hxxp://adobesign[.]github[.]io

Analysis

max time kernel
145s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
22/02/2024, 01:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://adobesign.github.io

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
43	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4280069375-290121026-380765049-1000\{93A2DE45-7D68-4673-BBEF-E30297450680}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1972	msedge.exe
1972	msedge.exe
224	msedge.exe
224	msedge.exe
3268	identity_helper.exe
3268	identity_helper.exe
3328	msedge.exe
3328	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 3720	1972	msedge.exe	76
PID 1972 wrote to memory of 3720	1972	msedge.exe	76
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1356	1972	msedge.exe	77
PID 1972 wrote to memory of 1672	1972	msedge.exe	78
PID 1972 wrote to memory of 1672	1972	msedge.exe	78
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79
PID 1972 wrote to memory of 3260	1972	msedge.exe	79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://adobesign.github.io
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9ce8b3cb8,0x7ff9ce8b3cc8,0x7ff9ce8b3cd8
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2432 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3232 /prefetch:8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3332 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,12546812704487810202,17276005657219196242,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0407c5de270b9ae0ceee6cb9b61bbf1

SHA1
fb2bb8184c1b8e680bf873e5537e1260f057751e

SHA256
a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd

SHA512
65162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ded21ddc295846e2b00e1fd766c807db

SHA1
497eb7c9c09cb2a247b4a3663ce808869872b410

SHA256
26025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305

SHA512
ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4c5197eaaf158bc0e89cfc7c7e901cd6

SHA1
6e5a36fea7e2fad54e4f19909fdcf3f96364e5a3

SHA256
6f44e6427b97f424e6386e54ae8d5b4cb15c5d597006839387ac803a7671806d

SHA512
e778f67bc14a1a11c2d62a0d521a3ba1bf52316b7d537f8582b28fc6c9485fa1452a47d6f9cccb1deb1b4aeeb3464da8944c1a6ce9f0c69c3efe12a54a3b4178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
61e15cbd903f19f61ec0b8369bc48456

SHA1
e5071b95c3a5ea2ea6b80d6c86712ce462a2ce1d

SHA256
82edf4463f91b12f03ad73503e24f5e0edfff49ed2cb23decb2ee46ba05fd484

SHA512
8d991dded07782af292a38825b9754e46d0f064644f2a8091fcd70e5d6e205a726450c2cd9b090f9a45a951d1924983043a99ce4c93a6079b27aadef18f971e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
62cdcea51336168698c3fc71c398da5f

SHA1
808c88839995c34a1f3e813e1e5b4c911f69e210

SHA256
d3a71511163e3046b31aab0cea89cf1056d6d047862b0dd67cdb8b36e577731c

SHA512
f12eb46c193725ee412a615ebd87df7a9c8657fcd5695f47c7087f6f042c6cb84f51feff7ebce35e05e3bbfe1910446736ae723c0046ad5d6276fb7002a467ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4ba44ed1ff367666e56ae7fd940e6756

SHA1
07add132f57814e8df0745d250096c7b4bbac351

SHA256
d632a9d4a70577c926ffa1eeeb10ac2f007ca3a320b43676f03f5f1e9754d1c1

SHA512
65c2717c5211fa0a93f860e7314c36cc8393032acc17ee6c4b38a01307f7497d2f20c854c2be17e5fc4cbbd3e4acb8f76713b7f235dfc26671b55153bb98721e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31aa6c6d8d1826e3a51191638fcc4039

SHA1
8141dff0be91a8eb9d6a312c3bf9d01f56692911

SHA256
59d84a2a4397e53f068481c368cc247dde3ec72893e8d654f88271dc63105739

SHA512
d0a23dd66c1dcff25b7c04365dc1625b4d276109f42fa0558951e5aa63e8bc5d83d9848d04c5dc836551557f8f09075a2d83cee7755ecdb71dd420ebcf187b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e8ee2d643980e373d2f5488aaa741ef1

SHA1
2e89729e2000ca7be709f0967de9c624f7efe1f1

SHA256
8447f451e441463b9f1480112367d6c091da606e6c8d35663f992be5a9c4543b

SHA512
65501ba87a3703dc35d7bc0273ff5ee2ea2b75f229dee38eae6177fd6d7ecd99813a6742e955c12f57be22ae8e2aac68e01be16c65864c13d74a008e562f10a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cbb2ed86c5bd3be9359422d208fcffaa

SHA1
8375f462e291b02e31dbca400a1d612514d19684

SHA256
148a3c635541d94bbf62519e054d6f67b3b9836bc98b4d80033397e5666358b5

SHA512
3bf2dbad8e80cdceab830c3d98f460512b5e6c5118c5b9dbf6f538d990d0b17a7d0d8482811abf32bf8b7e9493a808a644655c53a3221541411655d4a2164332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0565e93efd0e9eeb285fd1d57cdc63a1

SHA1
17fe6eab933d2fc750926e56b2933b7e5e251604

SHA256
f8fd81b5725e870c1fe9d6c163b4b73c4efe8741063701134fcc7f456314fbad

SHA512
641514cf7a2e6486f95f827d72d8029d05ddef2f0bba8d4885af2b1c3bfe2032a0686332d27efc1f8b41af16994ab3ccaa06c66e0d20141956b08bda35c4acd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22b769033cb21777195ba26c9c29d4cb

SHA1
57fb42c48877aa0670174ce3a94e51dfd830cc9e

SHA256
fec7fea1fac2035e172f6b9b3d9c88dac7b950124c0d7f3d382177a7b0b5fd58

SHA512
1e43818fd5c2fe31dd84a856592054f975e0bb1e950f70cb8f83ff02fb7ca4ed7e2f7cfb1eed4bbe951eb7d1fe7b6259071ac7ad7881d3ca97be76760ab4eef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bc9e88fc5a4406249d872dcbe84a793f

SHA1
0d9d73e0c299603cd8544ddf8184ae43e764997d

SHA256
deb916caaf16e660c82d9aa3c9f2d4c5997397b6aa4f8dee1fb1d44382d96e0b

SHA512
41ec8456e3368c839d321fb16d582fa3cafd0e01bc0c7e42a26ad79912905ef57253f59298405c01ba13c85c5f8eb59df447fb31ec9b68998ea90a250e44ff1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3b340e925aacd33681706df634a6e761

SHA1
be0f05a06dd3f92bf14b47d95a6fc948fc93bd77

SHA256
54403932de8e572b52e8e7e009f498cd5f57cc35fb1fccff9045517ed05986a7

SHA512
00ea993e2cce2c0e938a9c3f7e4d1f131ab5df7f8528c29ef5aa93fa00a07e3f90a798ea6669decfa367d421fa93861f969c03bb1531b12756e01d69e3c2643f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0b583748ed211805d0b4cd932fe4a411

SHA1
7cf5886ab99537ec0238fa67460fac17a998678f

SHA256
7ecb49f4060723930055dc3890d443cbefd00749f887d2bbaa386c5a7422133b

SHA512
3c14310ca272023c1db0400a6d6444e827e4d9fc0574f8c7837524455d2e57391dc863a1e38a6490e64b3c1272710d230617528ebf1fb002e398883dfb7045bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
96754e9ce40c167f2a796e2d65d7e4e8

SHA1
11fd2a85914af1cc2b1fe8be0ad65227c8cb3a3f

SHA256
e1b902895a92016fd38f4791a3bfc644425d11e266fab9f93d107ad2bbe5e7a2

SHA512
83d059c36ee5059659e153bcd03da3b78dcedd0dea90fcecc5ac9cc716901e4e1d19078fa31350e94cb482a4cbf206441504565e19076d57096101cdd57e9997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e88a94affbb59c6b3a9b4a1ffd653924

SHA1
d691915427c1d6ed8d8387798cc82b1378045694

SHA256
b781a58588e6aae617999f5b921c05fe8b33cdb51ca3db10ebf31052bb73b1fe

SHA512
81ca9787c382e37a1196b77bf0187fb24b7c560ba05b47f5074715358a8a62ad83ab64760b93fca80c8c1a8220344c7de681088f68a81f68b0b97fdaf9876bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57aad6.TMP

Filesize
872B

MD5
dab58d8b7844c011d8a59dd5e79ea6eb

SHA1
71c5d80f7acbaa1a664111982a3261201ebd078f

SHA256
f59941eada039235abd1c57fd1c44655f1092dc96a0779b90931b082fc21bf62

SHA512
19e3a66e3280a2c9de3dad32a17df8da20dc5d08bfd64c1afbd0c835dc6990b1db0cc5c28d79a9da046604c45c29cfbb3f05e2fcd4efd83a82c3aef1ab491096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3d6efb7e605286b8305f4f2a74a45c85

SHA1
08e489dea0cff4ed901048a81ba3e2d88769e83b

SHA256
def2c85c87d4bccdd3ba25dbcef7ccf3aa100f9062d6381595ee058d4c0555c5

SHA512
a1ea64455c52cf5cb021ad4d50a8c37c63269e2e1a3b1a81d60cf1a7b18c019a21b1672e0b76734095de0ada3ec2a3137e13b1c335e4fd2dc383e7f18ad78bce

Download Submit