hxxp://malware[.]com

Analysis

max time kernel
209s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2024 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://malware.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2132103209-3755304320-2959162027-1000\{7FF2D334-44B3-456B-BEFA-7BFA5FA950BE}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
324	msedge.exe
324	msedge.exe
3928	msedge.exe
3928	msedge.exe
3976	identity_helper.exe
3976	identity_helper.exe
2964	msedge.exe
2964	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3928 wrote to memory of 1604	3928	msedge.exe	76
PID 3928 wrote to memory of 1604	3928	msedge.exe	76
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 348	3928	msedge.exe	88
PID 3928 wrote to memory of 324	3928	msedge.exe	87
PID 3928 wrote to memory of 324	3928	msedge.exe	87
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89
PID 3928 wrote to memory of 3224	3928	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1c5446f8,0x7ffd1c544708,0x7ffd1c544718
1⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://malware.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,1894213472566360267,15409232507091790019,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1940

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2dc 0x4a0
1⤵
PID:4644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d62cefeb0c8fbab806b3b96c7b215c16

SHA1
dc36684019f7ac8a632f5401cc3bedd482526ed7

SHA256
752b0793cf152e9ea51b8a2dc1d7e622c1c1009677d8f29e8b88d3aa9427dd01

SHA512
9fc3968fec094be5ca10a0d927cb829f7f8157425946ebd99a346b7e63c977cb3f37560af1a4bc8f87ab19b43b3ed86fd5b37f89d1a9b2dc86e3c73142c3065b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ee1c6757da82ca0a9ae699227f619bc

SHA1
72dcf8262c6400dcbb5228afcb36795ae1b8001f

SHA256
62320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31

SHA512
dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\150b0124-2978-47dd-828b-0641d8fddbae.tmp

Filesize
835B

MD5
8d2dd0cfcd8ae268f3a7db967d2651b1

SHA1
7e34d3befd34dfce2a290e22096622a8300f9a3e

SHA256
c85c198526935eb5223af619dfa013915f9b740726eff8f266019786ede2ed76

SHA512
ee9a616919e5a08daf881635addaa285b4b4a28b63584123ff72732126bbab657f36a3799cc017328e5ff2dace1182adeb324305aecc8fd3051e9e558ff57f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
31KB

MD5
f11ea88996343792763ca879be59da5a

SHA1
b83d41c5d1cf5d4d0f6f12c420871dbd7a7b2909

SHA256
60e4d15c3c8833b2733dedccfdf2eb38025be0078c3ee4bf2d439aa166362548

SHA512
bd330b3d4d8009ea02c1846a4cd9de78e49fd0cf888819edffc40f1e2eba903f8441055c1abbf29ffd066417cb53956074ec350c2d1cd550f097446f1d45f24a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
e753cba4baa3922efb691d9b3834efce

SHA1
d191dad55a78cde01231c0b1a3d3ee7a0b5c1e5a

SHA256
d6ade064592fb3c2eb460182a1599d5ca987f9dd81a7115ed3e3e402db0d132c

SHA512
25c7ad97eb4e47629bcd2b67f7eff2ad2861e88443a50d2d71ff668e471366991d7ce851cf2bf2f0fccfb554e3230d6ae05b1626be6b81a892a7b1b70b8ec58a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
76212231e4f0b435c8a50737f0da281f

SHA1
363f9a6fbfa1bf0b321c4e2c760e9165bae0805e

SHA256
c110637a849448dfcc3f2be8f04366fb768dbdc05b39c2ae4273fffb14055e11

SHA512
1f7e2304ecb2df1f52244714f754eb93f007559820e791ca0ddb71d2fbbe667383875b263b60f63981d2f56a264e719cdc7091cebc0d1977f2c6fbf603665968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
60710d85d091a9d4be64174948bdab17

SHA1
2227cdeb88c66bc1e2fb7026c8cbdfdd89e66e6e

SHA256
2d555c28f02d5d5e74f8a8e45ac8ed6006f9364cdbf50cb14e2fec505425f2f8

SHA512
c1cfccabf915f0504e006100e0b5de2805dc476a60f9b9dfcd0955531c68f55b903812d2035d4d1e698c4365c22796ee650af9962ba4a9faf3ac36b85c63adee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
467B

MD5
0ade845651cd56bfb336cb53a7c2b9ce

SHA1
eb6e792e39ed5daf1e376d7885aa2925cffb3c2e

SHA256
ceca9f395608e5a1eda52055fc3d08a3bdcf58e8e0a2e1908e7c7c2424ac3d6f

SHA512
2c01456b6eb84d1b98d489f07d3a26f0d6cf5504195c330521174c3ec31fc62f61b4f1376e73903a8e7948ab7d09ad1252980b83f4f1eda5e6346439d0611c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
384dc055f47ba2625326b65eb7dfd0cf

SHA1
c9c2a8e8e1342204cd316264f2f0b074fcdf7b13

SHA256
60eac3a9f12811fa0644a76fbf5377943017ec0abbd7894b9b371a9d3b4cecb5

SHA512
560b743c59b8a35488f86486708f689335acf1415d16a1c51e05c723325b63138290b3db90b29089841779bc3e93486f49bcc21023dbcc8157e4f40c1cf80af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64a97061d4b9f9284050566b69b7b005

SHA1
db7d52f9eae75804ca25228a24c3b3971bf7125b

SHA256
bd6a59afcc5a917f099f0afef98081612a99ee800f04d12b39714b2b93c4e818

SHA512
93945b4290e2068ce5c1b1ec9604f87aa8094df307c2d482892d6da93c8282932eec96ded9ae75c4ef651e434f626d2d6f7b228e7d426538fef1dfc49dbf2835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cca915243fa181d834f0ee696c42702c

SHA1
0ae6cf6a7b992faeb1bdd1519517700e63b1e980

SHA256
b7135b681b97bae05143dfe9fd1d0c4dbc33132bea8ef89b3d19f5c78d09bed9

SHA512
2ec7ef8b0a27b6082d9c09e540b7908ec2c402047ff71648717b31d681a52bfeee49d1c093cf30c4d2466dae692cc8dbdec0bba3fce83ecc4a3067d80efd6e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a442643a3a2dc8f0844ee47e5a3f977

SHA1
04a210560a0970f3dd99e79c16b84ac6fd6e3937

SHA256
5152e6a50bd7a7ca0ce1fbb59b4d27e50ff2564f9c50af9519c418737cc6b398

SHA512
2400793d8a1c5b1a5194c70e0257e6be1357dc45db522badd7e526fa3fcfabb52806f754140b959f6d92b35c52b0d70955bd797f88dc5eea3c120b02dd12e18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c1c9.TMP

Filesize
538B

MD5
ae097b1ea471812a12ba25e7c1121136

SHA1
b4ac15d12af3bc0e18da1b8a5817933e9503dc32

SHA256
ce90e15c3c4b0496a6a695cc339b39b243d8e980ce99da6f96e6207cde9932b4

SHA512
5965083502987356efe2aa4b17b08c3ec1f084c6ecde850197a19786c4795434e9c6719ad689e045219f0988f820876d3815104dd32fdd5224c501c6fa3266a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fa2a80b8-22c6-4d33-80cf-a4c343b348f0.tmp

Filesize
538B

MD5
dd07575c092b4c80e13b421e0e6943b2

SHA1
bc9fa5b2d3e36f5b782091f6c7fe0f01092ccf7e

SHA256
18b9d328a5d9231d4085c692f0d1bf2204f00bfbd0a658da3fa656b3b0f4189b

SHA512
f445c446ad47ed80e35e8b3b0f39c407a3875f22510aa0a8abdadc26779bbaa32d9777e05585f6bca6275015edd09479e21f7e4e343c6d3776c4e7ea5d05551b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
97fb65e72bfe30837e2292bdea370267

SHA1
7335924acf24d2e18e8d2605d8127e893983dba3

SHA256
9ffe14119c40c9c0a4ecd7a4077b04267440c4315be65e3466b690ea66c482f0

SHA512
341094a268ea8a1e7041e8a0f578922c15cc244ec6bdca4b6c50fafcd1734841fca431dcf70a5af118e680093bb2ec02c904554de1e57e6990437c08354f1875

Download Submit