hxxps://getquickmanuals[.]com/manuals/lp2?utm_source=oh-gdn&utm_medium=143474134078&utm_campaign=12890981684&utm_term=manual-directory[.]com&utm_content=638343786160&gclid=EAIaIQobChMIxraN8Oj4ggMVepCmBB2fTAJdEAEYASAAEgJajPD_BwE

Resubmissions

05/12/2023, 19:02

231205-xp6y5aeh57 10

05/12/2023, 18:49

231205-xgvk5aeg48 8

Analysis

max time kernel
146s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2023, 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getquickmanuals.com/manuals/lp2?utm_source=oh-gdn&utm_medium=143474134078&utm_campaign=12890981684&utm_term=manual-directory.com&utm_content=638343786160&gclid=EAIaIQobChMIxraN8Oj4ggMVepCmBB2fTAJdEAEYASAAEgJajPD_BwE

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 950714.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
3968	msedge.exe
3968	msedge.exe
948	identity_helper.exe
948	identity_helper.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4368	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4368	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 2224	3968	msedge.exe	49
PID 3968 wrote to memory of 2224	3968	msedge.exe	49
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2784	3968	msedge.exe	92
PID 3968 wrote to memory of 2404	3968	msedge.exe	88
PID 3968 wrote to memory of 2404	3968	msedge.exe	88
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87
PID 3968 wrote to memory of 1448	3968	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getquickmanuals.com/manuals/lp2?utm_source=oh-gdn&utm_medium=143474134078&utm_campaign=12890981684&utm_term=manual-directory.com&utm_content=638343786160&gclid=EAIaIQobChMIxraN8Oj4ggMVepCmBB2fTAJdEAEYASAAEgJajPD_BwE
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab78446f8,0x7ffab7844708,0x7ffab7844718
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17661296322916322588,8862079004773493798,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3440 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c89e9212e22e92acc3d335fe9a44fe6

SHA1
c43c7e1b5fb58a40a01a6d8dd947c41a48e0b41f

SHA256
18c46c863404b31fcce434662806fa34daff0f9af0a9379d898f772b5c398b44

SHA512
c6961c171af63ddc7a72aaba4c9d910cc6a424794c416cd1ce51206f7c7f1100ca51c9e41d07d68489105dccded2294c1d761a8dc6be80d22c661014efd6a9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
96KB

MD5
dc131113894217b5031000575d9de002

SHA1
f96348260751ea78b1d23e9557db297290bdaf28

SHA256
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

SHA512
0aa4420c7b7dcc70238371f9d21d521d0673caf4c1883eeb2d3254c5a1dad941f4569f418350ffc61e93303466c504179b90ba0acf008250dc9c2c6ddf6f850b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
103KB

MD5
444a7284663a3bc886683eb81450b294

SHA1
1e94a0dfac8bab0947ea9b0b6fb663ebad5cceb5

SHA256
c63158babcb7902203ed73476ccf901db34825ea524d4a36a52b5e5f97e1abf7

SHA512
7be12803aab99ac90dcb4d56ebdb682612f8ecfaca95a2b60a9b5b06f461ed2222ccf757280e40cf1d4860e67bc35d5391ae5479d6b7282ea075f7ee56bf53d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
103KB

MD5
007ad31a53f4ab3f58ee74f2308482ce

SHA1
dfa9f8f3d79bf8a0001fe72eeadad0490cba59cc

SHA256
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5

SHA512
48aef263aca876ba4db5a596fbb8332524d6b440a8a516e1baa7899f2f1da0e1c44452d0380869ec455d27a6e0b931210b1fb669b36e36914ca27235f34e8558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
103KB

MD5
75db5319e7e87c587019a5df08d7272c

SHA1
92b30527304b5dc80f45e997e0b1ac4c70110a18

SHA256
1b498b959e5b7decbf9185803591d25bc1fbf83e798372ed30d32d5c79d82ff6

SHA512
4e556d80b52ddbadddf9287f6cdaef0d12113d0fa4a07728fd67767b97806eba5fa0f82711f71e76ee2875192d7618a9b6c277ceb6d69a30f76ca8e3ebb74aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
1024KB

MD5
ffafc44f73ff28fb2ee9e8e095e301da

SHA1
93a36c2e186476242ede10252633a9cef00a01a1

SHA256
afcd2faafabe10e822d1f94b44d0b8f0078b18932d90362bf5172b2521df6c6e

SHA512
86122de71996cbd47b3584a31ea150fe28055a00a7333b2a87bbd5c59e12ec66f36864384123ad49172f4f6bca1be2a39bc2b8a46ab800e42d150cb1942e4e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
21f226a45cfb8984e95b6a433ded5d35

SHA1
9e7186534c5fe8902932b3488e8284c68e95dc12

SHA256
d33ada7a38d2b9d6ad1cce233a666d79ef52b4d65989de054d21cebaa3e1f822

SHA512
b4026f625b04b1a32b1625b9d5da5ccc09c9beaaf6b0bf75af119c9ccde964e7edb0e905385fa12a683bd67696c0e6a415c1f23325bfa0a9d2977bfd8fb710a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d8738ea51a5f3ce51d9a24ba1b7fa82d

SHA1
ad67758a8fc5173cc5372149a379d9cbf3491ec2

SHA256
716e544a600d8630bad7cd5464daf408a1e293463ff0ad3054b128d0acd69bdb

SHA512
039fa69d1ee0536ff52ecb76202241cd6a560350e70b3f478357059d00dff34bf1a3b566d65d3055994d65799607c8f38c5557ea87e7d8e6eb82fd3747562042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
68b2691ad812a3b3d6cdae083179f5b4

SHA1
c959f58b54e322f9a6f8dd7275ee28edb43642e3

SHA256
1f50b5c2e11cb178fe311bc1a5b807db3da3f5f42335d26771f1d446c584e7fa

SHA512
7c08af15cc713c41827b7ccd4dc3e56f3e03d178257832748aa0b9df8f003bfc32be00f4023ae9d7557480d567a204529b2db5d74de866c64070873d42ee96e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ab6ce73ac2355f8f69835afd53456753

SHA1
4fc4af0f5922eb1e8ff6efc0e7bb580bbaa211e2

SHA256
9bb28166a3f0868f4c58c8acb3de8028107ea9bd7095b020007076475c97c877

SHA512
724e27a5bfa3928ae7ebc9763926c57cf92309ccc5cb709c51ad82410cb82b14d5b21c73fd60821fb058f9ba4451e0f4df9bfce0b7ad5290bdc13bb2ba95319b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
afb0e566cf19f521a55da4af955f8634

SHA1
44a80ad3c9750e41c4d4c5654b8d08231024cf00

SHA256
30cbf00db9f401afdb2679084cc8879ea05a33815a2f6cc4571926d31c35ed78

SHA512
a3bf5bd7ca54e62d015c9e6cb13db30b2190cbf515a81cdf5d1c7d2228ffba8b5fd3c99b1fa68424ba592cc62a9f6d814220a4f79929d23934f6b3e378f714ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3a27843d2cb2dbe269eb6b6355902e8f

SHA1
a8ba4dc87d170515286d027047c126d9bdad8db4

SHA256
4ddc4a03a160df7c8c7909ce66bd1f8e32ba2630bd2c6fa24bbb914cd1489e15

SHA512
1fbe1374f7f7f79b7b346c7c1bc1bf5402fe97af88340dfd556cc3826b257026914cd078b1734e897b88397db78e78ed858cf7ac2b8ac326fb8e263779143632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75c7d77b2a334cf67ea3011a546ca101

SHA1
511490726de447f009d43a779a8fc927f290b73d

SHA256
ac1516cf2cbb9e5d54ad7e89d1d7398b2aeb3b33c296ec5b189428f1eabfc790

SHA512
4216c4da847d2468a25676d0ce5ee42ebb109f4217e326bd5203410c5c2313a315facf95fedc83e2fc9d1bf3eb7db308f3957493663a360261474f12b6e1c3fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d7b2b29ef1d9a33e61e1167984c8ca3e

SHA1
9a0da1a3cf9003ecf6aba220a8a00ca34a7ebd34

SHA256
7d4bbec0e8bf4e62f352750240a0bc0f7844d58fea590bc6a9fc972c3b752dc2

SHA512
3cc40b7e35c0749e419b035a73768c8f76bace77ed44be6a59469a032b643da15162733e5aaa94064494b055858a24e4f79326a863f31f1c28eab44cec35cbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7fd4aa82d83c3884cf4ff0b59dda1627

SHA1
87b9847957c2c2324e1b2359dad8b8a2f88bd242

SHA256
e9c2eebbb692cab6149a8b2e50d0b5fe9837664663153a406136527d4a066f3c

SHA512
49d32a11e18c3fe75de7b45396d01ca831dc14689324f393af3a6252eeadfc17a01aca79b74677c3de547cd459c90f31cd97577dde1277c0bd28820c1e1184d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c1939182fc3720861e9f51504079a8e0

SHA1
0fdbb59fec5b7ada1666864078f7d63318cfe8a8

SHA256
eeadbb05d149d3941d6c9f7b1800393cef991e00afe835885ab3d5c9d91369a8

SHA512
3d17c20b7670c7c8b830ea8c342067b910a8aad8af018643a37222c09275ac747614f4ab6f02b354d590b377219fa62e8b8761ecfe3c7a619a805843ce1f128d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
393e48427530c5a8072502921b2b6818

SHA1
1d441abac6d3a2899dc61de0f85578698df48740

SHA256
ea357167373c6e1262c4e7ed01df632f3ef833cd137e3035485fd6bd9567be71

SHA512
878c21e5eb251ead4a0e80d81a6696de78361fc31a190c75e8712f4d692d9777ed69225cf40efe83703abe15d9d58c82c96d90628830316702464031468fd479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584acf.TMP

Filesize
1KB

MD5
88940d8094e6798effb809b74ee2bd06

SHA1
9f09eed5171994dd55dd0d12c1a59b965df1be6d

SHA256
a32a2173b3cb79d2b7e3587c4396c966873e9416bc01a7727dc0555ac24fb512

SHA512
62aa6b784504698f096af853f9b415934ea22536f0ebe753a38280d6b074d568a7fce237d2098a15874152c02f46eb9da0b6bbb11268b0862b9a5ae1ea234df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dda0d158-ae87-4413-8d9f-75c64ea405e0.tmp

Filesize
6KB

MD5
a7132f8a5e7fd957abb6436c93b2f99c

SHA1
b3456bf73b6467a55fc417c582a0e6836c322929

SHA256
3d0fc182f80a6ea27cc3b429bf8b53fdce726005f334f4cf7fc1d2f5cc173984

SHA512
aa5231e4d3c9d554e201cd1dc64def419d192375fe41fd8206ee2cb5e623c2379444db7ad367f54c6660469cf37fef37b018db713493a893950382615b38a9d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5f2b3475fa1a3b8a1543791e76ac7240

SHA1
53a19577a386d2ffdbf9012fded520de9f33a230

SHA256
762a3879d43d6a8ae943fc0b951ecf15416f38bc405ec1c6fc34759fba30bb4a

SHA512
7244351d4ed48a0029712c360759449d71a052a0b6895efce6f18c406c1c12a910fbe08dc51b0ed0169a652a89b522cbd77a6bd2fcd4c0fe5afe3ca0fa0f903d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8a1aae6a6169d3c7a2405e6c8be6edf2

SHA1
54f9f1a7db97af19323f14766cab67f9e0f9f5c7

SHA256
1d080a6492b747b133e83e8bf0e8135d9fd5089987a0ae52da662f216977cd81

SHA512
31609a6bdd47a4abd9a033feea6b036d2cd72ca9f420ff3726fcc7571085c964e262c58076feee835c448182008f605e552b02acb92f54acabfc4f4fa1b0217b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
288c97211c1e1ebc32df4186645acc41

SHA1
c43eebc7f116439e4512c714d9e5674042bcbda3

SHA256
14d4f4990fc29255e5b8909c792cf53839c80f3fa9b463e9c8e3d8a3dbf0742a

SHA512
25478ac2b5c39ebbc50a995c2d39cdc9b4cb0e0feca2bc0df7744fe079a0a7cdec08ee68555b82c0c739c31875a09fd503c4181de2f4d691687d7fd4a19bf7a3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 950714.crdownload

Filesize
3.1MB

MD5
ba8d05dd65d28b7bfef589b6345db3bb

SHA1
21e5cc4f99d0b288a218d2ca4309124f948f1b3f

SHA256
265a5261f1779ce1ec5c292f62094f82cf35f462c7c82a1042b21e8f92cf43c8

SHA512
519fe91b423ce6b560b06e930141caa95133173082511da1a3533c4a725a6c5a2f9415b1c6633685edcb4bf21727761746994d7f63df63bfaa0a46a88cf5c89d

Download Submit