213376dd385a5ed0edf0cbdf9c8237d78c73e2b4d5617fbd5eefdfc60843b00f

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 00:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BoogieFN (1).exe
Size

6.8MB
MD5

b2fdbcbfc83a6e566277df15f02669ef
SHA1

de9905e71b815608546a5ebc788d7a53cb4ee07a
SHA256

213376dd385a5ed0edf0cbdf9c8237d78c73e2b4d5617fbd5eefdfc60843b00f
SHA512

2254aa36ab1e1c99d7343e0556540a928f7a34116131b9e4b431e1f45fccbecca4c37af1f1cf869ff05b4ccc5a6d3dd9bb25e9e98dd72bff895343effeb69c04
SSDEEP

98304:uWLBcmn6broptdm/hRyP4k6SnGbXeEmn42PlEbp2WkoCmpJ3+MQJO3N5TZANvWNa:VcmnOf/6DQXeEz2t2UkpJeANA+flY1

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Control Panel\Colors	BoogieFN (1).exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3860	BoogieFN (1).exe
4700	msedge.exe
4700	msedge.exe
1644	msedge.exe
1644	msedge.exe
804	identity_helper.exe
804	identity_helper.exe
6012	msedge.exe
6012	msedge.exe
6012	msedge.exe
6012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3860	BoogieFN (1).exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3860 wrote to memory of 1644	3860	BoogieFN (1).exe	92
PID 3860 wrote to memory of 1644	3860	BoogieFN (1).exe	92
PID 1644 wrote to memory of 3088	1644	msedge.exe	93
PID 1644 wrote to memory of 3088	1644	msedge.exe	93
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4200	1644	msedge.exe	96
PID 1644 wrote to memory of 4700	1644	msedge.exe	95
PID 1644 wrote to memory of 4700	1644	msedge.exe	95
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97
PID 1644 wrote to memory of 1972	1644	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\BoogieFN (1).exe
"C:\Users\Admin\AppData\Local\Temp\BoogieFN (1).exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://loot-links.com/s?fnqP
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbeab746f8,0x7ffbeab74708,0x7ffbeab74718
    3⤵
    PID:3088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
    3⤵
    PID:4200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
    3⤵
    PID:1972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:3648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:3280
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:8
    3⤵
    PID:1668
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
    3⤵
    PID:3532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
    3⤵
    PID:4832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:2936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
    3⤵
    PID:2776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
    3⤵
    PID:2084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
    3⤵
    PID:2788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
    3⤵
    PID:2568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1144 /prefetch:1
    3⤵
    PID:1484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
    3⤵
    PID:5800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17835153915480707592,15724197526007549992,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4204 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
85792218e088f4361173160d15c7d5fb

SHA1
c606f3b5b9d0eefa7284ce05685e810dd4338762

SHA256
402ff5e1b2304bf528e828837c8790c50a773736b0efa32ba9bb81dce7196c48

SHA512
e2c43fa9ab86d391d09af308c7abbf785ad61c9c682a827b9d8f675b48def8a88910cf0ce76cfa71b4db6ac55a1a195120d9a85321cd20d2b3354070165ab829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1508c16809611117b44e9c6b3a0ea3b6

SHA1
6b7c7f68ebc39b5d6f02dfde5f6e95d21307d24d

SHA256
3c93955fa77165838e0a1bf5b9aec3e2b35c070c48afba499a0f861a63c278c3

SHA512
9c21de0d61614b6661d06fc465165089d1c988e86cd0fdb1f71484264fce8c6c0dc3b3d7322946259ffe383f9d460c68f1145037b171f7389cbf185014420f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
14bb2a2853f887935efb56f87bcea71c

SHA1
78afb59ba1ef2fbf575261b87d4374e74eb9dd9c

SHA256
486e6eb2d523882ee5ec0bd8c427ac480f951a0a7cdbec56dc7f6d81afaa0c01

SHA512
f43405f5985102c1322b91effb2ee6434800c80ddfc007536fc2cf85889a607d4556e7ea6f996498b7f9f6a519fd4b4c1e23f36851f0ee9dcb77e471a8d81925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4863e77e63c88c24d4c49230c5dab952

SHA1
53ef19f8e63cc96698ec0d308180b5a1559342a6

SHA256
1939967f56e16e22cefb59f588f79d63145d97750e199bee918e468c14525281

SHA512
40c6083b9f77a47594058ed736a12dffa2c08dae1321439b99726d342e2a20cf9a0509ba238147021804066d2561a08d2cf393c10df55e9b7511652e0e00a297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21fb6f5f1e80e3cd78fc026c96ffe37e

SHA1
e9697db2edc90cce378b25cc5e56fa582a7f7287

SHA256
818e715802cde2f0493a6e30df7bc1e73590dbe70cdeb06fffe8096f6f9a8a26

SHA512
945f24b4f98e697de38a08fdf63eefcec629fbd878b0e16303e42968d6fb86c5545587a493a047cf45bfc3e0cf12317df697fbcd734db93cd2d31752c2c01d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d70717b0cda1217949e61f3589118175

SHA1
3c5ce35ae68cbae9f64fffaae47558ba5ef0d2ec

SHA256
019ded0fa808048c4a87ba65eea7fa96c44719b225d0ee6a1ed5144f3f2c45d1

SHA512
dae1c4a05285383a2cafb0e6b7f5766badb245dade990710301babc4d2273706aaa6225a28aaaa70abb71622c73b3b7bff528f36fc7c002cf140618bc9c3b364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dcfb8d6846679aa5201729bf35244fa5

SHA1
8b7c2057022c983644892c0fd73e564665f939fe

SHA256
d4657815f514791e1378b8d2d5312a824abd133226c970ec9691989461a1ecea

SHA512
e8235d0607457ece600aae17b1013f9cffdeac20a7c004d172d8968b5ff2a5eed9424a12ba8609d25d6a9581f2f0a4bdf934f46ba23a9e40894a0d092fb52378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\76bf6971-8a01-4441-942f-49cfb7e2ab33\index-dir\the-real-index~RFe59ae57.TMP

Filesize
48B

MD5
4ba0ffde0ba9d3e5b4c0d9cdcb260907

SHA1
aee1ed27a8c5a6166ec1e05291ee0bd5938d2d5a

SHA256
83baf421265238f02a8ab71bc61f31f8f4982ad56ac04c51294deb72bc74b275

SHA512
f928ef487f169bdbd580beed25c52e5c9a25a426bc52f059333d6ea26141d7ebba700a17f89ef267f341b0bfb07666d6fc76c5713384a63a1e29d9f3ccb5f5e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
93B

MD5
0f29ba3347558022938562271de7d28d

SHA1
cae774e6c23734210b2ef9c87702a523ecd46815

SHA256
f92fc78ff1a85f03268f7a8ae78b6524aa046385e05ac980f7b391f6538806c5

SHA512
39229ef11ee5b4d05931db901da4eb830edf00b237f01078a483c72bef52ac97566ac5f723e853d1563ea779d725e7d6356027132d9f4cb35a3d365fb6fdcf76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
89B

MD5
4bb42fffe0c27730d19af3580b060402

SHA1
524df3af46e9f235a59a5afca0f9b3b3e84c5f26

SHA256
0e7de89117561cdd5f4d09d86749fb33662bc922ef0ec6c841e0f3425e5df026

SHA512
bc273cc0dfe88b2ae766699befe3111901ee13ca0280559dfd285a92906aa77f45e2b46cbcf3f4259f8e53ae69301fd27d4c22d0f7d85f033ef198e6411aa16f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fb5f7c58c4d96bbdf2876738aeaf5819

SHA1
756e02fd80934a6fc4e1a094315143b8fb106de0

SHA256
7a61ca3724ffbea017e03884d6de32dcf5aa499d989a93fa5f78d9b57ba0590f

SHA512
25d24aa6bf042d4c92a44ea29e1f3b23267615b04f829760f7f2e153d0fb8ab21fb2072aedfa615d57246392855837378f6c39be083383f9d592e4d924f38f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590797.TMP

Filesize
48B

MD5
39df4535e7e11272259d010e849fbf5a

SHA1
5b3e468b1ddebc3f6e486d52d5455f08fa049c6e

SHA256
19554362f10168c45547354688b81ca284eef468bae6a3ed859fb457c9824cdc

SHA512
2dbc284ae68a293a7b96fdf093d02a3522140c4b5abc7c5a0a5b3b343a8cae80a528e6ad371490d0cd3a1ca48599c5d1e6b85031a04a2d461b3d65560fcee6c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0422903b53a8e439c00b40c8f0d0cd5

SHA1
0c129f03a10fe2ae073705c1b19ef5f41903790d

SHA256
ef151c6859f00654bac1562cda1f7b0ab5d07ad9a0e4b917890619033ce8f874

SHA512
8c2e0b6ec44d8bdb2e6b2562d8125e06ac8ef409ef08d92695647fbd8ba637331854b8c5219bded9619a2f5d9dbfb1386706ea2d1bb261bfcb256fb8c28bec4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
efbd72440aa55c8462420e44dd689778

SHA1
c138aa2d292fd97decf3e1469de3e26b0667d710

SHA256
c6273cfc4f1e1fcd0cc2197fcd14ec8abdac763198809902d8c42a5f5a3b1bf6

SHA512
db941715e079709ac87910d398f8b1f2f5f1667f3753806897baea3bf5aa9cd7948aab80c932a03a1d65e4aeabbdc9bd73423522bba5a3531e48c82324ecb5a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7eb0018fba0b9172c67f1c8244c9d9ff

SHA1
efaa4b5d7a71d1d06fc1d9c65745dd95ebf2f210

SHA256
c1f670f4225eea4f9bc9251832224168a94d81aec015d1dffb6de0f059eedf7c

SHA512
20e589762e6543997815f5f7c81e35f327c0d74df7d8492bc787c2e54dce065b3f7078d307bff365448969a90f85c257cb60d8c50f8b1a47c78012c0624885f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd816ef1a2bfb6623e0f1726d283bedb

SHA1
1b8df8796d651ba2a13cc9134e30e18b78d53719

SHA256
c3ac90431fd9abc80f2a325e6ec56b923faaa17a70676f3ca94e988c93d54ebe

SHA512
c6734e9a547c840c43b2640f11869929faf94b825ab5f802184a4fdadb85271c0fc3f7a765a940b1cca30d0964989486e5739211aa73389f727e4e3f5f58b980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
706d8c15b14addee6d566ef7c126a021

SHA1
de3283ce0e2f7c86671cd89f87d99e1352cd89c5

SHA256
a85e133e9f3a56cce4bae16a7a77695a3230c13208f4e369c5124219f10a6b8d

SHA512
5428c936b6c3a37706ba5e561ee41051f4445ac7ae596d1e66c670d827cee35a0ac3b52956c2378d5c79d43b24bd96bdb8ec5b055ed5823515b4e1dab896eb47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
287d58f305a2b19c8cdd78e9d171c31a

SHA1
df03760de3e334ff04664b01e4394e62d51cdb8c

SHA256
58c1a466074c916fdc204a4c8469052c14f379e5b8af3ee648a1bfee286fb1ed

SHA512
008fa502d789b73ffd910ec3aa9b1319c74a55766d95b0cf938a7a77308fcc5e4fefb71255d9f02679fc488d83abbeab05d786d48f72bff7f2fc40c7df7b0616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58beb7.TMP

Filesize
538B

MD5
6adb51c33ba5a0c30d8501afcb0093a5

SHA1
26bc75e8e13a0b4d7724fd272fd0dae8bc589131

SHA256
9579f1ea5f10232324ae69408a8ed8d86c272e19391871e51dae8ad2e3011437

SHA512
779767e26871be973b261853304d085c555f63cc77631769feb15db6c054a62eadf7f63c851b18e17009cf0e5550a2f60d3eb73fbaa8539cba1813312aed0873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
94bb28e7060f7cc680a860b56068468c

SHA1
f9e03a8cd07538d5d75199703dfe210833a86f17

SHA256
7a52d1e5165f9b1b91e724089c468a7127fd90ec4c574be69eb546d009bafcc3

SHA512
5195a6d7c3eeb179539b6ee110d779923f69b742185687242730e501074dbebf8925138cfceae3765702635d6c1dc80524a4596ccb726a32b0488d1d820d2f15

Download Submit
memory/3860-14-0x000000000C2A0000-0x000000000C2CC000-memory.dmp

Filesize
176KB

Download
memory/3860-16-0x000000000C310000-0x000000000C3C0000-memory.dmp

Filesize
704KB

Download
memory/3860-28-0x00000000059D0000-0x00000000059E0000-memory.dmp

Filesize
64KB

Download
memory/3860-29-0x00000000059D0000-0x00000000059E0000-memory.dmp

Filesize
64KB

Download
memory/3860-25-0x0000000075240000-0x00000000759F0000-memory.dmp

Filesize
7.7MB

Download
memory/3860-26-0x0000000010BD0000-0x00000000113A8000-memory.dmp

Filesize
7.8MB

Download
memory/3860-24-0x000000000E010000-0x000000000E02E000-memory.dmp

Filesize
120KB

Download
memory/3860-61-0x00000000059D0000-0x00000000059E0000-memory.dmp

Filesize
64KB

Download
memory/3860-23-0x000000000DFA0000-0x000000000DFC2000-memory.dmp

Filesize
136KB

Download
memory/3860-22-0x000000000D370000-0x000000000D378000-memory.dmp

Filesize
32KB

Download
memory/3860-21-0x000000000D380000-0x000000000D8AC000-memory.dmp

Filesize
5.2MB

Download
memory/3860-20-0x000000000C160000-0x000000000C168000-memory.dmp

Filesize
32KB

Download
memory/3860-19-0x000000000A520000-0x000000000A52A000-memory.dmp

Filesize
40KB

Download
memory/3860-18-0x000000000CBB0000-0x000000000CC0A000-memory.dmp

Filesize
360KB

Download
memory/3860-17-0x000000000C480000-0x000000000C4F6000-memory.dmp

Filesize
472KB

Download
memory/3860-27-0x00000000059D0000-0x00000000059E0000-memory.dmp

Filesize
64KB

Download
memory/3860-15-0x000000000C2F0000-0x000000000C30A000-memory.dmp

Filesize
104KB

Download
memory/3860-0-0x0000000075240000-0x00000000759F0000-memory.dmp

Filesize
7.7MB

Download
memory/3860-13-0x000000000A710000-0x000000000A71E000-memory.dmp

Filesize
56KB

Download
memory/3860-12-0x000000000A800000-0x000000000A838000-memory.dmp

Filesize
224KB

Download
memory/3860-11-0x00000000059D0000-0x00000000059E0000-memory.dmp

Filesize
64KB

Download
memory/3860-10-0x000000000A690000-0x000000000A698000-memory.dmp

Filesize
32KB

Download
memory/3860-9-0x000000000A740000-0x000000000A7FA000-memory.dmp

Filesize
744KB

Download
memory/3860-8-0x00000000059D0000-0x00000000059E0000-memory.dmp

Filesize
64KB

Download
memory/3860-7-0x00000000065C0000-0x0000000006674000-memory.dmp

Filesize
720KB

Download
memory/3860-6-0x0000000005D00000-0x0000000005D0A000-memory.dmp

Filesize
40KB

Download
memory/3860-5-0x0000000005CD0000-0x0000000005CD8000-memory.dmp

Filesize
32KB

Download
memory/3860-4-0x0000000005E00000-0x0000000005E26000-memory.dmp

Filesize
152KB

Download
memory/3860-3-0x0000000005BA0000-0x0000000005C88000-memory.dmp

Filesize
928KB

Download
memory/3860-2-0x00000000059D0000-0x00000000059E0000-memory.dmp

Filesize
64KB

Download
memory/3860-1-0x00000000008B0000-0x0000000000F8C000-memory.dmp

Filesize
6.9MB

Download