hxxps://protect[.]docusign[.]net/report-abuse?e=AUtomjpFak9GlbPL0zFFi138T-84JY_r-UMPAci4yD0fu2t6ggagnDZchlE-S5r_NS7m5JATn7HIxJk04dDAAxMnOd_Z4xk7WwUD44hreVuBjRCphOzgkPWsleavz-3tMBFjf7H-wS3J_C8SjUJRpU4JK_-ueCYutO6tL-zmeNVsEL98tdtWMH9yruFAYkmHSkTCWopNHnaUj3eYU_XSOTUSUZNqz2MuddE_LlB6ztEP1nDnVAg7BmdeRJgutn-DCaXI23L56OT6AFZmJ7oIzpQjrrDpEmS73M6KGsKmlkL6hbrI9nDuhq_UZjLFtegTdTpI_QmgNr1DB69n2FVDaKEhl_zvR9gEP1fs5wp0IahJfRS-47NT2QxWF-eYBt_L9Y_0FYTLceZlEQYSpml-xJMISir7KNzRnPbyPv5c2GyPNxwxiA7KcnNl-uA476jjOT4LOgObYxMcLBPbYCqBcMw&lang=en

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 20:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://protect.docusign.net/report-abuse?e=AUtomjpFak9GlbPL0zFFi138T-84JY_r-UMPAci4yD0fu2t6ggagnDZchlE-S5r_NS7m5JATn7HIxJk04dDAAxMnOd_Z4xk7WwUD44hreVuBjRCphOzgkPWsleavz-3tMBFjf7H-wS3J_C8SjUJRpU4JK_-ueCYutO6tL-zmeNVsEL98tdtWMH9yruFAYkmHSkTCWopNHnaUj3eYU_XSOTUSUZNqz2MuddE_LlB6ztEP1nDnVAg7BmdeRJgutn-DCaXI23L56OT6AFZmJ7oIzpQjrrDpEmS73M6KGsKmlkL6hbrI9nDuhq_UZjLFtegTdTpI_QmgNr1DB69n2FVDaKEhl_zvR9gEP1fs5wp0IahJfRS-47NT2QxWF-eYBt_L9Y_0FYTLceZlEQYSpml-xJMISir7KNzRnPbyPv5c2GyPNxwxiA7KcnNl-uA476jjOT4LOgObYxMcLBPbYCqBcMw&lang=en

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
1724	msedge.exe
1724	msedge.exe
2112	identity_helper.exe
2112	identity_helper.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5380	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5380	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 60	1724	msedge.exe	40
PID 1724 wrote to memory of 60	1724	msedge.exe	40
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4204	1724	msedge.exe	90
PID 1724 wrote to memory of 4804	1724	msedge.exe	89
PID 1724 wrote to memory of 4804	1724	msedge.exe	89
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91
PID 1724 wrote to memory of 1664	1724	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://protect.docusign.net/report-abuse?e=AUtomjpFak9GlbPL0zFFi138T-84JY_r-UMPAci4yD0fu2t6ggagnDZchlE-S5r_NS7m5JATn7HIxJk04dDAAxMnOd_Z4xk7WwUD44hreVuBjRCphOzgkPWsleavz-3tMBFjf7H-wS3J_C8SjUJRpU4JK_-ueCYutO6tL-zmeNVsEL98tdtWMH9yruFAYkmHSkTCWopNHnaUj3eYU_XSOTUSUZNqz2MuddE_LlB6ztEP1nDnVAg7BmdeRJgutn-DCaXI23L56OT6AFZmJ7oIzpQjrrDpEmS73M6KGsKmlkL6hbrI9nDuhq_UZjLFtegTdTpI_QmgNr1DB69n2FVDaKEhl_zvR9gEP1fs5wp0IahJfRS-47NT2QxWF-eYBt_L9Y_0FYTLceZlEQYSpml-xJMISir7KNzRnPbyPv5c2GyPNxwxiA7KcnNl-uA476jjOT4LOgObYxMcLBPbYCqBcMw&lang=en
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd91f846f8,0x7ffd91f84708,0x7ffd91f84718
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3344 /prefetch:8
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14988806171039135346,210481493546669007,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x514
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
22KB

MD5
fef359322953d52f156b2e48944427af

SHA1
a7dd3838ae9db9f201310e7d48aa65739e6c50b9

SHA256
972d41084869ae469ad679aa2f8869c11006eb8241345d50990f22fd39fb9189

SHA512
8f4225ca994246f4e2b4e19d928fe812326bcb8de2e49489c1e430dec50325b1d087a64794b8775d87467ddcec0129d1503892eec8b72e45ebec659291c25219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
19KB

MD5
849e4a5ab9b01b5b824997123eb04fa8

SHA1
73cf71899ca06913180f26abb32894aaa162098f

SHA256
d55114e78e03820753e65f6bffaa455a0f7fc1086fc9659b12bfd3f91252665b

SHA512
ce6dc3f9de154eb0f1a010ca1a077f6577072ac35f67a9bea2ba09e78e8ea14bc4d1a05c2bc6f35b7bb89f2f6a0423903418d619277195d112a10962c267dbbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
27KB

MD5
cf5355e7a5a143446c7ac8c76fdf833a

SHA1
360fa5d86e0cf4fda98491a0009bb83ad406e5d4

SHA256
db844a7273b8f9bd9f0dbf1eeabd97efa1bd6f3edc2b91762991375918478729

SHA512
ff85c496c067271a2ef43f7090146c5afe7ca4943045cbb379f767c186c2db3f3a960f9881fd9f292235d9ab05b0c22fafdc8340e8e39ea4a05789a6b6582e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
18KB

MD5
76f02e4ab361dfe6808e3e3eaddb3e17

SHA1
f6469603e8d8127d366d12d7ae1af8db3f97aa0d

SHA256
a87e930c4e566d4bdc36ac91239637ddf29a5b0a4afd51c074bff2da40eb11fc

SHA512
3683ec2b1a85f11ca5070a3c4389b86ba6c47dc0e5bc604b9d26e858e88d646c44debbcb09d4c010645faf7b1a47675262a4fe7f9b7f72e55f24b097a17820e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
33KB

MD5
b0c2515f1c746e66294cf7b42be33c71

SHA1
aefecf7150228f17cf7d6e742dc62ee8caaa8275

SHA256
6fe04eb09faa839b70ebe65329e517208993a0d704df4ec5d6f0389f0f17bfba

SHA512
7d5ff959d566a5f5af21e23541db48214358e70ea393621849c3b130455e544799a5aa2dbc65e8ff257e862423bfcd6e7b39c9cb1aaadd08d4650887270669ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
25KB

MD5
942f671866fa5302d5232eefab89a4c0

SHA1
386a5cf66f00f2d11f88943c861e1c90a3573cc2

SHA256
faaaaef9ee1505a1d92533daabb77dbbd0e6c35607ffefb281d278424d5bb260

SHA512
db71fa1bb18b64c53e09dbc2854a74547e1a901cdfe97881e667cafc3e4eea908da4d9fef7f427df8c5a6fe144956f1a37fe2c0e3ca442e995a49bcb929f2665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
23KB

MD5
57b43363fee0226390f5ab496acd2dc1

SHA1
668ea6003cbe42176fa916850aa38b12dcebe658

SHA256
43988132572d91dfd33db82bc4c0c4b76d6ff88f13d2ea77e3cd9406dc9df9e6

SHA512
c1473e8ce1d0a489eab1b01dd505562c992e68008fb8c4c079bc25b24604f15083dc632bb8588038c2ce1656e665b034958193b92af9fb23061cc006a184f4cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d7692e0009c493b4a5e93325b5168056

SHA1
d97400a4ec788bda5cc06f97b7dc6d1bc0d8ff9d

SHA256
d759ad2e37fd5c8d91b38efec9bf5f6f46fd69d70e212aa42e2b95054ed3af8c

SHA512
0bd69efca00699e0a715ca85be0489d3ec3ac723e6b9dc0babdd8c3947425b2cbf2a8f7c6ee0b1827263f826edbc0e4653fe3b5ae2e7cd72ef7ebed50559708b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4bcbc929202d2665666fea73ba0ed52d

SHA1
97278335024df0ec1a3becad98ae2841d78baf6d

SHA256
776af5a82f91f951dd0256d590d97f384079e4b44bff4fc537194da13f0ba953

SHA512
5593c028898dec6bb69549570634753bdb90d5c65becd8f8ff26dbd46703c3b0e24086fc426b112011928ca44c86a09a99adbe6871b2ac9bd14a502fb5ca5c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a04e00349e555fdb86d22672fa53d781

SHA1
6b9bf8e25b402b871b99db0910a8cd90596ab2e7

SHA256
e902cacae5ee25f468f7a785689e002faa3bbbc0768eb2d4490bacba1c5af8c9

SHA512
7d03f3fd87c3c54edcccd3aa97206caaeee2fcffb710a47e2799fa4f0680f06fa167d4ee4986ca36cd667f335ada95eeff2e733e1d569ad97cd415c4d11a68f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f6c93398372817e7bfecad561e0dcf67

SHA1
6dc87ccad4788b139b5c6ff841b36b40fb690ff1

SHA256
64b42104129123a7d3a9349495ec3a1dc3f3004ad4c8ff90af806108e8102683

SHA512
8c26ddb97ee58e148fa8a3bd31de3721fc5301244a4d5acb707953f86cefdb106a731cbcef636103148fdebc7447d7075c6afb723d7af09e1028926203ecf291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4aefa2be94b122bb5823712a00ecd942

SHA1
ce97081bec36ef27e3094f74d453f34ebd0678cb

SHA256
eb195419cc84ab996075d77d6b734fe3a53909a37e9162812092a9f4f7478917

SHA512
7f347938a6999723efd4052671bbee9db8c52ad278834d90978266e2cc5c31d162060021bcd54d32fbb21aa871dd711680e7cf2e98ede081c9e1d2fe4672e13f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6db2d2ceb22a030bd1caa72b32cfbf98

SHA1
fe50f35e60f88624a28b93b8a76be1377957618b

SHA256
7b22b0b16088ab7f7d6f938d7cfe9ae807856662ce3a63e7de6c8107186853e4

SHA512
d5a67a394003f559c98e1a1e9e31c2d473d04cc075b08bb0aab115ce42744da536895df2cec73fa54fc36f38d38e4906680cfacfbf4698ee925f1609fbb07912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a47b7a5cf0e80580133bf8ecf3034a07

SHA1
7d3ab22c1d607d49c63a079b48535c9acfedb167

SHA256
010e0c8b21dca54a8d7eba0f2d51c91fdeae29a00e206d16ee3b4a724956ad8c

SHA512
635c4c8b100c53d4e74abefb3de58bb3e224fa8fcb035462729aef50090d3aaae48a440afdcf8a97ebec3ab20fb4238d7fcf696d06fed488bfa53d7a0046979b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
777a8ce99701a72910aa72856abf7491

SHA1
ada6a5c28ef71d2833d7cfca659f26062853abaa

SHA256
dde2c965400e9a3e3beede3ff9a0596a89a7bb79667403cbd2ebce24ee7b5693

SHA512
47755e2d138797140dead45463c2dd9815b2c748bad4e54b3b528d0ff9e5572da84995461f996f500f0784f5e74d386ef41fb567b778dea26ce55321a1ddd973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b064.TMP

Filesize
1KB

MD5
8568bc5eaf44b98a891f577933dd0720

SHA1
f9f7f249d38eff4324953c87488f0a278b61aa8d

SHA256
0f4ee8f139d83ea6a0e947f7669d976655afea973de8dc7579c549cec3ce8c25

SHA512
dc06efee6e54279740f987de9a7c382dd159a01e9e130aa315bbbe62b4092a3cbfe90354f0e385e70ce66085a7433db41959176b8e620836e56e3964e612af7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b3f181ebcfff2012b9559ab67c68e109

SHA1
bf0cc1d2360d1ca0e7b5fcdfdb89213fd42e22b2

SHA256
8481d0451d4434b12a84c5369790b1a2d8a1904dc3cf9831f501a32581b69ae5

SHA512
8d507ea0bc2ae1204c43a0ca774c763cb2a34b42465a9339243d031d74fce7a383669d2d2735fe09794321597b06ec2338a03542f88e5c32b48e43864d21c3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b98d2556ed8e805321cfe7656aca5249

SHA1
969157a0ce83a57ab0fd8c869ca061895e372ab6

SHA256
6cf47dd089ebbcd1c90ed896f8f31da3a9035b3c378504ccae7c9c4c517e15c4

SHA512
03e52327c2a7b5beb133075ead5aa3ef9a5e668ba43bc6e12d81d4b2ce4b112aa172c88eda00767039e80a1a0b2239b22b2030a4b1fab8cb4e78fdf5140c6f3b

Download Submit