Resubmissions

14-02-2024 17:05

240214-vl6g3sgc5t 10

14-02-2024 17:05

240214-vlyr8shb93 1

14-02-2024 17:00

240214-vh4jbagb5w 8

14-02-2024 16:55

240214-vfga1aga7x 10

14-02-2024 16:52

240214-vdlgyagh93 1

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-02-2024 16:52

General

  • Target

    https://malc0de.com/database/

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://malc0de.com/database/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4912
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecde346f8,0x7ffecde34708,0x7ffecde34718
      2⤵
        PID:3572
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2924
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
        2⤵
          PID:3400
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
          2⤵
            PID:4844
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
            2⤵
              PID:1764
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
              2⤵
                PID:3152
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
                2⤵
                  PID:1184
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
                  2⤵
                    PID:4476
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1464
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
                    2⤵
                      PID:3900
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                      2⤵
                        PID:760
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
                        2⤵
                          PID:1360
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
                          2⤵
                            PID:2884
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
                            2⤵
                              PID:2244
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
                              2⤵
                                PID:2060
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
                                2⤵
                                  PID:4820
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4976 /prefetch:8
                                  2⤵
                                  • Modifies registry class
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:224
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5896 /prefetch:8
                                  2⤵
                                    PID:2868
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
                                    2⤵
                                      PID:4496
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
                                      2⤵
                                        PID:2736
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
                                        2⤵
                                          PID:1316
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
                                          2⤵
                                            PID:3900
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
                                            2⤵
                                              PID:3864
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
                                              2⤵
                                                PID:3376
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
                                                2⤵
                                                  PID:4796
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                                                  2⤵
                                                    PID:2388
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 /prefetch:2
                                                    2⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:4856
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
                                                    2⤵
                                                      PID:5096
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
                                                      2⤵
                                                        PID:428
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
                                                        2⤵
                                                          PID:3168
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
                                                          2⤵
                                                            PID:1176
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
                                                            2⤵
                                                              PID:4324
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
                                                              2⤵
                                                                PID:4004
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
                                                                2⤵
                                                                  PID:4196
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:3948
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:4380
                                                                  • C:\Windows\system32\AUDIODG.EXE
                                                                    C:\Windows\system32\AUDIODG.EXE 0x338 0x4f8
                                                                    1⤵
                                                                      PID:4440

                                                                    Network

                                                                    MITRE ATT&CK Enterprise v15

                                                                    Replay Monitor

                                                                    Loading Replay Monitor...

                                                                    Downloads

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                      Filesize

                                                                      152B

                                                                      MD5

                                                                      f246cc2c0e84109806d24fcf52bd0672

                                                                      SHA1

                                                                      8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

                                                                      SHA256

                                                                      0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

                                                                      SHA512

                                                                      dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\77d2f02c-2abc-4a18-a00e-9a5aa8b7a6db.tmp

                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      f2b5b7f191f9973ddf3ee746cdbeec4d

                                                                      SHA1

                                                                      fc936c27910a74e1eb0863999e69d0e698529cc2

                                                                      SHA256

                                                                      0db43896c504afc5d8177037bc35c694d4aaadfe42649e2ee38cd0a52521493e

                                                                      SHA512

                                                                      e472a78d39dd9b4d11543b900b9c49e90463fe93339807aae1ad6099de875603ba0efe0b153efb8d38228f6b0e46d3d9c4572d4249e9ffdc171bf014e4933472

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                                      Filesize

                                                                      64KB

                                                                      MD5

                                                                      d6b36c7d4b06f140f860ddc91a4c659c

                                                                      SHA1

                                                                      ccf16571637b8d3e4c9423688c5bd06167bfb9e9

                                                                      SHA256

                                                                      34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

                                                                      SHA512

                                                                      2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

                                                                      Filesize

                                                                      69KB

                                                                      MD5

                                                                      a127a49f49671771565e01d883a5e4fa

                                                                      SHA1

                                                                      09ec098e238b34c09406628c6bee1b81472fc003

                                                                      SHA256

                                                                      3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

                                                                      SHA512

                                                                      61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                                                      Filesize

                                                                      28KB

                                                                      MD5

                                                                      e969e99f960c2a9c52616ed38a74af82

                                                                      SHA1

                                                                      0dbda7fb75e89704519d6af653cedcb760ad78a4

                                                                      SHA256

                                                                      c02e3222ba87462777803058a8bce8a643342db13fbd74f242cd320ef9921d5c

                                                                      SHA512

                                                                      8414ba71d1eeba0fcaa37225b321910ad6c7a3930b16ae4ec286a8ad9c4ad93437e6bcc50ec6cfdad6fcaffbb32f2e4c61bbc9ec9053749c91a2d90e3860feb3

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                                                      Filesize

                                                                      63KB

                                                                      MD5

                                                                      710d7637cc7e21b62fd3efe6aba1fd27

                                                                      SHA1

                                                                      8645d6b137064c7b38e10c736724e17787db6cf3

                                                                      SHA256

                                                                      c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

                                                                      SHA512

                                                                      19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                                                                      Filesize

                                                                      19KB

                                                                      MD5

                                                                      2e86a72f4e82614cd4842950d2e0a716

                                                                      SHA1

                                                                      d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                      SHA256

                                                                      c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                      SHA512

                                                                      7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                                                                      Filesize

                                                                      88KB

                                                                      MD5

                                                                      b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                                      SHA1

                                                                      386ba241790252df01a6a028b3238de2f995a559

                                                                      SHA256

                                                                      b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                                      SHA512

                                                                      546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

                                                                      Filesize

                                                                      1.1MB

                                                                      MD5

                                                                      07917e07d6e233b89f4d254dd612aa8d

                                                                      SHA1

                                                                      1a4d73470c380be3f01eef133bdb4df32facae85

                                                                      SHA256

                                                                      9d4c742ace35aaf98b2824219398d0f433ffdd8eb3337892474f08828ddc4b7f

                                                                      SHA512

                                                                      79dc109b9d39e4dc89058080498aa80334ec5c3340dbd556d8a39a30c779dcae2cf405106999c2a5b7883126996dd1c72d94479eb52aaad7e69a9e98c2461c9b

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

                                                                      Filesize

                                                                      32KB

                                                                      MD5

                                                                      bbc7e5859c0d0757b3b1b15e1b11929d

                                                                      SHA1

                                                                      59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

                                                                      SHA256

                                                                      851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

                                                                      SHA512

                                                                      f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

                                                                      Filesize

                                                                      75KB

                                                                      MD5

                                                                      cf989be758e8dab43e0a5bc0798c71e0

                                                                      SHA1

                                                                      97537516ffd3621ffdd0219ede2a0771a9d1e01d

                                                                      SHA256

                                                                      beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

                                                                      SHA512

                                                                      f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

                                                                      Filesize

                                                                      40KB

                                                                      MD5

                                                                      3051c1e179d84292d3f84a1a0a112c80

                                                                      SHA1

                                                                      c11a63236373abfe574f2935a0e7024688b71ccb

                                                                      SHA256

                                                                      992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

                                                                      SHA512

                                                                      df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

                                                                      Filesize

                                                                      53KB

                                                                      MD5

                                                                      68f0a51fa86985999964ee43de12cdd5

                                                                      SHA1

                                                                      bbfc7666be00c560b7394fa0b82b864237a99d8c

                                                                      SHA256

                                                                      f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

                                                                      SHA512

                                                                      3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

                                                                      Filesize

                                                                      194KB

                                                                      MD5

                                                                      36104d04a9994182ba78be74c7ac3b0e

                                                                      SHA1

                                                                      0c049d44cd22468abb1d0711ec844e68297a7b3d

                                                                      SHA256

                                                                      ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

                                                                      SHA512

                                                                      8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      2e11a8efd57ecd1ea20212ad7fe36054

                                                                      SHA1

                                                                      04966761afe7b54fdda5bacdbfa37ef0100dff78

                                                                      SHA256

                                                                      e4403902bb03010f7a0348abb70bd0ca503e640880d23b2c29b7cf65b4ee945c

                                                                      SHA512

                                                                      8bdae1d0f72486d547b465bd23b0cdb782d252d87b6d6b99b8a51483f850590acc1f9e928b4157729ae4078a29f658c68d14334fcc1cc361407e238701dbb1f9

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                      Filesize

                                                                      706B

                                                                      MD5

                                                                      887a8bd09ac79136facdada0da5f0bad

                                                                      SHA1

                                                                      5697aec1747c5f087c08a57983c7e8542458a906

                                                                      SHA256

                                                                      490fa1db75ef956c6196aab5c9fe61a2bc2dba1695f77a4e52f8ab687238a9e6

                                                                      SHA512

                                                                      2254c98e6fe9dbdebb6033b8f1550ab26403d3c709a04a0a744f5793f5d2fd56ae5e4efd905a02a47436fee7ba500238c61798e0b438a1bc66849bffaf2389d1

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                      Filesize

                                                                      111B

                                                                      MD5

                                                                      285252a2f6327d41eab203dc2f402c67

                                                                      SHA1

                                                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                      SHA256

                                                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                      SHA512

                                                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      109994593cbc3eb61eb07217d3b3efc5

                                                                      SHA1

                                                                      e2b4872906a4109cfe9d5b3f7e28f888dff51688

                                                                      SHA256

                                                                      7fe44b3266896b30b301cfc8e740a128b86f69d7d26f166db9c23757f26a9c98

                                                                      SHA512

                                                                      1b5a74a1cfd2671bbcffa45eaf785ec08f5402e0db6602d98146d4225cc1967f4e6d7879a15e76b2123a81255b6e95c695cbc947971c2268a2fb75ee97e743f7

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                      Filesize

                                                                      7KB

                                                                      MD5

                                                                      ed226b7e4e4306b2f1fa6c589675b2c9

                                                                      SHA1

                                                                      75424523192242778ac6685d160981d64325bd6a

                                                                      SHA256

                                                                      f3200b016e41323053eee494b7d497cfe61b6ca77b8774a3357c962cc2bf122a

                                                                      SHA512

                                                                      170b76719ad52149e901d149f76b586493673b106d8315157c8a61d95b77f27628c437101220d2e02b1628daa80d69b7f4444528f930e8d4fc20d159bdea39f8

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      0548fa2abf33a3611470deaeaee05f86

                                                                      SHA1

                                                                      39bf1210baeb10b0672eeda306352b0bad2b1e02

                                                                      SHA256

                                                                      a7cf8a9f42a51558cc44db51ecd80ec547714808b5db9a2165a753e295c7c1e5

                                                                      SHA512

                                                                      cd78b28f9f22602d49bc82c4bbf46a9c0dc817de81f806075a717ec5ea92f7c1e0388d44b257cb87d871e62addddf6fabceab7db7299ad7c8b3bc8f87f4ec396

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                      Filesize

                                                                      5KB

                                                                      MD5

                                                                      2bca775ead12f3e76e586245c34c83f2

                                                                      SHA1

                                                                      a6b10a7e0b5db955bde4a93e07917e2b6d4ab0e7

                                                                      SHA256

                                                                      78a7087e9a3f43949cd001a250059d34cf63a7ebeba861732f0cb1e14d0919bb

                                                                      SHA512

                                                                      d398b4496cab1c821b0507ec330e7c17fe8af1cecdb7ff39a7cf91fa166aac5b7179792edd60730b2be11d0a860fb9c9fc2b5b84ccf2aab8b26c95345ba38433

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      0af634a99ea22405641d53592d249b1a

                                                                      SHA1

                                                                      f06d6c7d0112d09eee5e00ec250971d48f2e3523

                                                                      SHA256

                                                                      8d6c2078032ad3f233d856d81d081160f995d9946d8585501bf41d89774d75ec

                                                                      SHA512

                                                                      d0ac40a0afe45fc84b33e81046ecaed3b791c61427bf2d4576aac19c2bd31ce1d1fbc741cf807fb1cc8e6303ef1c0efb79e76c8863a7c24f0e62947a44d94363

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      cb35892ac5e2c13db667e9f168f90fa7

                                                                      SHA1

                                                                      bca9c58aaaba9ae26d505dec61240c0dcfbc45d7

                                                                      SHA256

                                                                      2d165693a01857b9ed8487d675bfa7860eba139996bfc98a931582085e984883

                                                                      SHA512

                                                                      8a5a618ae679f02cba69d094012232c08c3f669c61ded4663c0c884e1a7f82c716dab563051c86839a3f01918301090932a0b88c2c51bc1b703e3e8f6d6fd415

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                      Filesize

                                                                      11KB

                                                                      MD5

                                                                      94a71f4701f98c4c03796abd7e9d97ab

                                                                      SHA1

                                                                      57b4e6ae31828c5a8779932d83d5cb1f52917f46

                                                                      SHA256

                                                                      99f5083a5ba7dd9ff60f61186d92aa7c04bec006767c204fc9029a2fe451bbdd

                                                                      SHA512

                                                                      f984b0ab1b8b725bb0c7780da5010b2d6cfcd4bb0c68eaef40e8b7786c7e7d21f9d3b84c4c5f484dcc306fd73ea040c19da6b840ccf750d701f1bc519eebc110

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                      Filesize

                                                                      24KB

                                                                      MD5

                                                                      5e62a6848f50c5ca5f19380c1ea38156

                                                                      SHA1

                                                                      1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

                                                                      SHA256

                                                                      23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

                                                                      SHA512

                                                                      ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                      Filesize

                                                                      96B

                                                                      MD5

                                                                      fd3db314765400700cad8ef5f99b4c68

                                                                      SHA1

                                                                      053056b9e3cb11d11a267d1473a35b0a2a3712a6

                                                                      SHA256

                                                                      359a3e57d52dbf50aa5ca32a43e76fa14c7ab42f4884b4b431137ebc6f9f71ab

                                                                      SHA512

                                                                      70439e0f10eff374fb990b51598660927ea9080fb68d9f6a97829e3695b39dcc703c8b4c351cf5aedc263933a1b92bec26f3921dad6059e6c46f8c402488b8e2

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d7ae.TMP

                                                                      Filesize

                                                                      48B

                                                                      MD5

                                                                      493387d018746d4149f52f5180f966fd

                                                                      SHA1

                                                                      befcc9529babd289fbcb175623e132891a823e1e

                                                                      SHA256

                                                                      d9d7f58c13829b2185b8cee59074c81206b1f466b9633bdc03690d690ae5ffd2

                                                                      SHA512

                                                                      5a2b447ad9308632bf234d0645cf841addd8e6c53b94d02795ddee73c0f8b1ad35f5c876ca2fe6331d48137f0bab10f0deed1fb1735d947cb7e34d7b2d75bc22

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      323a476f35c46814fd6a05bc0834c146

                                                                      SHA1

                                                                      7be9a481a53df753325d77069e3d0fede3365f59

                                                                      SHA256

                                                                      45a746ce9fa8e9546156383017e43bb8f388238e901ae6e41c13e410e76b70bd

                                                                      SHA512

                                                                      8d1b77d62842877573892751f23ad4b0ab78a679a669e02a533e7585a739ff54168f5a31ef4997d79c87ad33cc7ddf82363cfbd0088277ee96ca8ea843902c6b

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      fe74111aad93055a07f60c128216eacc

                                                                      SHA1

                                                                      aab5bc18134159f31aa9f7a632d26a6dfbb04328

                                                                      SHA256

                                                                      ff06b06be56ab6f1c2b60cc6183be3e08db9481943cd7f7cd2ca1fab5d0162bd

                                                                      SHA512

                                                                      fd9ccf82e65970d66217e069b1261679db698f52f39b76c0d4327886c7ae39b1b132fa7668b871d9215ed7301bbd33462b4e27ea68207c08ab7a196548fa8c92

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      dfe7fddaf488ede85f9ba2c026d0f399

                                                                      SHA1

                                                                      d3f629b7018fbc222d2a45f84263bca2893eb294

                                                                      SHA256

                                                                      398adc4e3bd7c16ca4b4cadfceeb3c1dab03ad9716ed5c8aefab46a7866bd6a5

                                                                      SHA512

                                                                      b67c6de8172d116bd1d35fa411378f0ff84133aecbdcd96d85f2cf316376767dbf5658e08bbbaff2ad86b25e504229a71d36690fe8556ae5eff2171925285cf2

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a294.TMP

                                                                      Filesize

                                                                      538B

                                                                      MD5

                                                                      e0230d794cb1a6473b733d08e2070cb4

                                                                      SHA1

                                                                      7af577635e032e80ce929bd12bba45304f695e38

                                                                      SHA256

                                                                      c319e28096ba3e310074b1cfa855d4204f0c2d58854fa13cf99db221a5b58e58

                                                                      SHA512

                                                                      72617b4213ea6a82417483c0caf296f3db97344709b530a921e24734df234a85a5508f932fd4ffadf3b5fe1892ea07f526019c71036209e17561cc9e198336b6

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                      Filesize

                                                                      16B

                                                                      MD5

                                                                      6752a1d65b201c13b62ea44016eb221f

                                                                      SHA1

                                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                      SHA256

                                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                      SHA512

                                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                      Filesize

                                                                      10KB

                                                                      MD5

                                                                      d3f865963df1babc77d81cc330a75dcc

                                                                      SHA1

                                                                      5044c93168a3ad4459d1c40f364f26a6bfc19652

                                                                      SHA256

                                                                      4d90bae1c9a770a74b48466627b3f53e15b12a9c90147486f432e8ca00dd9443

                                                                      SHA512

                                                                      384a2e16b00a0eae410dbc015d91d8325a9dc19e62055b567862f80489d00b7b3685f986c237c3b176ceaa42d0cd767180f707b993dede3b19aa37fa0023e716