hxxps://pornhub[.]com | Triage

Resubmissions

28/02/2024, 00:03

240228-acf6lsef34 1

28/02/2024, 00:01

240228-aavk8aee98 1

27/02/2024, 23:58

240227-3z7ajaef7y 1

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 00:01

Sharing

Report Analysis Logs

General

Target

https://pornhub.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3016	msedge.exe
3016	msedge.exe
3284	msedge.exe
3284	msedge.exe
1920	identity_helper.exe
1920	identity_helper.exe
5632	msedge.exe
5632	msedge.exe
5632	msedge.exe
5632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4288	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4288	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3284 wrote to memory of 2280	3284	msedge.exe	48
PID 3284 wrote to memory of 2280	3284	msedge.exe	48
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 4704	3284	msedge.exe	89
PID 3284 wrote to memory of 3016	3284	msedge.exe	90
PID 3284 wrote to memory of 3016	3284	msedge.exe	90
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91
PID 3284 wrote to memory of 4720	3284	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornhub.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff283846f8,0x7fff28384708,0x7fff28384718
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1712 /prefetch:8
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14106955962803391647,8612139023290255598,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2516

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
26KB

MD5
bbb30064cb1c8bf63d154d2634cddec8

SHA1
2b09ec6cf4b33a6267c29616fb79b59131946836

SHA256
d5e466ab27ef46bf2481c0f1af65bf32fae101614f590a379bc7b23f22bfb2e6

SHA512
d99d41649d3e1e8e53b9105ec3a3f33a4015566d861aede543ef97f0be5e273ee1d1a5c746c67fba5933988ff4ca3a0078742aeec3dcd7688f02a5dd023de4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
63KB

MD5
75ea1ee4f80f929ea88ee7b91b0bc2a0

SHA1
ce9535e76f9b53fc13950bfa56a24dd514242e71

SHA256
0f377ca6a913016b09a43d8c0aad93eb22a35692bfe6f9b57b5e799a5f7257d8

SHA512
87880d234f045214009b0676f341320ea7d4130e304a1761d2a2d908f5abd2f4486b544038f960897c605133f5da595f8200194b97d20ae4c427f2b679f506cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
72KB

MD5
72caf585e29fd2b28479f3d6ed5848d8

SHA1
47d11626a071d5ac59882ee8e1754e7e110acf02

SHA256
1c351619c3ddac884b7ebd928fc0cec855b32f1369a26fdb20b85ca0404a133d

SHA512
5c0432bf4ac55195197428f37b799ddd16d11454d2f151f78b669fff249c9cb5d88c279676d4883544983290cbea052b7c004e729c79820ba9bfbcd367accb1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
90KB

MD5
34dfb4e7f9058222ea1d93e44faa95a3

SHA1
75535a351de8150437554466357bb478c1071d50

SHA256
62a7b3fbf01bc91cc4c89058ef6acb2356314f2213427e42b9e419773cf3c083

SHA512
619ac43126d1fafec829ba0d8b11c50a066b43be57b344cc2bbe5dfd036cdbd107f9a06774605901c8be13886d8bfd29efb2da4b22aa3d333f7012da20a2dfbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
116KB

MD5
a705cf34167268148a684f4688f0b200

SHA1
17ebe780689282c3866dd5f9a7ed4bd8207955c9

SHA256
8fade043d636575c152e4e6bcdd956c1eef4290b344cc8a12367bcb4e5a76a5d

SHA512
d8a176d985e03a0f75d4c95456c4a01fde9b6bda80b371c59bef08e5e5714b343d8cf7cf847addf2c24f45c3106e7337cd3299f3cefd40dba278af66af1cf7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
107KB

MD5
c262df94621dfd81efb647148e9b5188

SHA1
239534a039b19f0c2e746949fe70cbb11c3f4a1c

SHA256
f01e9d363553510bb6a9f8438bd8e0567ee6a32108499fabd9b4a0f6c3af113d

SHA512
89f4d64c0cdd9ec89edde29d98529bd1a1736d4c91acd9f0e551350ae88565ddd891d7f87aa5d93f078bfc91acd82b466a25f675812c5cddbdd71456b60d8b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c2778890b82a8f215875e29814e8462e

SHA1
7b7cac5055ad7ed8fa84109ca359b8d6224d8d80

SHA256
e7238f51cfcf67da066ce94aba6e22f58049ffc41c4f0c43c25c2709d295788f

SHA512
022d1dd5cc4184b2682c2f4d9d50f5814b1f04b4edcc236f269b89161272e7be1aa5d40a4fce54f2d690eb9062d4c308c1d4bf50ebc7a8e0beb13fd22ef89aec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8293b0c37c0315747d54b84d80cdfe8a

SHA1
3b79fe2f7dcd957408d657736da668e5d5fc1b4e

SHA256
55453cf54390d4c00d60cab6b25260850b6aca3a3109d26616371e6adacb123b

SHA512
38451213a74cedfdeceb9ededcff9ac91a1c0a101eeaa1243e2709441752836ee2bfecc05be019b74b50a0d249af79323e3d188cac8bf50f9658acd09517ea49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c9a3359637c97960b421c30c0f140025

SHA1
3cc0336d6ab948a0cafc12734440f1677a99e358

SHA256
606e0d8d9e28cf18e81fdc1363a73b3088c68d952953274e5f860fe99856cb80

SHA512
0064cac9a0bde06b563671e7b53cd047bf3014bdfb87d55893fae352edea15f4f37f8f76269cce71b45048383cfb8679031617668c083357c29f44422c35147d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e68c217f600e07e7e426f3d4f960e04

SHA1
fd410a706f4d6bae1b52c33c2acfddcbb6ac63c1

SHA256
115de961e1c2623b382f6cd267034f48ad9e5a4fd1d675e320ff3c182318ec79

SHA512
ce896bd07974a0cc070eaa8290b86acaf73282d42d3869cf1e37f3e344ffa387578414d8d52c144f28738284dfe6a97473b7caf5c0368581ce806f5b2ada08f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d8e4d38c49cef7d56887a78746c0d62

SHA1
efb981325226fca05c01766522becffdfd264d70

SHA256
b1e13fe7a9bc6a64da0ebc1250239d18a19fafcc4a9c39f6e5f78e52df456b92

SHA512
cee75bcf5579c1d955d5a30f447faa385cc4032cc82002b5736f86693cd0695353d7c89a17b9d4182f37601357b8054e4b0768f6da394974471833c2a71641dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4eb2b518aa197803782a6fe3740433c3

SHA1
f8850953f8d44ad110ae9f028d0e45e18bb1f48c

SHA256
9b830838b9b502af4670d500310a1ad9e476fab4aebe038cfe4ec7a2a856b82b

SHA512
28b6c0512a95f2642a597df437deff7aa1608974e7618496f71898b14789986597e694be0e28e0f450a7c0b7bc068d56ee035932ae6e23219780cc203939f808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
22a73f4eceb5fa73e5f148d98e058385

SHA1
aff01058a296f6330cf2dd3286eee65ba1797fa4

SHA256
3fb0be1ab8f54c033897ef0891c8fbbd8ab58e213764bddf417df1d29f5531cc

SHA512
61c38e37bdbd97176128408f2b6b8b7a0734c7e42ad881393cbfffbbeabd5dd7103de25c5604d8ce9cde7279d3c56e4f9fa9a6539b702c6f3702a39f679dbf17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cf91e4115c5512a647b6a4a545d84b16

SHA1
97be30d486a851991ccc98e157b804ddbe38dcb6

SHA256
bd62a65c91f05fd0821e70a1d9bca13786388013429dbfd2ccc46e48e0d26ca5

SHA512
56dcef781f850856b8c70b5f5ddc2514e929bdaf8d1e0a3b83a7e803f985dcf921235df995bd4dd2872b7dcb54b69cc7e4f716c8a783b66c98e622ca95edd888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
cbb2c402e4a2636aaada1bb2d8763d8d

SHA1
238d5e1ce02596ab0b7d94f7d008cf5ced948d68

SHA256
528559378a83acfbb584666ba5e7ff1ea10c7e6dbd4b78cce9a947b7eb535d47

SHA512
dc848a1018c418a9af607688d1dc061b2d11aa375d7d96e8711ac4b5a1db260c6d08268a46c15a029314d1740bc093dfe05ef0761312e26f85ba3188973072f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f7ed.TMP

Filesize
48B

MD5
528343b3d40451cec40af2c42dcbb241

SHA1
1763b689ed47abe0298f5fb37f1835c85c7279f3

SHA256
32c52d93e016a74187ad53232896d2533dad36c5b9886a35b2c5997994912c7c

SHA512
eb7af8aa1f0f9401fe3a8b9eab881bcd4583bc7a5b24f6e5a45ad2f78770a100e4f7d5fc22c12cb9498354a26d23722709fcf04e41b4a6b1dbae5b1168a1701b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67de5a3e2caeaef376f5d34c06188a5f

SHA1
b6704ad04319133a29b5ae03afc066ebbebcebdd

SHA256
e5fa72961ec868c11536fea6b7881e72396126f0483aee8fc8decb51c3284e46

SHA512
4297e6cb6538544d0929083dcdf2717aba444f95885bb8a311198e8219803b36bfa6f827b745d8823cfb3f3dbc11a431695eec0f4ed457903816052142ae9455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
183311ccd7ae99f256752cfc9199e9c2

SHA1
5e95ea1d3e16d3501570873a2ae10966f98cbc7c

SHA256
f2e6a2772be5302c529ade9c10ffe497333c7cd95e71f9c99f475356a3b47861

SHA512
4ca0166fee7c698e95d2af5a91344e0f5417075fb4562f541346b4a219af10f182319c5849643310a87f73474d2b7f9141f416e5bb2fb2fe278aa3acdbeab44c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
38f3c4930439fee0e4072153151ba062

SHA1
2d6aa7fe0f093cb936f366372ef26c392d5b4137

SHA256
79fa08e6322ab3c7b774db02fba4ae5bea746a9af360daf7b52511db944c3b2a

SHA512
dce8007a615d4127d3f134c54abf149a20f1c902f36b177285dcf0f11d602d2a1e09c55398fce6f55d5cf6f3734d0359f66f8b2d50545338002597457734b143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3a63db347291797739e466c7cd915f68

SHA1
826111ae149f512c3ffa9cf838f79d2d08439da5

SHA256
26117902b5f4aeb3febc736aa488d4acd72488320964209949a6d90dce0f44a5

SHA512
c939eca95530febc1f09b024b089942db1e37bf2bf2cb9c2d149b0531cdcef4568d1ddb2b9ffcaea64f5a146373415a4e14e310edef920e7fe3c208f45ede66c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d205.TMP

Filesize
871B

MD5
dee4a29b3cb08ac19d2eea1ad3c4284b

SHA1
f3b80e07f0a0b2b428d2f525791f1e83b1df0c0b

SHA256
9d2ea711003d98a7f1932670476cb0e8ea9e6a9f8f570a2e52dff8790a68effb

SHA512
51422f90728f96851a4dbded622ed4daf01a9270496472e0a2674d8eacec42ed388e62f1d0a4f17f50c0b5728e7832ba7f7b385d44b1e88c911a2b46336f758d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
76ec109ed6958fd7a09a88eadd99eda7

SHA1
efc1e70bb853b901dc585e2ea07cf128ad82efa2

SHA256
7087cc5bc5e01196765f4717eb4a76705a0f2aa926a6acf5344bbe620197092f

SHA512
6a74c4824cf7cb53e1dc49a40444e342eb2c33be68c5bcf06cc63b4cd1a774f1091b1e6c41ab8e55fd2b03b19a2bcde3afeadcf9519aa810b9e0f7929877b5f8

Download Submit