402ed9ea17a8637e9bd5ed3acdd677a7e7596d4bb7ed9363b30d428ee9200c4c1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c2295b520a420c1cf4fcf053b6cca465

SHA1
8d5f5faa2c4702b27ecb5d69bb639484a5453e33

SHA256
20a59a8dc25b9b6e1835a5907e5f44f9b4087b80157cc9d861c5145f9e45f3c0

SHA512
a6e013010d158ad029cbd75b65a3cb451250296775cfa6aa3f6468824bf0c73ba1f5a1c987411101cdb86738296e80a81caac6e2b79e550f6e0446ca612fd772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
907f55121ac2814c5fd3aecbfa8615be

SHA1
c1c9dc8a824fde5046d8d3d4ccfd62f712a0169c

SHA256
7b157f2ff0833ce6bf411411e0d6e33470b65ce714f726ff1f22e152017d708d

SHA512
c311488bb9bbefd2e7c701dc4c98db86588e77a78a1b933694cc865d16c23d140ea9af43da9f1a4076f51fcc4f9635fa70d66140becddad1a4a9a0dcc60db7de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
74fa0a442c080fad835f02785a3d474b

SHA1
dbeedfa7012b47a8ef2a6a5b24819611d0fdd221

SHA256
ae3b4192cc63ed226cece8cd7c158f8d31e22169964b4640ba5bef2307491d8b

SHA512
d98cdbb4a9f7993dfe3f1ded7bad58b442203ea62fb981a233591266001f2da66fbcca3d57da05d7b746d7b7ba4de937886a3f5ae4b60900a0fb1d967d50cdc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
d3e9b003861379760f05f93c690668f2

SHA1
c2e6400b1d16d23f7c0459d0b65ba193e039a4d2

SHA256
716e995d3dc856064ef6186dc94b8ab27049974818218b50102971724bf6a576

SHA512
d8eded2e98ef14a66a34cab928e46c42a9810928d7a4265684f4483a2aee1ec18a430a26ab16524259efc60717f5b0c11e76d8436260976ed188f8c225ef7358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
c0feb9c340d87ca16d60fd1e10f5ab52

SHA1
dae3159588b33e8aeb2a35af926a6b842f5fed4b

SHA256
de1e8622ec8f36b6944731818e4a2ca3e08aa480dfe7e96387d23307f392645b

SHA512
7d54d53a34d3920e3da7fb43625b5fad78afe6bce3271c5aa7080688cdae18c951a07826085d668c770cd9e636b696602935fa3be1e47c278b11cd2db6019b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
3908d930bdcb95aa6cafdb5635112b90

SHA1
d5b844880bb2bebb0192703d33966a42b769a439

SHA256
18b6aeb863a75086f048d0e2393a8b77d20f075d11e17b29bbb7094be8b72d4b

SHA512
0b5d4287f4aa20ba905824d4a2542d1c1642b048a3cb4889a2c1ef20a3a244751062257cf47b37e1cd1458fefbce1c3b26daf59a848aa3ec7719febd56723742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
95e92a465d297509969874ddfc57cded

SHA1
f994997e79be8b7875adc1a9605fe52b6df29ffe

SHA256
fea8826958c8e770cede802520e688479e8fed2324f009b7697c4f200427349e

SHA512
9491a4ef074a945b9adde088e819f5ebd303f4fa6d52f05e96e343f145e97a35db4c9c7a9021fa34e990f6f5619cbb8be7f322d6d41b04bd5ba7644b83b4cb05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581c4d.TMP

Filesize
538B

MD5
b1a97c0b2ce6a1783697dd0a35fb1aaa

SHA1
d2e0d7370c26809b49fc9a05d9d0899e032e06b9

SHA256
767e29344403da52bbf81a11e66d16e866c8641fa58adcc6c7cda1313a990771

SHA512
3018e1eed2487a6f1ac4a781347cc22b09843c35a235cd5aab41b6755949a1e636e104bab99dc5537fb24397131a6c004f8f1a84dcf8d15e2e4777817828507c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cf903c3def6e8aa31b1c6fba4dac87af

SHA1
6c23039090e66750198380a3ff861c797b756afe

SHA256
5494492bbf1d7218e05f0bcc5f0c3678ef7bee527d941aa8a4ca644bc34c10ca

SHA512
089a9acee8b3f4c73da09be211a225aec663951e55f97a4d6c1dcdb3d63499b6f3ab23020a016ddebe54ab6ef5b18204500444a12f1fd853c0bde41dd91b334e

Download Submit