hxxp://google[.]com

Analysis

max time kernel
170s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2023, 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
2860	msedge.exe
2860	msedge.exe
1328	identity_helper.exe
1328	identity_helper.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1172	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1172	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 348	2860	msedge.exe	83
PID 2860 wrote to memory of 348	2860	msedge.exe	83
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 2864	2860	msedge.exe	86
PID 2860 wrote to memory of 1692	2860	msedge.exe	87
PID 2860 wrote to memory of 1692	2860	msedge.exe	87
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88
PID 2860 wrote to memory of 1956	2860	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe561a46f8,0x7ffe561a4708,0x7ffe561a4718
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2992 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10622421887765721173,15557391373058467409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2432

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a4 0x3a8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
22KB

MD5
2d4aa43f30dddcbbbb4581eefd4ccf75

SHA1
891ddc7be5186cf75e25edf95b5bdb7b981beb15

SHA256
ae9d4e9c5b67dc34b457ab3f04971218d3ddbc671d9abed0204f7d3f0b0cadea

SHA512
83541410976b3ac1933dc626c9798a9199d9c6b1fcf7da54fe3c6c8b81159d5b09599c921d274d5daf21f0cdfd0deae401714ccc20dab58b9699b348443bea4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
81KB

MD5
ea3e737c0a8b38d09e50dcad67863d36

SHA1
b75ab68738a54ed0c10d319bf0942388737b30eb

SHA256
e126dc2600003f39ed1ffef9ecca698784bc6d275b56db4bf499161d95dab321

SHA512
07964d80ace08ef1ef6cd943249d3a03c24134b442f9bd4b6620ddeea2456822fbb36a188e07aeeb17d5c888e666ee9f426950927e3fce0c007e03926839851d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
87KB

MD5
4528650b24c78d421f5771c8423606d0

SHA1
6378f9d55856b6de36d4d1e30a99df2f5b75b824

SHA256
738ea1c31d93456a7fa7df8a4421ecbe563c2f121dac21e673f0f2f3624bae79

SHA512
3e7bd99ba0e6dc66202001a8f5fe975aa5b5ecb1f4fc936fb1841bde99a114f3b449f69db568e97fe8ed3843f9d4d4fcd537a026d00d12ca732b42f066c31a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
29KB

MD5
18387a599b38b207ab8f9f70a8f96a8d

SHA1
12cbaeac032df800482cb05e9c8d04ac16d4fe52

SHA256
691563a50d00253e2b5a23bcc6f06ba25598a68affbecfe518a0ec4c8937ef81

SHA512
94d06fb854e39d6794c4c557e1b02d01921f417983fe0287ce840e84ecc723f13edfda6783b43ea7a0d50c257216033c429536dd098736f9c2531d70bda5f4e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
62b7cacf4ec816ad2a5b3b374232144f

SHA1
e13be13ccc8fd5c87f5a19061dcd2126ff5d4ab4

SHA256
f2c6c194972b961c795d96f3627af4f1d92764f28afb6ec113a2d5d1dbbd64ac

SHA512
c65dd052ce408291490cd57135ea02e027c1277203ffb3d771c258e5e7e3a9f429906d05306778618617632bb21790431f4a65f0882a9d791e128dcafb155a81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
6b316fcf3b6b639cf982584c9d4661d3

SHA1
2171880a670f1e1207631dce5ad574f151b137ba

SHA256
5ecd663b4404568f0a7c11535ee567a8af5967422a38093fde1666d76a61cad0

SHA512
634f761014b203e318260dcfea50ca799cad4a0dc58c6973fb6a2a8452b21b0f48b3c2ad997dd2f38e1175706c658fc44cf5997983d8660710d1cf522fb99716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f62bc7033f5d19f7c04f21d5ea6844f6

SHA1
53be3d7424e57f7f8215942ce229ff81b4da8931

SHA256
5da13450dc911480ec7d333dbb9b816bcc6fe5e10a36390229f83941db3d2570

SHA512
ecf41b6e864b55f352c6d3cec520f2b99acb70687fd981a3d8871ecbd20573c2767b746f1650edfb3f215e942fb7dd36f6eeae0474d6f8e645623b21c9d0237d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f0d7c104f3042b3f49a3e44789f7825e

SHA1
c1cea137ce2798fe96e991db64c3232f855eddb7

SHA256
b7d0046bd3e6c34060d5f87cd7d5b186f4bbe5ac55292848216b823d8ec46887

SHA512
e9a5eed6c00ab8af5dad86bfbc23d54b069add1e5676cba2525213aca2a2ad35e7e33c7f1e708e728b86f16a2ee993be5801fd9bed5cfca8ce646eb254a7c595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
63804aa322d532cb2c51f1765ae0bae8

SHA1
210ab928f4c19b2506523469ad1d1189b1063c02

SHA256
2086f5e0a7f6e69ad7a4124107b9c9e540349247cb1253cd28990060402c8ccf

SHA512
feaeb064718074cb31f5ddb3fca972f0e93bced2efce41c931946260454bc9415bc65a66960ef6d82710b9269aad231a9ae17bfddd4708368fbc69133a10127a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3ca809def2cb0f2765dd3eed0d5779b9

SHA1
fc91c8783b4e44cfe3783143141503a01c7b03f3

SHA256
8e82ecae79294e80b076e7b62435202f25d268f9aae9e56a9415a8617c2ab0e0

SHA512
61ec38306c74d5fcdd8b27b85ca3143d74562742f75fb52f07543443888a7e78d421b0f9357888c593d7d83a478e0b75aed864f6060ab75b79b792540b2e24a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9a27b2799ddd3b637740d732954a901a

SHA1
295148da57ed9e776589ebef73efc9099f77e971

SHA256
8d3dd70d3b5e4847f4611fb017b4f5285ce9b2c8d9e25b0d028a9d608454c2a6

SHA512
33dfd78c01c40cd6ec3cbd49df0da356370caa763871aef4ffddb3d73374867ee6778ca296ce2d720e7ce9cdd381b7fed74052fbc676765a2f72806f0c43e0d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
225b60ce769f6c6561602167438cd432

SHA1
b51e5abc28f5e7b160b045d54f8f9e6fce7800fe

SHA256
7e347aa0588e9d318e97909cf0b1a3e2632b681ceb45cca1aa716bea816e5e24

SHA512
ce985df4d39c7ed44f6a457727f37b736c4c5a7ea825255a6dae0a737947018097b7839a2e4b43598cddf47879fd53c423b00d3349e792b1af18f28c5252115c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d7508d3c3e365fddfb86568b8ecf583d

SHA1
8f38d4b33d3bda9d40af98478847b0e5f3ecfcb7

SHA256
d1158f6195398fe618d95f634c0116cc3e611116ac3366dd85bbb33950f7cbc2

SHA512
dd5bea21757df65fb379d172cafc0d40cb3985262599d813c41b6c55171d35ff6495ef17921b2354ac30208e94c50a5384c582eecf0debf84280546186d08aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6fdb0e59d732e19fec5d49004b41b4f8

SHA1
e4d96599eaf3d3587b10e4be6c058233d36f000c

SHA256
650b7100fe069f6316c3a9f5fd4f2cf5bd326fde80cd01d3b3b7444a96e0396b

SHA512
074f6f5e8d15819e09bee82f6250a580441f9e84fcd47d8ca1fbdf2957f81bf2cce26b7b6415cdfca5ab508174cad396b78099a1ff8cb9879cedae10fbfa20f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84919938675793a13c77aa82e43c1509

SHA1
dbdf8185225812d6aeb2aa45de9e134222e13752

SHA256
f11c1cf0f3f147e5bde70be6d98929b2e635d096a40f9ae6f6be5b8bc0d1430b

SHA512
a6db7036f2af653694ae5ec1956b4ab882f07a02b616c3b63f2f1a4b0636849dffb3f3356474abfe0f00ace21da800b53812417a3b158cb3071bee3fd828afdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e4572c1a40b7e51966105c3d7ca2891

SHA1
d9300d5d5b19a0877370efeffdef159416b561ca

SHA256
63a5c4b63c151cad2a227ff961dce6c707b15b8042821549e35d0fc1153d815d

SHA512
9ae12e6f477e38c8cdd816152d14a60b41cb69ed426c1e5bbfc70a52ce8b4b931dc8be246f7de3f8e58b28eba2ff2c65dbec0977f8c0aa2aa7dcb7bd3d1abce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
275706f6c20de72bf3cd83ef535452e7

SHA1
247de0aaeaaf0b611a583ce51cc9c4d82e74839d

SHA256
af191d3db83cfaf78975a8412388a97add73bca9336eac4e88c03635111174be

SHA512
e68201aff303a332f812a6c76317812fc160b71cbf01baa828dfbd470c85f1ebc04ad1e9995e516a53dc56fbea170b979cd0be532461e1d370f211e5f3d2e56d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa13949e18f67e75ec0bb748dd0abc13

SHA1
9e5a404c8da6a65f7fdcb65ca9dcf03c3831173d

SHA256
1204c6358c4ecc325df81d2774af7dbb3d26598758adade6f14f19b0711d22db

SHA512
8681b57402b07aa4efd4f85df9ae39e9c68476c4691addfc8bb8c9c449dcf385406385439107d58ce022374aba6458d5771ffc01abd91647655c73378b300aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f2030d46bc0408c521e26a0701e74b9

SHA1
a2b34f01d2c09f750ca8567aeae4756344bfc067

SHA256
6e18f74bbbaffa45296e5c697213bc119cb4f4ec1048ca66b911f03c1d2c397a

SHA512
261f8d387becd73855afb92d7a432e3c823c8a18ffaa7528302a2dcbf2836c12c5b246cf830b5d15eac184f08aa93efe5982e1f6689f7895b8a995607d764808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa0f7d64ae94cf89fce945b8eb12662c

SHA1
6624114d02425781efdba014c11a9a340200e57a

SHA256
82f3b0268ae5a4103d60314956d930d05f64f1f2a4491151b6467aa00bc60ed6

SHA512
1cf2fc3a2f013e46ecaf4f56c5bc8ad9770c079418d2ec0f7cccf944b3cbe678f4c37130d899947faee2463dedcc02e2ff2a8a404e2bb433eef8dad3dcfc84db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
029ac0a351b2e8baf8ce0b9431b11abd

SHA1
5c689fa4799e823bd1e7acb45cfe1203d03436b9

SHA256
ccc13fc4c6a027379089b1182999c61ed5043297d16cde95f6095939866540ae

SHA512
074dfff5959dbae315589301368aae0f222ab3c78f276ad95e0c5f8eecf82df01facca74ceaeeac2fbd85910f025a5ff66de1b83298269a0b3b48e30fa203e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d22ee02eb0b20de759ff9c301bd5718a

SHA1
d37a499c25c66b7c2a256e31af79e02e5ff118f3

SHA256
2987b9942d51ade7fa457b07b80d2937bf1fe5f713b075b033b5249d8a4b0509

SHA512
c33ade5d4dbcd21e08736258e079c13a8714e1012e0d627894715f6964ebb0486061b7794a0f190bb62c8f58395e3b2747fb2cef3aa3627f90d77139ad6983b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7691f1167440a5ef5b97b6b817a14485

SHA1
0096cc5ebc1b9fd85a051b0f4d3c6997ac7c2a81

SHA256
3f650a3c1b4240947ae61d4fb677de781d55bcb04e22258e46465ebfe6917eb6

SHA512
c6a20beff86537dcd6c2ee8c1ad39eba0824ef714cdd34d325b9dc36fb48d908c04b4982487287e16baa0a2e4dabf180adf386d9a2db6f9ef69b6f32499b79c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
52d978a8a746de97b5890e342b5df2aa

SHA1
d1eaf6a23fd6aae6a804553f8cf453d17eeb3a46

SHA256
1a2ce364ccb07f7e0dc09d88acd19bab58a79731d0834b6a28bc6b9f0d7647c9

SHA512
6d816ae19d1e2e61674be36c3cc0669c82cb7eb20f704a90f2eccba46601872c11058e5dac15aeef07af1266aac63645da26be8da353c2948232d51f74273287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b66b06e1521489ac8e036bd992ca7de9

SHA1
fc4d952be6591ff89ffb2ae797327a52ee038672

SHA256
06e43cd0bacd46d3212a2c4f2f4c9e3fac2511000c4a19489ceeae529302ebe8

SHA512
ea2a0a18f44889d007c7ee7870d9eb977fe6ad026c7f685b5d4651ad9f9508028e41de2163540663713181830d7eff4438a411f257c8cd7512ed5f5617e19d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
285ef84998dd69b890aa59cea84b111f

SHA1
9b591e949a724fc10905b4cf3f1cb537ba587d9a

SHA256
be9f3340868c93e7e1152bfde592b2cfe8a1bbde021d8388d218529d56517344

SHA512
b6185247beed70ecea1ee27c352e1e9cbd4c3f68c79d910fb9a13892031634d64093490fc62bb93693bca0f3eb602f9199ae6c93c9368164efa1ab59e0047cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
839b5ca7e507a476c10a12ce57afb089

SHA1
4a700ae19de67fc3bf592ea5961d4a83b05b26c1

SHA256
5a91f6c5cbd2a08ee76596d9574d83a12e9fa8627c6c815475fb78d40baf3773

SHA512
e5cc819648c21abc8b84006297ee61d66d8a077768a78161232abe569af9faf2cb042823ec336d16314c63747ab14fe30fdeb5f4bd1a88b624a71bd12204bde8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
30b865001d52764a32d3b9f80462ee2b

SHA1
9309b8b2f404e7085987f6986abd14f86146c167

SHA256
e1dd0dc0ec0fcec3aaa7286857c089459da05bfd024b1348021513a563c6fa0b

SHA512
cdc400c63bf7b4e6395bd8ab1df54be92b0e95b2a93d38a8fa59be1e40b87511beb96c353493949650641255c4a0e8b0ccba04c4300d5ca908bea4a6020b8eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
78b978c9bd02eb1d69126278c2f74026

SHA1
8cb55a3096900aad187baabf8277e979e01cfe24

SHA256
6ad19bcc3f6bc1c41e6832c1ccb304bd3b2ca7e3017431383acbc894138ee3f7

SHA512
5e4fc071974395279436ee823e87d1ec15e86befe68c2879ba977c39d00902282be58c11411cdfc646949c2c60fcd013123c9c42a77a144d0af370b5b7e41c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58605b.TMP

Filesize
539B

MD5
494b24f11bdbf075851fd80de449d1c5

SHA1
26b29cbf80dca28e8740b66a59d30ad5ddb88525

SHA256
43d78ee58b21ef7213bade78053037584f915ad583929e1f5706638efdd795b1

SHA512
093840bf12d6696372e92f84872ed44d6435b74739400e65b5c6f3a6b23227bd03fa663a85da6b79e737b73b4b3cc63fc534067594759edd8de04b9b1607fc09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f1a48ee928c041acee1d4810b44befd6

SHA1
e925f50bb33e718412ce1d2cb34480bbadbc40cc

SHA256
4903b3abd53661fe661a7ce3d0ebc4ab9ba97e23a9c53ca82ca99a5c2ca6f286

SHA512
43990ac2faa392f972c9e6f8f820d249b919b5a205b7d292ea7a2121d32918bf62436675541f89b06dba0a8d9e01a6c357388983210b1df7f7f0b3a5fde98bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15c7e248cf16e979653a4f84408a6ec7

SHA1
1e31927e71ca04daf1715db6b529351a7fb2c8f3

SHA256
45f291b02a629dfff7debf5bd05f7833cced04239a7fbe47c155729cf7cbd2bc

SHA512
abfaba1932cc997bcfe7ff6d385f646b302f399c0300c258b7d52aa4478b60441f0f613164ab169d56ed1645115c03ff526bac62e903bdc79f1683262ce87cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e4de7306b62de97f4b1a1fcab7effd92

SHA1
119717a07057a19118bc5d9c8ae56b0f82030459

SHA256
4af8dfd320e508bac32ac03d49120156b2d6062d7e6e040fef20edca817db87a

SHA512
256a1f556b5c9580a37160d5caca5b853f1cc3fcdb1ba739e295f2d2b7293d9cbe92fd871f187048c9a9d62f3ff823109140dd739f9cab38a8da6761bdf29547

Download Submit