hxxp://cajabanrural[.]negocio[.]site/

Analysis

max time kernel
600s
max time network
594s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2023, 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cajabanrural.negocio.site/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1300	msedge.exe
1300	msedge.exe
4076	identity_helper.exe
4076	identity_helper.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	5068	svchost.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 2364	1300	msedge.exe	16
PID 1300 wrote to memory of 2364	1300	msedge.exe	16
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 3860	1300	msedge.exe	86
PID 1300 wrote to memory of 1768	1300	msedge.exe	84
PID 1300 wrote to memory of 1768	1300	msedge.exe	84
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85
PID 1300 wrote to memory of 3628	1300	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cajabanrural.negocio.site/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff940c246f8,0x7ff940c24708,0x7ff940c24718
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6632 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4050090196468158188,3719823432942408423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:1208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3752

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4748

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f30b8232b170bdbc7d9c741c82c4a73

SHA1
9abfca17624e13728bd7fa6547e7e26e0695d411

SHA256
0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

SHA512
587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
53KB

MD5
b68ea2388bb8ccfa4eeccb097dca1072

SHA1
bbf0ff38c944e3a5a67ff4fc9056bda8e1691383

SHA256
89fd3efcb4daec5886dec7882b044651ffc776977339a46db50e60bcb020cec3

SHA512
20357820db7589864bd23af7e88501a5325bfce3f032616ca6894ec0aa77dad849da4ea12fad5861605e51300d9ff038a4e0323a47d373d2a44ae55628909db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
64KB

MD5
12d9540efa0caa9e98b9fda8e856e566

SHA1
20803a2e5b6e1b0ca9bbe3a9f364bcf545c9d47c

SHA256
b4f118541577d748af5ac25fd9cf03f7e2dfdf7f144626a6d424a68cc40594b0

SHA512
ead041d8d788268af7bb431e63064fd6121b55bad074b8cdb472e7d0cc51f16f020f2e25a4f49bfbeef2d35a82a2e95a25296a1a66d68821c2e03c672cc6a49e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
48KB

MD5
680338741816aaa517ccd39d15b98b4f

SHA1
8f480d8c6311edd52f59fe68e1c2967ec280661e

SHA256
28d127a5f0bbcf3b2ea53ff6058736eb893c5a511fbf1d2b5caefdf4209b330a

SHA512
b26f50adcef2e81fc5291051e4267da6df7e4b272c5ec3ecd855d75d33fac87ab0a2066828978782baae0bb0a50b0df293d57be3dbe8c20e28763d81388d2e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
f323fa037a69077b3dd496a2c449d431

SHA1
10962444b1d87eeaaff85c051fe4d624702b3529

SHA256
860a2aeb078cd0f7473b87761523353fd87349e23d0931bc685f2a78e9d44bdc

SHA512
b0eabbeed4f497a18be7d0ccb12b53df529298517af355c4a713eacf66948754f6e5f9989fd357933a321f63a11668c07f380739e832711ec83e29f84878f167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
118102074b830bb0a4ca9465fb1badd2

SHA1
a95e6073c17b431e72770b8f54a9cd59e3b98cdc

SHA256
86d8f81b7ce50db19d29aca9d8ee76a55d4c38b1006861b973c1d933397df38c

SHA512
c4524cd00fbfeac4be897bce3b735db3f98439149fecd51d600a1d65776f2fe8983d6daa9121e3825cca807256fb0355405e60369c633f5ce80598876a7a41d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
74941045229f4a07c7a19a1c2f61269c

SHA1
a6b13411c254c8bfe6c4357fcd0c2c58700c63ec

SHA256
14dd354e1d783d8fd05594460c01e5293269657c1bb29d3d9bbe35c90e933553

SHA512
fdebda44dca1cb18bc9781e743621384cbacda7fac8c12b7f147679163623b105235a901a05996d61a0a69eeb24ebfac0b2bc7df40887097a7a2ca381e379f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eeb2ed80414160cab9bc1cfdad6993d5

SHA1
cf9b62d7239b0f90112cf87c5fb9a476cf55f35d

SHA256
a86fa640a38ad5b4883c0007b985c88e54d921f9f8d9d51f7da70bfe6ac69b8c

SHA512
1c72fd383482b772d0c9473a118dc5a5b9db4958a0e39a62a290154d6452bf58f0349383652af609f0fde113b8634fc1618b7d0c20831e18627870dabfaa12d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b706d0e6a6ac6cba0ec61ac34bf20273

SHA1
7c06be49d11584e9a9cec51a2f34a60835fbe555

SHA256
5b6b4729c89fed49b097a0ad07fbff8260b38c32522b1e6f0adca0de03cc41f4

SHA512
85a1c10512f4a89658df1c5b05a745480f8b7a4359137bbdf4e797b7b7a1e9a012fb3f7c6aa9d8504f0637d231932045cd87d11b95614582ff234dd49b55ae07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
41cfbccd60071b7cc68a46ac59be2584

SHA1
d7b00bca5f87b2ff737f9f47c21f7086dac0e8ae

SHA256
c9a4cecc46a63061c4beefd80e0488407b73efce981115cb844b73ac4eb40d05

SHA512
6d1ea4cceb044a27abdbcdeeb12d4243e8d50b706cfaff6dd7dcc3b4f74eccdbb7bbb598db7fadc88fd1311136a21f2bf9dbe331723d711253a10579d28b2a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b2ac0ed14d73b181f2f3ddd4cb658fa4

SHA1
dab3742f8b7a5b53994fda2f65b8247db49e8548

SHA256
15be7981bd5d7514480bcf88c15b4de5af981b2b2e8bcf1531120e64c8c95d79

SHA512
b81122b5793e4867776c4b7546b177a56203d5d32cfb536ec68703db97e42d5179f64e51c91875853cb934a3e94d4eeafe7cc3627eec7e1e9173ef62e676f71b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
305a72865767c9f35d8753bbf54aa49d

SHA1
c00ce564256605235543abc9c689fc323adaebc3

SHA256
359ac14f97491f9329ba02ded9f36ee804f900d78b665bdf59af1c7552f3a437

SHA512
3169f8baab03a47a1608d71aab8bd99571e5d98f0304958c036255ac1f0b7c7c93bc809bc18c35ce4cad7e2d1ba9669220aeeb348bc2eec51de37a2e58a74655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
121d97561bddbf3b9b7168211394c54e

SHA1
a6a018d5b8725af8421cb4dd414af340e2edda3c

SHA256
bebd5de65212270debbb1cbadc00374c9def46ef897a8eb3200a77cb55d9ba87

SHA512
d4ebae52ae98254d5fa24984ebd69332a92b14e72c26ef117f24cf3381ed436fff2fd2fef86976eca2060466ccb4c9d70abb427156c2b22d80737851d0e86dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
708963971757878905471c5ad2110b29

SHA1
678d7b08a8a42b5b7160b5739ba573273a904481

SHA256
1d952933dddb22532145138858c5d066049d79d835dff4b0da1c46c10c9c548f

SHA512
204f5179f5824336cb58e210ee401adf42f28a678e27ad10df089db7969fcef07eb5f87c51751c03bd90b8d2ef2e90411c6f9f44574149891ea66cf3df6d2da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
540349f98a1e1ce9ea1fc1d07653f1c0

SHA1
a8deed30cc563f80534346c6ae40f5757ff05f44

SHA256
28f9a124a7b604c9fd686b06df055e56aece6591ec038c8c751fd3acdffd230a

SHA512
d377f57eb6602155823b932d83e28b64fe67a91c07f11eb90400703e7321e61584c2e4603e55642dcd35e1b86c47b08c1a3de70841744ca5ec7f512c2410d8fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b8abe9b2d273da395ec7c5c0f376f32

SHA1
d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec

SHA256
3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99

SHA512
3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
0d4c2a3dacf427994baec86dbaf7465e

SHA1
4c2370531b246cdbbeb9d22615fe2dcf3d493a70

SHA256
110317a7bdbd0b4e15bb4ed3f85db8b5d8a1fd5c14f5e76e62da668a4e2673ec

SHA512
022b7b32247f8e6fe11cc0b73008c942118092e7772e9f6c05436f285062e8473f9dec302f51b3e2c65d3f5a8b528355ac11d078bdf776f6bcc7a975ec2523f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a7485.TMP

Filesize
706B

MD5
84b71a41f8f026c31fb876287c4cc7f1

SHA1
33536a6e4e1df93e10b88c42fee23ab61a3500c0

SHA256
92f51429d47f74ee4d6db1c4733659ae4a7f32fc13e3c3bbdea5e5246538ee36

SHA512
d075ddbdea1659c99c9fc8c76261cd238b54451c4b5ef75f4e46a70e314c90ca5393c29fa6eff701c6b428a2070c0628d6c5d1bf0316a744b5d1fe488d43cc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
93072fc961c8a5f45babf592ddc5a1ef

SHA1
bb5dd7eb21678a48512eac60e8bfc425abe58dcc

SHA256
a2b25c01b705a47f9ce8a4b8a33f2e96feee09f8b1c0f57a5019072cc30d9cde

SHA512
8a6e73fc3c9dee2a0361abf92534f84ca5054d924bffddd2de078d735912093e2c7173feb63efa12436fa672fefe367148172b5a5b880a90f9709c4b1fd6a91f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
57d74ba5c476d81a1f2a1243301ec776

SHA1
a6f18d1ac5b22395542a50360f7a243025a99f32

SHA256
b500116308bf88cb27b9fd7458d2e3f9f3545c81efc35cccb7ed1b3278158ff0

SHA512
c1e7bdb1abe6980c62111e4160bd3ea12af39e775eb4f648e61faee020c7d66609c384bf005f381cc4c6c62aff64b0001b12ed477998535ff7d6f3e8aaf04f50

Download Submit
memory/5068-479-0x000001169C840000-0x000001169C850000-memory.dmp

Filesize
64KB

Download
memory/5068-495-0x000001169C940000-0x000001169C950000-memory.dmp

Filesize
64KB

Download
memory/5068-511-0x00000116A4C80000-0x00000116A4C81000-memory.dmp

Filesize
4KB

Download
memory/5068-513-0x00000116A4CB0000-0x00000116A4CB1000-memory.dmp

Filesize
4KB

Download
memory/5068-514-0x00000116A4CB0000-0x00000116A4CB1000-memory.dmp

Filesize
4KB

Download
memory/5068-515-0x00000116A4DC0000-0x00000116A4DC1000-memory.dmp

Filesize
4KB

Download