hxxp://j | Triage

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://j

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2132103209-3755304320-2959162027-1000\{4976FE73-9E56-4161-8DBF-94B399FF7231}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
2936	msedge.exe
2936	msedge.exe
4348	identity_helper.exe
4348	identity_helper.exe
540	msedge.exe
540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3548	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3548	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2804	2936	msedge.exe	60
PID 2936 wrote to memory of 2804	2936	msedge.exe	60
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 4660	2936	msedge.exe	89
PID 2936 wrote to memory of 928	2936	msedge.exe	88
PID 2936 wrote to memory of 928	2936	msedge.exe	88
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90
PID 2936 wrote to memory of 2864	2936	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://j
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb089a46f8,0x7ffb089a4708,0x7ffb089a4718
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,10754056555664358942,11689645646593066634,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3292

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d62cefeb0c8fbab806b3b96c7b215c16

SHA1
dc36684019f7ac8a632f5401cc3bedd482526ed7

SHA256
752b0793cf152e9ea51b8a2dc1d7e622c1c1009677d8f29e8b88d3aa9427dd01

SHA512
9fc3968fec094be5ca10a0d927cb829f7f8157425946ebd99a346b7e63c977cb3f37560af1a4bc8f87ab19b43b3ed86fd5b37f89d1a9b2dc86e3c73142c3065b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ee1c6757da82ca0a9ae699227f619bc

SHA1
72dcf8262c6400dcbb5228afcb36795ae1b8001f

SHA256
62320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31

SHA512
dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\39ca3fa7-6b4b-46da-b8cb-1df0b1033dc5.tmp

Filesize
2KB

MD5
702bf4ad348cd8982e4c729673fbcd5e

SHA1
0c24026fc51b84609a749dfb6042cc41c4711759

SHA256
cb05c834269934c978b0f0ab68f2050dbab1666be69acb7d84ddb90883e4371b

SHA512
7e077f8eff2c8430aa74d79acc1c16ee79a8b120125ed508f207402b9aca60513732bb92d41caef5d05e7a526d37d89803e104fdf7fe2a4f15cc5ef1f6863570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
56KB

MD5
5e53ed25086aaa0d3337101b741466ae

SHA1
08b6244aa107201b2b4e6e76ce4c123dcacda182

SHA256
5ac2037030385ad8cf10e486b44475d778eef2e2a377751fbf3c938fd3991b1c

SHA512
7c90e1b48ee9a1dc112bc1921e2a42f4d329d734be246ed488aaead60ff14e2581580e6629bd2b24c109cb66279190df3ee494eb83d1b96f418886cd72f2747a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
55KB

MD5
fdf2600d905a0faa060d691e0212e1a7

SHA1
62550f0993a219e265ff9a0795a4d9f49b28748f

SHA256
52a37b3a78eb5b59df3bdb129b9115c6fed9bec6ca62b55ae56d8c2701de5972

SHA512
7118d2ea3aafe3d77709842da20acbe3faaf4c6c92a50ab05ecd4986916bbb92fe297a1b00357572683b02c61762cdf31dc425f03221dd169803252db5f04f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
55KB

MD5
cfd886e1ca849a7f8e2600763f236d78

SHA1
c1fc2b10d20c529c01b465a1edc0ed2fe04f0bd5

SHA256
c0b1c3c6995c24eabd1a6fcc4f00523e022b546cf1fa4fce6c30d04763244d1b

SHA512
254e37e3650b2c87b524c96f517586b690094abf7c8e0539b050ecdc4c56c2593bedab7b1a830b827ddc19f1c3e05ff4096ebdf4cc969b5bc5fd33cb34e94fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
57KB

MD5
26a1891f272dc17f5ac69a8cfde2991d

SHA1
097239d7cb11b964bd6a745f24e5f82267fcaf0f

SHA256
e4dd3bb15ae6492d5ddff59e08075a6023463b82cfe6c284470fec0d86fe52ae

SHA512
2b78bc3b2e57aeaacdbce5315b117c8900f9cfb99e331704c80f871882b1f0ad88ef7d6808fea6a8e93e1e65a239beaff9c3d61a07191b96bc21c0fac759d783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
521KB

MD5
21d21cce740d107dc45297f94dd13657

SHA1
8032803af911e7db44f705f28f865651da7f933b

SHA256
346587d695abab1d1beefbea02c0490130c6526585947c68d21577fd5f178966

SHA512
d54a3b2400ad6a71ba009f824fabe280e6d4e11264943d3201ee6c5400fe32a608c0159d792d5c8770fb1c06db41215ffb399a713430df4c40dda34bb7b908a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
958KB

MD5
cb4c817432dc6c4418416e9a20f37fee

SHA1
5103de16d8a3369958f4fdb7606fdc8aa64e539a

SHA256
fba453e4888a2eb1ba670153b5778b0c15d611d64f34b69b932d774ecaa5bc08

SHA512
7eb946527a8b9e06c2fee9d4cd6e1d9632a5b50aee7216dd993dab74674694d274426dcb637034163ee90d4ce4a669fe66b6814cd422fd6b66d57f4f2db4ace4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
1000KB

MD5
1fecfe0fa0f8e979c40fa2a7e3c86c2c

SHA1
e3e6c501d2bff32c966725f9ffcea0bb1ab231f1

SHA256
87f86fc4d0be02ea24382f4467303577061f3c6336457daa196d3e84a40a9df8

SHA512
e316ce53a2e7d52045691cd9470dd844f4681c1a1fa00d79b45fbc8be2ed6f2e53875a48ac5784d471040bfc4ce55423846cdced3230299e79c9381877dfae11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cae364e62ae2f20ab57eeb2d15e6d881

SHA1
18d78859d271204d668a6fe498fb48cac06bd208

SHA256
976882670d7f9cf47c627e4acbace4b9dc6db0d56f6f36f6cf099e7f5450ac5c

SHA512
76f2ef1bb0d1dd3fcfc3bd10e6da2638f0b699d4f03c9e64f6d7af2e7db15597220894b9be29489151d296439aeb9eeb105568206758b42e2a655348595b940c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
025bff23dd98772a39b4340da70503f1

SHA1
6c8e1ce0251cc3ade0560417d3afe5c1d052496b

SHA256
54963904c574299c272dce6488a0eab91728317cd96741f5d1c453d487f21bcb

SHA512
6be902bb0f5dc03ad12f3b437e791e901a290daf3009df1ca5f1f2880fe48886255ba18ae7ab3989324b8c538b63370ce59618166229887b8df10df9317a1f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
eb8b8f825a31fc24488e2c6e7517ee5b

SHA1
93e59e42a81eddeae59630423e7e09e9d27d9eea

SHA256
5ee1acda7e20acc48bd42b0a6000c6a04fe3928faa04f76bbe8ad0ef03423488

SHA512
75f5a378d1bc0646766948ef8392b507db40fe631cf55f9293ed46ff0bda31ba70b06964b09d7cefa8ceb0c3ee077f91601cc65ec79cde04108a9d5bfbb085ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
539135b6f93abd508f4c4ef79a8e9834

SHA1
7fe1771303588a0deae28361eaf8e459461782e3

SHA256
94a758ac0ba08af3f0022ea1c9bcea9d62ffbc214b0c7cd5643817d40101ee2e

SHA512
8677ab69c7c4f37104b5432c9ca0e9908c568ab86a4df5453a148827f32f44524c67660679f8daee867161f4bc055a430e5767379571c9de42fdfc2de20703d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7607a0d48962c2cfb7b3d549874f3275

SHA1
1b1b6080f17366bd49315f6a4ce1385751adb539

SHA256
5a707e39022d25c5ade4746397fe58929d6182dea3980374b938ed1128cb49ac

SHA512
1be688caddd4b32be51ce76f3c32b5df2ee45e66bdd31c81cda72091dab24d338e303d54df2b6bb790e78aa5495b02ee5aac1ab11c5679e28fb0703c029162b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\ae5f163e-c944-41fb-9f66-31550f6a904b\index-dir\the-real-index

Filesize
456B

MD5
da0933b41a693e68fde28e8586be60cd

SHA1
a63856f234e560b1df3da2295d26a639f7d8208f

SHA256
fb9d198afa290490d76111bb8484ab85af08a4c92a7460eb6ad1b878b03804af

SHA512
9e189314df7378e1431e6a446ba45ea9a4f6a571934187b5843dee63e29e05b5d21ca93be787fcd73bded3468e40ebe9f14e06dbba5c873460b2d9ad6021d72d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\ae5f163e-c944-41fb-9f66-31550f6a904b\index-dir\the-real-index~RFe57ea6f.TMP

Filesize
48B

MD5
26c82f6b1229e796d042b24bb3b9274d

SHA1
0d6ffcf3d88f08a6fd937a13c69300fd121c7393

SHA256
76c919c8339b07386f23e7b3ffda6291589ccc8440defee22aa21cb5bddd13ba

SHA512
12bb397b72420c30201d80db56780fed341c22d17fda6dd594ea487b172d487dbbf5a1daea96a41e7d5e950134fe1325740fba82470f51cccf55619fb3bb22ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\e03756a8-b233-43b6-a5fa-c6f40e1976af\index-dir\the-real-index

Filesize
72B

MD5
50d576ac327561fb48f4aeb83027eb98

SHA1
8572553aa6b426a20ce041c82a692167d27839f6

SHA256
a7c536175de20065b48e5b0e9f23229e6ec7a7783df20c0a48073fa783048a40

SHA512
d86228484fa3b871cc26e54ecb484304bff2c281ecc6a272023cee4b86740f78c52b1a269a8d2337a654d60fd35f90f45e1658866755085af6a9d8af895d5ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\e03756a8-b233-43b6-a5fa-c6f40e1976af\index-dir\the-real-index~RFe57e7a1.TMP

Filesize
48B

MD5
b709d3c4e1910da03281e99129469b38

SHA1
1b05014b299972a936942d13a9725083fdec93fc

SHA256
e9ef048c9b7a99f923c704a647d6600e20b211f5eaa41ceb60278933d74256ee

SHA512
21125c5518571ca4ca42852470b608e72d49ffeac25c93418b3490ee237e2333a1ff19745ff09035f7415450e48cbc871fdbd52cd127eb8468d09c7f826edd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
168B

MD5
1011a6d1bc5e946b4ce31adc05eee37a

SHA1
4a2ff5b46f928ec699f32cff21ec34bfea32f194

SHA256
5cd79db29a7abdf677cfa0d186a887dd475685058986c937eb84ef09fc5f1a3a

SHA512
81d56fdd1f91fb21485a65d9062fc75e6a38918e93ac0570a46f990726dd0355e396dc00b432de5af045c3cd3f3d1e7f0948cee3fe9f867bf67a5a1ab8b180a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
164B

MD5
284667f34e5fdadd11cbcc8caaf3a2bb

SHA1
5eb6e1cb3926c2c403e09170e752eaa4977f05be

SHA256
02b340645f261822c04b6acdb961ce4e5ca9cbda2dd5982ae5ed6d0029108947

SHA512
a4437e6f3b57833d5199dae5439dde0ecdd9bc7c2d1fa5fdb4dcc9b060772cf38dde341768650491a72061c2f4881b84d6b909b2cfaba4ec03c4d898e36dfc77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe579971.TMP

Filesize
102B

MD5
e7e70a3babf35cc3a97fe1018055a522

SHA1
eef11ba7c747ab88b9a3d52fa44c1a33ec961534

SHA256
a7ef4b80155a018f186b2a5b047b8fc215ce39242b40ce967166754edec48da4

SHA512
24e7c43492310f5cd41458922891aff1ea6b3a16c85a99f2e01d39c06990c25014c8c32043bda78b271a4144352ba4c925398e3c9d8b837e17a68e7bda669b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
cb18db553544707a6b571abc6ce1f902

SHA1
c0ce154e035eb6531cb257f5281612fa4bea3c91

SHA256
7f718dbac8791817420170447833ff783e0a1735a3316b467fc2c0797ebf9054

SHA512
3806ac063b6189a68208113b30f530dc1fcab8e7d940cb553947aa19f719c6625caaca1fea0fee1dfb2b62b5b91c8574ad704f9789854350bb80d4dcc42d00c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e743.TMP

Filesize
48B

MD5
84d398cd5cb3a986b2c0bbc71a3a5722

SHA1
0719ad67628874d714a2db06942f2393514e3caf

SHA256
206785e1cd28808bcf97bd5687a70e5449686edda2553f83cc0da16d4b6a6fb8

SHA512
d89f7cd121ea1b26697f0673b785a7ed24fd32d50e048824e8b7f150f12b72800696e67f55c22b62ac29c5243bb5ca4928519fc82f6825c9b2596ec8c3e1543d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f00396574626d70831cd2fdad26bebb

SHA1
758cbf337c5d388ff865e11c6cc9391ad00e497e

SHA256
effa848809d44aa9728e278d306d9edbc2866d73de3f0118163218e6084ec158

SHA512
c6edc7f709f74f887fc49c37972bb5d03f81c77c2d34896ebf9b17207ede4ad3c18f53b79d63628e3d22b72bada52c02adbd530ee069399ea67c7cd25049b556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1037c154b657cd5b97f5040e6dd942b8

SHA1
a1e7bb5bdfd3bc3cf007ddedb1334a0938139c8b

SHA256
2b88cd53d088400cf9e16e60ad9d3b6ba7e407991842159c552b13cc2690d0ec

SHA512
c8bcba54f4da91aef11d94ff16de8f9b044aef7c9fe0d54f30b88ff6acd44fe4475b058d0e8e3c0766dc9143af10429b1d8007050f70bdbdf3e1c456883fc2f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ba28.TMP

Filesize
871B

MD5
ab480933bb46bd9b556115aaa85ecafd

SHA1
849ca4989be633c28bf5b621c4f88e9ae20d1f3f

SHA256
99eb1a540f20dfe315ba168526afbe3075539bf1eca42a91d9c46b063bc09823

SHA512
21b94452c59d7472546043a04650d7e07554c1e8c21d7b454da3d01eb7049975785e366f172dcc60f8ac4f1b61d64e3c90d09cc46a473ef04fb56010a71cd6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ef5fa86d-dcee-4a6a-a1f7-3fc009c6bfb9.tmp

Filesize
6KB

MD5
91830210e926126030159d822dce0e79

SHA1
229c6cff136d5d4d8e312378555f1e1d9743f89a

SHA256
53fcf638881f544403cf017f08d7f4b23162b8fdde7eb8f3d396996bdca0842c

SHA512
e91fb651988ca0211845ce09347444d19e15d86ba6f37339829790d557b53955155a4851b7b0770c038e709e6c9fc929c4bba7d22f8081eae82c6b73053a24eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5936f1e9fb8283a962e6b39118fb17b5

SHA1
b1f6729269792fcbd1ade3289f743fb94f0bd511

SHA256
5289ea01f26582bf3b4b6af03b2cb7a584c52aa988c2a92fe47997bc53492e47

SHA512
0f6a06540174a60f05d3b4849fb99a98f03617593143edb0b0aca52be5ed63cdc55d43b6cc37f42b6460cb626a209f920aa142f1f8af4396f5d2df922308b6d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
913438707b592a8238ddd7c5ef0e8ab6

SHA1
1fe198588e086ac9586285d8b331a0d17a786ad1

SHA256
9d94d01d446e1f570b067d0ac42cd96828c8d99237724642c1c36105b948fadd

SHA512
aa31d38d3dc63803f3a571fbe4a8406b923e67cc03d5b26b9b7ff0d529266be49483ef5e1e4e6c8152e9be741bbee35cdb8496c266c8beaf4d6239696ee690ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3d61e68d18eba8fdcdeff654bd044d6b

SHA1
baaae96a569cf653d6d6d7f689743ec6451de7e3

SHA256
5ad867306ec898f738ca44fbfc5a2fb56edc9fd3bab07a697659df233874f613

SHA512
5fc7ff22e9a684a996b9df4d99401b0ca1451fa23633eeee851cb2dcdf5eefd63b1d6e4e860f413ded664f85964ab902b0338824c41224f511c78998d3fd3faa

Download Submit