hxxps://bluealts[.]net/nordvpn/

Analysis

max time kernel
147s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240220-it
resource tags

arch:x64arch:x86image:win10v2004-20240220-itlocale:it-itos:windows10-2004-x64systemwindows
submitted
20-02-2024 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bluealts.net/nordvpn/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2568	msedge.exe
2568	msedge.exe
740	msedge.exe
740	msedge.exe
3004	identity_helper.exe
3004	identity_helper.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 1764	740	msedge.exe	22
PID 740 wrote to memory of 1764	740	msedge.exe	22
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 3980	740	msedge.exe	84
PID 740 wrote to memory of 2568	740	msedge.exe	85
PID 740 wrote to memory of 2568	740	msedge.exe	85
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86
PID 740 wrote to memory of 1080	740	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bluealts.net/nordvpn/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb241346f8,0x7ffb24134708,0x7ffb24134718
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9006303661068907535,14875977045338810966,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3300b8028991d6e234684db7803b66f9

SHA1
96df26150566233e1e0201bf17b4ea896861862e

SHA256
5b7786b5ae4ba62b88bdbd0992a8fd96b37e4c7068e2fd23d0b33acf769d00cc

SHA512
2f2dff4c24d4fd60160f70d544059bf02eca983309ff46bb7a1cb4d7c413e291c1520842e1922be55a4058380cd041cb6b4d9e70cdc5e4e00880fe13472df031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7f6a4b84d93993fde98d6553834416b

SHA1
4b4a227af10826f5a2f2e9b232ddb0336b3066f1

SHA256
843a9671b3fab9337d8d600e170f9ac8b200a2faf63b5a8cd16f157bcf73c21d

SHA512
ccfe39c47109dbf71c74ff6950526be7fcd521462f80e69e27388a9757d7f1adebf5f723c46b1631ffe3e2b4aa5829655d556bff8bd7e0f9f87fca46545bfb97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
195KB

MD5
022fa878f1c692abc4fdf1d8db95472b

SHA1
f79deb4cb016d8bf015cc046c4bca1085bdf03ab

SHA256
2324f5c5ba27facd309d50368c315ac5dad6b8e6c72706ad2ad493ba42377094

SHA512
66a90c0038b14e0cbb224e003d619d91c00023463e35c38fafd4b5cfea0e1690063f6d811702321fe84d043df735c4d63dd4e5aaeeb670c8ce20fbf172a07875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
107KB

MD5
568db8e55fe09fdf6b7fc15cbb4fe21d

SHA1
1dffa47765e0b0e422d52bc2de843043cb0bb72e

SHA256
79eb28d0b8dd51ca723203473586b01f2f01afaab34b5e2fb9503c7f7a649fbe

SHA512
f0a7fbdfddb5cc9e752c9be2794410889abf6a9519fc5903f418ee1b4f95d787089f948eed28f5cfe1710e6b62e620929133bc6063699a3ccbd336c34ed2634b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
51KB

MD5
7b9fbab5214716602f6ad9513124f572

SHA1
730f638a9d8cae3cfd6a5f049ad3b051139320cd

SHA256
42eac3ad787e4ffc7354a4df280ab9248ddd6b240e179409f63c2e8e579a8b11

SHA512
25f9978f123363c4e97bea0095d8db9960780c68afec293c5719e2b09c69fc4fbe18726d44de93203ec95841f6532bc487a64f1439b3d3fd7fc71ad35a12b707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
020c09ff15745c7c8d8a8e579fc48e65

SHA1
b1217b04a743e8578cef2357e4e0e1befd95b455

SHA256
fed6ee8b82c7fa771928d145a33550ebd2c710ecac52b08d587db43b1e252bba

SHA512
2026001ee8afb305bd0db2867c65ffe20ffaf560cdd274ac09a27f0aa6d4ff1f6763b0826766a60c30e973ba06605ee028c41df4f2a6ecab7980737eda5aefa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
8ed59487e34c4ad90fba35c35a8e7d1b

SHA1
45ab7fde65d54fb94da5c2bd858fa0bf57bf041d

SHA256
6b1ba0413b1f85c9487b4061c386066d1d109e0f5b1e861507335f9f12fef394

SHA512
91deb1dc6b089ea8aca4230fe8f01ba24d45394a3f2a7eb2330ecd4bde5a8c796a060c380c5be015a334d0fd09bd0fcdfd60e84a66604e04fa02ef96be6cb99a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
455e54769cdc46d03bb9151b3bdcd0a1

SHA1
c34f11f5465acd4304b52ad414ea5eabe2d7502c

SHA256
6560efd704eea176f98948b8f218a6927a565367e92f35152b5bf012cc00a72e

SHA512
724acc8c68d7db063d5c8481c1316c8732389b9ce51ea8bc09633eb65818294e39f8379bc9db042fab83732c5ff00cd666adbedb5dcc57d2ad0e0fe142073cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
8589e728fbc321fd93803ec1614c5cb7

SHA1
c59c5461fd18003119a4e7d2d1a807ffaa6ad9c4

SHA256
dab6a36633ec23667609f2fc38ef7eca8324b9217628d34efd8398c258d85fba

SHA512
35fbd1bc77808741c77bfcb04992fbd96e4b3a4b404a8b13259b2aeb1ec08083094041460c5ab5c70ddfc9ca75bba19c37b2936a4f0996a55ef501ec956bc3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
27af44adbd28f456537f9cd013017327

SHA1
89a7fb5461288b620f6a87d5db073e2629f71ab9

SHA256
f3312b6f82cc2cecee990e22681c82b3236ccca79e832ca8376c6bdcb6768f97

SHA512
912ce0451d61051ae65ac5dd76465ee4a8f5db1d479560a86509a3d1a78c22bb6ecf22670d5053d7fddc945fe15b44cc38f8b17f123579bd3d73ad2d551bd44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
35f7c73cb8d4e81f2cb3d2a70bf99971

SHA1
f6336cab90b73a65bd5f093524dc59ca699a9d19

SHA256
5c15cd7b332595e2c0cff3fd30e3063a028dd39e5d3d8f2b49a1f592c8759f5e

SHA512
4cd39762b9b230b5c557a33958f735daadb6563216992c519dc3d1c8c20d2aee8c5374b2ce5338b8830e73d92e79ef916418ab51f069c6cc632153f8d9ee086d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80def0448a50e0ed4fcbf9d973736d2f

SHA1
24fa53c36894357fe35af170794ec448292b1ddc

SHA256
fe76fb592caee78fe2621b3040c77397cedecfd6469a1b742ab3b8252d7ea6d8

SHA512
e39e84f68dbf6295196ec266042399998476d95f8d698cfea9b467aa049c1271545a6988fecb7d77323c1ea1e4eb0f11402b0e716634ef72d0d9a0b2755ca465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da36a1508dad36b69c8ef184d4d4efa3

SHA1
076bfa1d43611791907ee37bd729ee1523ffeaba

SHA256
066cb5c934b979bda6fcca567900b45fbad04d890558fe78897c7ce149f9fdbf

SHA512
e27926c4e04efda52c94b02ce97cc1bb11767ad7f0287f4f757421b9b9b4a86ea0b3e40cd8f4b63dbb9e20709edd40678a4beacfbc648169e752e2da049fa286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
05e43711985a3cabb2945331d92ce88b

SHA1
d7bc4a32e5ec9335892cb57c9ff505de1999c029

SHA256
d8c0e7ebedd8fbed6bdc5e1e6d9b73cdc9712f7ea2a8bf96c9a2464725d0a817

SHA512
6939ec6bc876572d977c723da4e2ae07715941cccdc4a4e6f0edc9d57c2a274293a29964036d3e4c460f7f2e8630ec421c82a37236d4748a5ff41555c828ee02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f852cbb830698d2399f007d737503f6d

SHA1
c4e8f202769396994b9be90290a383c7d619d877

SHA256
82856740df8d41339e06cd9fe970f52223189608c7ab511a5575af1c0bf29e24

SHA512
086d423a88be3400b600922a16c48d1a056687e5431e9cf1bdaeb4c8dabc2d538964af43f8899a16f7a30e667d04391b1d582a123582527627f530359286f62d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cea8434d6209018be405d27019809664

SHA1
c3ac365ce3d6562c0c3b6a22fd5a4b158e7b14f6

SHA256
e23153b4f37875a3beef0fcf28649dffd6afa3421b22827cc5aef2ff22b435c6

SHA512
42c71a09c58c815b572b80c209d6f22e9bbf6113bc4972ea432b4706ef32718de64106ed92f35321ea6277c3b79aeb5bd3770ec76b32ed0d725aeefa65f3d0da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f520c60be972ca808632d89cce9280c4

SHA1
795b217b174543a1c4e8f2aa0f969ead4d0c0113

SHA256
94e366fb17a27b3ce7a4d930f352dc3837cc0fe3b134e76715c72f77c7849b5a

SHA512
c53fcf9228a090dfea95cf248b55bd196ca1f25a234eac7557f08b7d1f034b124f91df2eb29c7f53373e8a66ce815e42a5f8df160ccec0d90215ca4a9dc6e54a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e9d501356c29d344c2b2a1c5c91f16db

SHA1
272bab9423f908cfaf9307b5da2c0e8f2b7fd6ef

SHA256
84108ca569ecb750c7adcfadea5ed31bb1e964e9340397d422b08ef0108ae0fb

SHA512
fb9ff445ae52a6f8bf05c1f3728f06af251d4232bac0b8ee85725a5e829e1fe46f9fd6f68aafeb5ca670b5e76e728c7584d8323004e222f99da3b71d14e79ae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cdf6b1de0a4ed8ab867792d4af5ff75b

SHA1
43b8f3be248179bfa19529bc7db4ada1b1303a69

SHA256
bd89a14bb6ddc3444b52c73f9ecc6e2cdf5deaf0853dfe8e7454f62e88a66bc1

SHA512
fda8c341a3e2b5fa6691ff071d8ce81b18b901e919f0a8e585487016b1d684443db7a238f73dbb3f498d33f3947ecd4ad7e642c20b7278a41dccba0f5188cd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
588c07faebc894533201cbd423cf83b8

SHA1
16f105e5b32618df925dd01e94b6721b071af115

SHA256
1b62258431afda160e0c7925fc67a84d602220eb2324adc04ceaf7925cb9cdc3

SHA512
b4e28ef7a9f3032d34605e7941d9211c059e2487ee2d8ecab3a000a715d1a9c1f85fca7e8642f113b2c7053a4c47e1fc243e41a6b3bda4537a08189eedc44021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b09378e3d29c02905ef36dd9a0f4165

SHA1
107e93b76d2a248232923a651d564d4cdb5a6312

SHA256
682f23f8227f822f0ca05804106bee001bb9c561695ffad01670b59f2b0d8a3b

SHA512
bc6ce0094b51c16869b463819e1cd87b219a8b85c3b3358ede13df8df376743aadc9383c86839bf43004e1d50f06d7ea33c48eb090b2d14cae0bc4ffc544fc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
af4b4d841df91af12719f6576438b6ff

SHA1
b26de5f2cea1e580b6139068e8a29e945bf65e7d

SHA256
3d9eba435796b86e7643a58be638b13e44137dd875f6da2ac621d994db35f38a

SHA512
c3038e9d984758f9a79b8f19752449bf5567b4a51e6a1cd550d6ce318ee8974346fcf5071dfb091b33c722a79e1c1c391d93e1699341f2b36a02826c24b07bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8f4030444c5b54dfa2a50aff0db784ad

SHA1
b067b86c293784115ab090391fdf25cc068fdcef

SHA256
5d3d128c286300eac1dbd568e7f5ae06fde02fe4c51537697676e2460d4347e1

SHA512
e07137aded99b67c1460fcd03c94778a0ae31fe0c9519da4b3ae2b60695a4b632be0f91e78f8e9a6fb34feab49f4ed248aba90be2edc414a5fcf6aa531e58748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
87323b6b182104fd490c66a133115de1

SHA1
ec9d679e73c4b2587dd6ffd14e395769c2359724

SHA256
20ff718bdad8a20dfcea4f50b2d5b4cecd50cc7e5b8825f4c16a82dbc610b62b

SHA512
d1beff73fb01c21907df6d77d6919b7e86f02a4ec54d75848b57f896aa2171906c613d59b8f2d6b22c51072f4b949d880f72dee7497bffed29a51b756c78b843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ae81dc3512795cc93216bd2f0e211f35

SHA1
09a0f797fab3f5658a8434f5b0e9720d8748da79

SHA256
15feb42bcc4a33fb41a1ea4f3c9267fdf4647fd100e6cf288f813fad8af84da1

SHA512
54c5a70408083ddb55202b8d3776efc879edf9395be68f856a4a9143356c83a40080c41fcbaa785b527128555c4b9244ebf3e0c931881253718b6cb11d4f5450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dfbc.TMP

Filesize
372B

MD5
43e73aa0cf72766f3b1a4d9b05ece0f4

SHA1
9b58ec9e880ec378b829a33e2580a03477bf6388

SHA256
f2e36ee3cdc685f88dd67c62f54c57dd19f7226e5e0fd3c736f8833bd471a733

SHA512
0a836d43413338fec68c36fa8dbbf88cd5d249398f4b55a26eeb25c74566d62b203ca0260c03a0c226769d3ccd8335977db0f4b9ea5b1240b83e0180451fc207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d4390a554444f231e0f3c6f5572b37f2

SHA1
ab986381dcf812bf65b1c0e7be5529b60645d742

SHA256
400589837b83017e7a99e293115fd103ef23a15af710f115b9948c5aff35ff3c

SHA512
10aeef6be5ea9dc50625ad5f0b605b6228541e518797010a2e2949ee2ebdb26104dea7a64b33fa88ca91378a0ce16b5a6ecf4c334f80ccca41d35a72919ce95d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ac46f6918eee162b4ebd38749fbcdd7e

SHA1
75a88d3937a9cd8cba8968ccd80cc163bcef389b

SHA256
99ce7918722dc383d073d97cde1216a5722952f5031df78b652f2e50b2f2055a

SHA512
892efca058927cef20ae0a54726b5ebebbea9e07e208ffed94cae5b1cdb19c7eee39a13dff5c45b24c2bcaabafa5baf391fcc7f1bd326069a7bcd32b4383cf74

Download Submit