hxxp://jhvy6hnubgth rn

Resubmissions

28/02/2024, 22:50

240228-2r96safg3y 1

28/02/2024, 22:03

28/02/2024, 21:27

28/02/2024, 19:57

28/02/2024, 19:56

28/02/2024, 19:08

Analysis

max time kernel
1785s
max time network
1800s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28/02/2024, 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://jhvy6hnubgth rn

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
33	discord.com
34	discord.com
73	discord.com
3	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2930051783-2551506282-3430162621-1000\{9EF81D7B-18A5-4A76-BA76-C92C7A1E8A9F}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
1136	msedge.exe
1136	msedge.exe
1560	msedge.exe
1560	msedge.exe
3540	identity_helper.exe
3540	identity_helper.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
4264	msedge.exe
4264	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1288	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1288	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2856	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 1096	1136	msedge.exe	77
PID 1136 wrote to memory of 1096	1136	msedge.exe	77
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 4592	1136	msedge.exe	78
PID 1136 wrote to memory of 1860	1136	msedge.exe	79
PID 1136 wrote to memory of 1860	1136	msedge.exe	79
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80
PID 1136 wrote to memory of 1632	1136	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://jhvy6hnubgth rn
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeeeac3cb8,0x7ffeeeac3cc8,0x7ffeeeac3cd8
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2223805540446736275,12167976429009782078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96899614360333c9904499393c6e3d75

SHA1
bbfa17cf8df01c266323965735f00f0e9e04cd34

SHA256
486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c

SHA512
974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
19a8bcb40a17253313345edd2a0da1e7

SHA1
86fac74b5bbc59e910248caebd1176a48a46d72e

SHA256
b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e

SHA512
9f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

Filesize
942KB

MD5
59369c4ab9d058a01a693274c1e933ff

SHA1
ffe1deb86c6c1f40273a84412c6a4dac33d4411d

SHA256
a87e6afa86ae19037320ba9d7601be0bc6222e6696272a9b857bc546210abffa

SHA512
d614dca5054854e6e8dcfebc41756fa30873d159d1b416315a67b225ba150a55856557a8420cbfef876a0bfa8bbf72737e4637f6bc3f7e19d9635aff985940ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000098

Filesize
169KB

MD5
622dae7b4065edfff6c94a2ddf15be87

SHA1
d03dc430162c57dba2b3cf1c2b2cf1e6e28d7a5b

SHA256
aff72571b0c7ea4e082de0970801e5ac7e24b6281cfdca70ba831b8880489fc9

SHA512
2affe2e189ff95ba27e96d60b68777a706621a7f2c1664dfe9f039f1ca2e99f2c8c755e477c636190e3ad35c4c964f4c825f12a86234b2c7878443cc2676930d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

Filesize
1.4MB

MD5
27c818a017fd1e8e2570c72e9b43e174

SHA1
e31ff00eb817750c1b4d17db1cbeb2def8c765fd

SHA256
c8480b8dd385a8277d6fc5d7ff1170154f64c82c80254b8938945315bb40a67b

SHA512
bde0bc7ce94c0ea03c86c0b59dd9b604b171767ae9a4e91060f42bfb7e41fbe7bd221140fa36fc76a5e4302412b5c9b4b072f4ee62075bf8e7efc7e00e164023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

Filesize
127KB

MD5
06499c0019e4c668163cf7a14b412de8

SHA1
658056f9c0a3dd6d6df6930d8c2502984bca2bcc

SHA256
38dd00c7feab58c0a23347427065994b5e163a740773068557e359ea30c9c6db

SHA512
e6dc96a861601c4d8c4390c619116528b6244c42c5a12e5553fd118e1bfa70998729486a7d74cf94e711ab5cc0b20ba53f962d2aaa878ddfb43a3f7ed2d86518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
f1d49449322bdf2770a97b339f9dbdac

SHA1
8b5194153b93c24b5519e91d498de49d71200766

SHA256
d9f0ae87a0a8a94d792fb999c2ca156bf796428b2ff72e61655189bb5b0ca78b

SHA512
c5df5a4252277d36fec6a387fe1ce47f1340bd6bb9d18c8275b2ea1e37d9e23d1a16917712b4c6dfd9c9f44dba7c27d83977975f2ee01db8144ae18dfeef9985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ae3decee20b00918a8f832fe081b0d46

SHA1
27968c7c842a31870acbeb49753a150782dbd5bb

SHA256
5bab477339b1f22c4ce9b722ec67f9d1990d54dae856a8852a5879cf3d167586

SHA512
1c58670cb178130dc2e8139f91b01ae63707a612b2b25a112c2d20c6a7206a94d116a7a5f9db493b0633c83277a54665f3138410fda7a406fd56e4ab85715ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b7eb5ba15920f7451a2a610af0ee653b

SHA1
1e187c547c1139f1f50a8c0ca24d8a2ae81266d0

SHA256
c26988e8ebc1348f99e41a67ec7dda316f32b6f855388ea37fc762283b277203

SHA512
cd2c179c98722c12bb7246f7d7b713ee894765ddc60f8dae13efa06563e643a9aa5541fc748dfc9cdcd1d727307890398ccb23e4345b030ceaf8cab412272899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
08cb4d40d448452d8c88e11f1a96bbfe

SHA1
924ce8a2d5f1c8de326ab660d8e69ece7f60b5e4

SHA256
bcde7c84ce82b6bf18389928b5cdfc5980668132ae8e1563e44b364c2045247e

SHA512
122de8c9c6b05509795a9b6479b2e298d458b574af632f7f3e1335a154fc982c268de480767711b4af7193895cb9acc94a25a9805e8c5148dc990fefac4ec00f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
88abd09509725ca8bfc16aacf1d172a2

SHA1
8dd2c73ddd711c8a48623a9e455c2a1ebb14ee40

SHA256
35ecc45fd07e7bf165554538811f949a3c42b1ff74f3ca034fb067971861841e

SHA512
9a219641f84b492a45ab2534658577e4da25be357ff81464ddc19ab50ef3e059b26bf98beba15d4c1499621aecfde0055552919ca34190bb3f1683e7dbd408e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dc4648b25300ef5eafaab473b8070c6f

SHA1
8f9aebb9ae4602253a1cae8f17b132fa56efebfa

SHA256
8a0943d5d87bbd08f182cd68196a63051441bd133b85848ede772fbc3619e4d3

SHA512
c22d21539ff904a495b74085f567148a41d1a73c3a39d012ba26ca8e7c0c8c8007a648573206c0dfbea8af1eefb29de34fd9805d14559e0a6a001f1fa19ab7cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8831d62645873fac8be7266d496b0caf

SHA1
92a27d4c7693c634103bd9e5dd4a47f1fed81465

SHA256
20c0c7851d8c5a3aa210fedb2eac038b03346ecf3eb1059169787c22b208de91

SHA512
34f8ce37ea9e4024be5b01ca83bf8386e514462172dad518bed224674ae60045137ec59e451bcb5c1a092ff16c11a24826a21d2a24a5e8fe7c63f38a9d91cd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ae739f19f034ed1f0f06e1d123dfca5

SHA1
abb25fdb00fdf38af0b0aa855a17a8fad5a3f716

SHA256
4c368af98cfa52f2d15713d26de87e9ccf69409b90fd14cfb7b322ec18d920a9

SHA512
fb59cc0f56883379cb47d32f937a0e2a9b0212aa131401cd1ec8b11985eb4da87d9c0bcf0f4a7db9f10e0456f232c11e5f0f20df829bd1491c2b989484e6b904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0362f5633dd52428c7948dec316a872b

SHA1
57ee847cde7530cda14b24947bdfbb1622384682

SHA256
9a69bf4f76e9594db08a1d6e97f21d100f0f77e5221de0db540de426708755f7

SHA512
dd7b97b058de5d6bc13a74864089d8e5210a25f6b84f0fef23ce6c4cb9a58bd5ba12e7e76b954ab9a9ebd8d6c0f02867e4aba5735a9ecfa3c375d04213a146c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89aad24bd3ddb6dedfd3eee85ebe0c86

SHA1
36cbbdbc93b8ceea126477b6ff6a4cc7ac205c4d

SHA256
e9f30ceeacdc180400e164cb0dde36e334a726cb2c85cb5d25dfaf746df3851b

SHA512
5a8780e1a838721ee3e72930282d7d1a7e757850eaeddd16ec656874d805178035c38bf6ed6e85f9d431d43b874b680b71cef7234f65432c5d02870f555d65bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
950291a2ab3f016f4502898f0dba8508

SHA1
df9b4b28589bb7498d90e22c4dab819d62cb6589

SHA256
a02df16a732f781fe27307dc9a8b15959f3c9ae807e21115e1c81bffecd8f64a

SHA512
8f99acfc1652e2e919d2d15c6f6b953430c67096642801431dbfe20eba73ad1786debeceec6cb945780661d86b5dd7a87b73a93cc8f0240f5f30b989bd108085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
363b9b68d1a88aa26261a8d91fdd78a0

SHA1
f0e5a9f7e5dab7f5ff5acc58ea521b8f1583d45d

SHA256
a47f96cf70382bd709234095c2bcb2c15aa84ebab2bfe25bada84f35025f92a4

SHA512
606980cb511153864ffd28c95cb27b1fde2b8b73883894841b6515dd57824baf6253fe296ee7fb96d7bcb44979213a537a2fa2bf24fca19220ddb9598b62ef3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88ca3651ee097fb4f3faa359db393acd

SHA1
e5afc797cbb666d16f622c59ab4a30041ee66810

SHA256
230405b8a780dbcdacd7373bace4434085f28ab67effb94cbf85358383df6db8

SHA512
4e59f9ebf84c0b6fbe67edd623ef380b90db23ac599c075da6e8c6036ff1c508e8d5be39be91a7e2b3dca5c86c54b0d178d5838fd7935b587b32042f351c812e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
99c4e813ec89f17d12519b75cb2a3b68

SHA1
5d9d523b3d7ed75678e821705c448cd92764c69f

SHA256
b05442245ff21146a766c0d9f6778f0787d56b16c9db3f19988e9911c7d2a74a

SHA512
9262fbfa5b2d78d5d9f873f5c305d79fadfbeb4e42980cb505382adf743fb2368783cf71dc4437777928f98dcf72ecb5bcfebda0e91febbc24125f7abe36b418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a4e714ffc11e945e3b16047eb4f85ea

SHA1
03a3e0e0a4f7640e38416fc84daf207eff6cdd44

SHA256
f478e155e55cfc870c874db0dfae2319c6c88d2e281cab28ef33010229c666c3

SHA512
e235f37ee207d949038cade427fe53ef9a7c65bf3197db405cae274770580b41a9cd7b48a60ca788dd37a2a686bb7aa6c216507a96ba4a74c2c90c432bb77448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0e7a89e223f7a5325284c4dea07d769

SHA1
9f6e6dca30f89490f857ecc0c57279b1fc353c12

SHA256
fee86737bd8f98054eecbfe1938168f3cad7fc3bd14b0899e9768c127d34d479

SHA512
29a8d644ee3efeed6e75b9fac6dc0dd23857691d7a477e6c6d0a69103d19beea02a8c8374dfd994b3be96819f25c5334f510e1eff52c7adf54b184fa60f1f8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4858641b040a01a9949ccea9f9ed9e9

SHA1
9f3176a85eb2233b707e073cce4f8e22ef644871

SHA256
70324e6eceb394738b6ac7bbe8ad4ca77e2753b3ba9543910564664994e253ac

SHA512
701fd87aabacaa52b7f9661770197dab5b0e34c200577ada42aebf1fc661f44b956ed23eae8b49806d308960c0d336afdcb00a380f8913ef7270fcedd9f9156e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a67ebc1cc460e3abbf97da7088dc58f8

SHA1
afd14f85f4fbc22ebdc85548794510b7bd6ccd94

SHA256
6b9a6d8fc7f121c792ce3f3468cc9b7c8a170b024b3f43c577aad1ec5b40a3ad

SHA512
18e0a2a89baf5b614e398c59a7c4882cfd02b8752a452a591969f658d331d83307adff98a0dae78335238c9d58d5bc96512919b6e6a84635114789c8e6bb947f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dbc5e568578c127942a36ee2083d558f

SHA1
ccc954238d0792df267d7ba9d2ff5380d599c531

SHA256
73439b3e341f58a499cf8cdc0a9e58be6ec89e47ed5eac294126f32ef1a0e9a8

SHA512
dc2d43c61f0291309f5732f9f636f3a4aa8d4ca4ab82037e07810c70a7efa299ba8339e5eb902730846470daaac16276c68702544e131631d39eb8ad39919902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
670eb74526e3e5780d68d49edc78e341

SHA1
eb86bc9180220e3d16a7c256d685deee79430ff3

SHA256
a438f36d12fecbb9d162aa689e5ad0b0af5139e55ac816f47623cdedd6e38096

SHA512
f1f78f687679696d5ee31b48ca10ea78ff075a50cc3f3336b3d527c67895c10103e04f233231b3425c610eff9b45ff61f52351ca4dedbabce55cbed46b8f21e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
512c3705e48f270c743e203f8db2550b

SHA1
90aaa489a91c9e83422fd5e416f0c9868213b3b3

SHA256
d7a823a72d51c71fa9bdb757cb21b54f8067180b075e9d466d43ac9090e5f126

SHA512
ad9d22d0249d9054b1d14b5e94a39b193ed236463ccdb283c962cf8804fa6003a2348dffb80b86d811bb810699f79aad36752f44240b40fe5633791602388c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
df31fe0ef4aef191bbd23f873bfeec8a

SHA1
fece93dcbade935facd81bcd98d7219191e7adfd

SHA256
97fc00c1020107518f60ef976cc035106c1cf072aabd4e6d29a2c6f05f062478

SHA512
85b8a84796be85c8c033d1414d05b6b354fa0657a8f230c31a3e574633452ed543eef86b86fc155703017bce6e09326bd7a88eb1e685c88943e23478ffad5217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8ce813460bfd1b76b568fcd57e07f014

SHA1
1626d0d6320dfcb74e655860646b4ec521a302bd

SHA256
85f89422ea97e40d9b9bdf313b470eed16ab870f28593b4b2f191703db5c18b9

SHA512
a9a115cbab349120f351b1d7ed193faaaa0f1bec0cf4162d8a23c85ae44f41ba53534384f90e785f2732fb5b6f7ca3f3f8cfdfc3286ce051010940f33f5ed925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
80c03c5010ad1c46d6afe959d04c28f8

SHA1
d46ce0fbdd42de49ce895b0dcd3a9ae5c9881b91

SHA256
2f580f90a022639f3099f5e1e758f82fbdb7de662adeb71ae9972d1b821d2bda

SHA512
e4a4411de84247d0fa4635d02b8cbdbc7b0ec521edbafad6d08ce9fd33713ba3a98aa4877f9208b34fba7d6f3c9790266e824525cd92e11d6349b110c279c320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef97b890eed27bb91dea41368f514555

SHA1
0e8b55f0023ee02c5e6616f2c957a3e3bdc98815

SHA256
dc7a95605ab3c00bbebc2d034fa37df8d2820e71b836925c00fee9e52a17f942

SHA512
a38b86e32de3ddf1b427a1c4a1f635aa75444b74a2cb5d4afcaa23fa053966a361660ebb96a2854ce76425b00ea0b11bee6f1d3ccdd658ff76af19b4da56a0a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
27e85bb692e62d5e525266d458aa4421

SHA1
da8aad4def91d62e7e708f2dc73e912c9342d3a2

SHA256
de61cadf536c3c87ebde5fa1365cfac7072e19cc4fc61de8fce2c62eec818c18

SHA512
48329981c6172d26170812448e6f88c1dee445911517f99d5a6c56fc47b07090ac9a783bc9c8ca51b0818b65690286fc8e9dc4a4e13ce3c95a68f60a7281078d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
248a303e5dcbd6622f1aa1788de0f846

SHA1
b3a2d6f283cce80c36e869e4883a219d2ad9f120

SHA256
da8a1556d361a6feb5e946df53709e1a16a878eef119e5707c7413c60ddc4a15

SHA512
4fadafbe7fbfa4ce0bef85563e5ed9811bd7d60828fe71618cedb1ad73e1e7ec90879eec201765514f2ba41eab2a625d0765d602bb44b13f1af4b46cb33b0ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7be464adc0055ddbae293ad5d36bb00c

SHA1
7dc9954f0b802594b619180d4c756a4a5ce6e75f

SHA256
3dd963916ea597851581aff048e822617c56e5c76fb7575817b52a70841e5f4e

SHA512
cd570694ff5bcde1ae27d82ff83b1d83289128678c7321232a6353f7e25412daa6782cc58c38d0bcf739212b87ec3b531b5c76d06ebe0e0be8e9ec11af442681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e31ad.TMP

Filesize
1KB

MD5
8628c8ee98c46a2feedea9a7d50361e4

SHA1
abcd80911c4358d06aed9d39ff0559de9091125b

SHA256
91ccb799297bb36dcf76d9578c417b2f4ea1165a8d4aea28bfa8db9f72b5542d

SHA512
20a1a9128868d9bfc108edd8074e5aaf024dfe903e8bb627103a4ae071452caff55580284971144509362c88956c50b20caaaf6fbb813d298e4fdbccbb3fbe6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7f25007da655350a219ae31d9888d2cc

SHA1
b38bbbb272c6a8edd79271d8230cdf3d429e2127

SHA256
88f04c0d6373cff86921d4ec5f1ccb9b1a73ea5f53214f46bfa233351b1503e8

SHA512
8b02e67ec1f1b3b099ddade272ffb3691b7ff1badda3644b21670e06a734f6ac9c335dc42d6146dc2a7861b3647e210b30f6679689292453a193fae3c3ad03c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
eebfb84605e05222e3ad98f4b9f62db2

SHA1
36ddd440df5b2776281ad245a6a57e7a183c09a0

SHA256
4a9b70f7113d5c252937ad9bbfa110031124ffe3643648db3f944111b61bd559

SHA512
90e6f46d36c30783af4032f72beb58eb157849a8197e39945542da8a0c1313cb87e91f18a732f5718ec6a676fcd790458419bcc22c608824416fa6df14bf5ba6

Download Submit