hxxp://j | Triage

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://j

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2200714112-3788720386-2559682836-1000\{ABE0E64C-6669-42CB-BEA0-28E9E31ECEB7}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2588	msedge.exe
2588	msedge.exe
3592	msedge.exe
3592	msedge.exe
3952	identity_helper.exe
3952	identity_helper.exe
3520	msedge.exe
3520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2460	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2460	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 3384	3592	msedge.exe	87
PID 3592 wrote to memory of 3384	3592	msedge.exe	87
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 1236	3592	msedge.exe	88
PID 3592 wrote to memory of 2588	3592	msedge.exe	89
PID 3592 wrote to memory of 2588	3592	msedge.exe	89
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90
PID 3592 wrote to memory of 3456	3592	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://j
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffb93e846f8,0x7ffb93e84708,0x7ffb93e84718
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7118760092256291278,5838543969107680285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4352

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x4b4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91746379e314b064719e43e3422d0388

SHA1
65f1a2b5a93922d589142a6edf99b5b35d986dba

SHA256
0b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7

SHA512
a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccf8b7b618672b2da2775b890d06c7af

SHA1
83717bc0ff28b8775a1360ef02882be22e4a5263

SHA256
ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420

SHA512
eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7a1144e3d733bf783e36cb91adbb90f4

SHA1
5f6115bdbb834a9523e901ba6952433148911f78

SHA256
f6e8ca41e617e59048291db4bfe11be5b9a85ff2bf8c94afa33bbd7233df07c2

SHA512
5434fe060d1411239fa8c81ae1b776c880b2abde4b03305e3e9a951c56c4c1c8c65f5bfc8cd2088148e5f4e0639bbcd691bfa0062f65a480f870f29d208a0079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2a56322e59e495196ef522db93ee9e23

SHA1
484ff9cdbaf22a7feb8359dfbe13c380b6373e2d

SHA256
51a53c01de90c19285c55489b17dde199a12977a2d378ee649543a482463b46a

SHA512
54ba2fc0bc04f911cb5686a3a300bce98df3ff37b11d101af4d8b4c89ab03bc0f72c5006ebeb4153e7ad200a02e381ecaf1a1d068984cf98431efd88b5b95f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0918854cc9c47722135c3eeaa8bcfad

SHA1
2b04792fa57efd23ee0d0bfd12863c62f175ef68

SHA256
c988cdeb8e9de562f377b4ecb965fccff486a21d9255ee48c54fae207739fc7a

SHA512
f5c3ef311922b8325bbe20316c4cbc9d98a91a95bee0364a105d8387591d7d9788717f0940f406b78fc257f7d05a78f261abeba07b4eea03293a16fe0512fe2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a0474b9278d5625a4c0857e28d106fa2

SHA1
3ae469f1af30994c4b7044c1b659085045e7cc68

SHA256
2604beb9168298e0f9996bc229185f22604b2c994d3730fa0e400d4d0b34c148

SHA512
4bb91867b9cc171d2beac8bf8cd6843691871e7897b27149a9c1412ada03f26e0096590c6cacb38ea000df4030456812943836e6af191ed4143d2fcb5bbcbe8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
43fc77698bcf6b1100f398f2682f0b75

SHA1
30ea6f95c8441a5361b6c734ff6fe868533bbb18

SHA256
8e5524e6e9c4f4e3b6bd94d28ff1932594f07a2c810ce06c7792d29ca0a613a4

SHA512
d35ab28c34ea435bf8092e595f77f115400d03cae1f1b71356d0d16165e08d867e740c48d3b4328e1e3fb0b134806c1386c85a359a05a4aa80b9f922d6342ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe22184fc45cb8373dd85935c2e4f002

SHA1
da5cdf690647f9b082b4ca4e8738d6c86c5cdac2

SHA256
85db5e6d70f2e7859e2959fd47ffac8264b7bc02115427fd44c030c1b01cfa37

SHA512
07c19321076d05454c63835afd85f3ac29bcb724b28c01a7e5a36de0c5580aa4390dcfb1a0cbe31d6f357a45c79475ecebfabf7bcf1dc59bad97a5ead97ef7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\03039088-e5f8-47ad-bd27-dfabd365660f\index-dir\the-real-index

Filesize
456B

MD5
0bf6d36326a5078ae9c7f6044f059d09

SHA1
dc16665e79b6bb95dd31c3604804db2ff7a59264

SHA256
b0733c01ed5ec06543ab3c2ed88ef338a2b9ee6cf9cda2f41ebceb10334b0c99

SHA512
a61997d7f22ca4d06d8f221d765f5005901ebd76beadf0993c16eadc616475991743b5dedbde5e605de6a30c6095d347fd5e0fac2ef4381012ace9dcde5b5847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\03039088-e5f8-47ad-bd27-dfabd365660f\index-dir\the-real-index~RFe581ece.TMP

Filesize
48B

MD5
ac64b6ab7235b772c43719be513d5295

SHA1
ed32d675c87ad16cdfdb719a731d5bd7b0f6cdc7

SHA256
6ca3bd276ff3c2d59f455b5296cd2a8560d217d89aded42ed7970a58a2bb73a5

SHA512
ba8fb74902be125e36b39c64c7af75609ca1c97d8ad0b1e9b9dcdfd7c2d617c3681ebfd355bef93393aa7a96fcddc5eb1f97867532d7731fe77fe95497268244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\ad1f2044-7ee1-48ae-962f-c4d7826ac393\index-dir\the-real-index

Filesize
48B

MD5
82fda823d8a2ba003525be5facd57da8

SHA1
6560b114e1b435ad9504221b9ea4b9eebd5e7b4e

SHA256
f20998aea7ce128a5d44c76fd6c417e3344a5397b096ead0519ed2fc2d898670

SHA512
dbf186e5cb7d20cba7b179007ae3af1f61242944bcdefc163cc92544d62072b0facf659319adaebdc0f3d18f1f450df678945c2afd262c78268885807ec41bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\ad1f2044-7ee1-48ae-962f-c4d7826ac393\index-dir\the-real-index

Filesize
72B

MD5
8855dec2fe2b17ae83e7a3700bfb8fa6

SHA1
f6d12176db41fe061a2f2fa09775b8e4520d49b0

SHA256
7b2f1ba21e2711a951c3d197e62d8fc7aa29773dda4d2d54d37b2b00356ff426

SHA512
02cbf4ed19e775574291348c4715baae0c9eef370d57a8cd0bab3980c6c805f2491f75fc4139ff6e0d8ab6be5a300e0294d2f089956a27156f76e6022a748a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
168B

MD5
deb466410b908aa6cb5efc0e2eb85689

SHA1
0ec0668aa8badd4909a1e2d94ce4ebcbfbe7b18c

SHA256
93f76559fddd782b1e5e29cbef8f8d5733f3941e4c344f2d66887868048848f5

SHA512
f7f4444ec0669d238b70408d6cfb462031958981bc58bd9f8d0976c0e0d61aab6ac2bce419e20e15bc706a90f656d6e2ea6b000ff8b8c0f9cb24e3f2b4ab8958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
164B

MD5
216cb81fd1d22bfaba4be5332f8e6747

SHA1
18ba5e0fbc471cd11834ca187bc60b54e8c015c0

SHA256
accc9b8088d0d5a06b4f2b0e0884fcfe49c688f3d160baf67cf86977cb9fe1b9

SHA512
6e2defd38c95f8d7566b48cc36fbc068bc8746e754f30079657506d5a691aa0d1dc98c83813491ddd0e067187d28f6f4d365d02cfad363e89ca9f053700be2e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe57ccb6.TMP

Filesize
102B

MD5
2542c3d41d2624ac054f02ce106c2f58

SHA1
05c90012baeb2805b86fa4ff35575c14f2db4e9d

SHA256
ab5fd08826e2106658d33e05b6cc5fbfb82f73ad80e39b827420c91d50b0d5ec

SHA512
d7d5ec3c859ae1364a432c2cf00a502d3447c14391270ae9a5d652637ca1c0cfce14d00b731ddc52ba3f6e20e41e8fc0eb968932e3a8610e875109e283de9c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
9c00677e99b4d3ceda22f7a24f928fc9

SHA1
449af890451fa372202085e74074e109fb18ebea

SHA256
42ee1cce2e153dcaf645ff0f90a99329a7b3aa3bfe86c04c9208013f662fc5d7

SHA512
5fad473a24b9a7820b267e64bc420c860204c267baff666cdeeb403faa8e361ba8a9ffe1d2d0f478aa18b205f3493e6bd5d05556f83d8ba4af699d80f9708f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581a59.TMP

Filesize
48B

MD5
31dcf329453f7f3205466f9a71b00949

SHA1
3e4629fded1171265f28efcb36bacc0bf6af830e

SHA256
f39e843c4120b1875ac4357e0dc311d0a45400dfcdc06d73a56b80b205730f63

SHA512
e534bb30f61b8398ae454a3d199aaac6ac39c2ed94b930664b3a12fa09501b9f5546bfa6a045fb9d024f03c87b36e7fa3bddc5108bf5dfe2d216c87a7892e851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
189ff0b0c74ed215c41869251cbbff93

SHA1
c591d91718634bd4e89748776882000ae83b1cc6

SHA256
97b062511d1e8afa75366b0e4f406cb03de1e74f2a9e66666424eb0a1a661dd0

SHA512
529063650ffba92478c561dfd8aa4dea32bf69db11419d3f624853812a7e6f9e8809c8019ec6d1c47c42b47b6d22ff936d0a3395d8e56b40c5b126b64e218e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
afcd70782abe59c5640e3524b4fe6c73

SHA1
01279b9909c6d66b94720ba0cb507bdc2edca0c9

SHA256
2cbb2b2c5f133865f791d87a85613e0df0951735979443674bd9995e7f59c258

SHA512
4dd547f99518f44b7e51c38daf7babc751d8769fdf8f5facdb6ea69bbd499dea24f6fb9a39bf59313465a7a286c45538eb56929c24c8424128232cf25839d645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
291c60ee05cc1d4ef26440a751f59d15

SHA1
3abefa1a1c1aae59c510bf7500174ff391cae4cd

SHA256
d5d7b2af0672997eea0c0c872e8e35a987ae75e3e3efcbb477c0970db6fbfa03

SHA512
32cdb9f745ae8f1c5f2efb7d4e92a49fcadc6bf9eef283a048e6c1e1b43f4aa999ec672626e640cb771e46e5b253cc41d29ab087fc1960fc674cfdb5a9a7f2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d580.TMP

Filesize
704B

MD5
6bd4a399b68d6a19c04500235974b8e1

SHA1
37b9749dddd1d7f6ffb484bf4453668aeea1a17f

SHA256
b4933788cbb3a940ae8716611815c7ef9691a7fcca37719f64f6babdceb6f101

SHA512
a28338ac2d94caddd932ab6f0af12b210f339158d3f5d49396074543ffd5b0dadcba8acc59bc72fb104e6b32c6c9a9fc8ff7e324802ff011ef4ae996d6bc3435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e8d50159-6aeb-4b96-8a49-5f2bfc1f99f1.tmp

Filesize
1KB

MD5
43cfffb110a388be8aa99b6199035621

SHA1
3c7d86aa9ae626226806360a940bf3a1b01f1b19

SHA256
808de9779274a8b9a8fa9c863f0b3a81d176729b5bdd66ee9a5e74f8ed671bc5

SHA512
1e1af906f7bbfb7b5b42a079aa7956df7857bc9ee0f0626046ea5da0dc5faae1b4ebae012a9d06647eb257e5cf2006201632c69858f913feda32137e7ca0f647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d4786b16856abc78824d9ec4540ce9ec

SHA1
75e1ea660c7eaaa5ea182d82a516797ef30c3514

SHA256
ab6a88a7a7bdc6b7c7e7c77574884eda0aa15e3d9d81125ebcab53ae38ab8f25

SHA512
26e4f269d04ba31bc9f3b9150e57f4a0e36ac1dc2cea4307d4f1a7e4fb3842f1d87c6cde457b3b8e1f9c87bb0766989ee62c7f5411255232b0a90e3aa139bbf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2818109cd1343295701d30038990d527

SHA1
76676c3fe9bd1cd6cbd8876a35eabbd8144dc1ef

SHA256
fd5ca456b9c86f2ee76621ca63da806dfe73108ed33d19d44348b4888287a8cb

SHA512
8a8dd0ebf6a83407bf2fd68f7d4045e419a4373b942f7ac9d77e7167718a700b0048feb67144e90d803993a0ae1ead5885a1af49fd800317802ba403873c135b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
106158fbd8cc0ed3a1929c7b50630c94

SHA1
3c832679564ea5f3140bf334f087be88c386fba7

SHA256
8f492e0b341fd08a244a58465c66e78f3aeab5ec08ba827db1dd99f0245aff25

SHA512
0b4f68bcdbbbdb234f9544b6b4a7ebacf3fb624e4ec8a4635926d12aab5cdd67f4abccd87491743e70443a0f4ef0c0e3af9a45b016d7b487d9a8ef22a9fff081

Download Submit