hxxp://pornhub[.]com | Triage

Analysis

max time kernel
155s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 13:29

Sharing

Report Analysis Logs

General

Target

http://pornhub.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
3916	msedge.exe
3916	msedge.exe
2104	identity_helper.exe
2104	identity_helper.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5728	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5728	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 4184	3916	msedge.exe	88
PID 3916 wrote to memory of 4184	3916	msedge.exe	88
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 4644	3916	msedge.exe	89
PID 3916 wrote to memory of 1128	3916	msedge.exe	90
PID 3916 wrote to memory of 1128	3916	msedge.exe	90
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91
PID 3916 wrote to memory of 3196	3916	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4c3146f8,0x7fff4c314708,0x7fff4c314718
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16228809648256132276,6601610071967451975,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4620 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4256

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x520
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a8372f7a8241b23d1824de471eef3bad

SHA1
155204ca4b1115b7bb0a39908d85db1e65b3037a

SHA256
334c9a11fcbe6c6839006ed538aac3feb663816133480eba79cae2f5b16f8fd4

SHA512
240f6dc22dc6b507381b00760b7957f62449570a4a6c6cb324ae6624673a81e10ff461848fab0302c5c26931d0bbc61d238caff8b304d16fce213602255e523b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b2895a66eb5a6f8f7a5455ca7355369f

SHA1
2124329343a39778a38cc8ba0fbceca2817c9394

SHA256
eb6b3a3f0f224e90837915930f5ac07c909260ebfa5f15cf723b76537d7446a3

SHA512
798ac602648be49f235fa38a1029aa12055c577c425751b4c4d95d88d7949c1ef0a83c0f09bc418ae919375d6d9328665ed3d9e596d690dbe45f62610b4e49f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a5dc49252c96008fcd3c1fedcbe11476

SHA1
73414fadd44dafab2d40db89f4087ef3fcc6a027

SHA256
5cf3179890cb47c4f549d4424415f1930d6e258aea7714cd064e8f1586a28436

SHA512
0a62ea09baa61209d2a5a073c443f6e98049fa35629f8631fd2afd10fa344f68bd1c43ea3170078fe25b74c0f1ec737ed984cca0da43bc848a08fe74fead0c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbf03403a3735138ac5313d8be0389c5

SHA1
63a52899935a50c3d2bfdc172ca78ce0ec356520

SHA256
989a34bc239023f99ef03be4dc09d3efc12d38c6456ad3f4b2392e0e3df30d2e

SHA512
c3b616c3849366eefea7f5b5c915d1fc9538ef942e8c4b352705d2edc1eea0214dc75d93ea5a4afc28f904964fafda0f76f67c265fcb0bb14c8e60d3fe08a8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c568286d62a44853c311ba097b9d6eb3

SHA1
552df88ad69ff39b7fbe6bbbc01f8e4547361e6d

SHA256
313bcba2475d3c967fe47e3c6fe76ebcc0914af4212e60a357d3182cbf8f42c4

SHA512
28413b9a6f9b64cefcd85a47926b007da128b968981d3f053217f9d80bfd96dd2214b4779c836ef561c520ac3e674ff525434eeeffbdeccc5ec8c0a66ad4d0cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d37932b370fff25acf14b031e22d472

SHA1
28521ef1995249df5ecb3d92bac57dd1608d1577

SHA256
3563b4f0397606d94ff7b69ed411ce676d1b537d5f99602612012bc4119141f4

SHA512
582e9ab59bc806c560ab356330c0c6e75ec0a8b062c645229a19c2c636e34b5d7d8252fd065a76e6fdbc6f48e3119be14592e9692a40622d6069630e900ccda5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
80f4dcc87c1880169a6d6906a0901b51

SHA1
af988f7bc64b581bdc5de120163f9d3380a191ce

SHA256
884c48d56f20bee5210f67ecaace73dfe230d450611b1297b048e5e5c4789e7f

SHA512
48b10809188a294bba59c63c922e477c53d4f96fa0b74630e83e776de20840ced5aab5d564b57d2c0bdfa7f79c0133d8ba6947eeb09f44d59a107640c6d456e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3f715109de69ae567c7a357b2ba4bea1

SHA1
1edb0000b02e97c279d94f45d3d99d6e6d5e4dd9

SHA256
a596c76e90bdd3305b8ccfb4bbeb08e812748bc26b487120c4dbee4f4ea16a43

SHA512
aa36ba1278f21c083449aa47b4012c4db25decbfc0c4a0f71f589d67ac540d91dbc3fb92701d4c8a0036026951053b40738641befbb2515e714a5a576eb37a86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
50567c1d270f5b2e1d2de2a525bbe305

SHA1
a732e9ef7328f8880af65569227b6d6ee73d130d

SHA256
ef57cc5bd5dc07713fb609bb13976d587ff43c7a1e6dd59b67f355ebc5ac1bd0

SHA512
87c10c63f8e05337e97ced553ae4369ec4c7bcc6c40e4499053f5d2115d5bffe11c2c67c4465b2fe105c72a5901fcb796f297fdf29552d793f6818d3c9f78be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
dcd35d69602cb2b61f8ca7bb96af6ead

SHA1
0ee181a276fe314d9a6ec65f57488a04d73eef58

SHA256
37c5676d36eebd6acc247cb7870e494ece5d4ceb7414f80d367c77fd5b2215ce

SHA512
3133ed1ef3fbbcc0b23c0f769ff7e1fcf46379f1b28d16eabbbfeebae677e6ed76c38bce555cb4849a87fa961df6715884d57e238709de1d5edf6f298cf6ebcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5815d5.TMP

Filesize
48B

MD5
958ae1d2cbedd24261bb3216d09e194f

SHA1
2bc2ea0bfb4506aa0ab4b7091e0380605cca31a7

SHA256
06726408b96455ee9d064b414472bd065ad054f2609a9e4d956c2f33707e2ef9

SHA512
2ed742e9be39624366c6567577c4772179528759d82f32af963b448dc98af1deb2baec5f9c248a090bb577811bf319113ee041bdc17140db0b11d1d56ccb4474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b5e1672f1e6ecb5a7992a82954193a6

SHA1
4718186eb512003583bf0a65c3b6527b53c767c5

SHA256
5e47305b8907602a4b6db7ca5aa1a2eee99d54867ed50f4e901a1f5e12f909db

SHA512
094e922cf9b575a439d079a995ea7c720cbc25d09ae5482052d8e1cbfee4d106789d8e62180855f8b00d96e307da34f34478bf2d536d83a13f00dc4162e5c210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
865B

MD5
4b86b4ad00dea5e26f2f35042c7e7bdc

SHA1
ab1c903244d63ffee7e8a41583586f9806909361

SHA256
3824a937cdf6681f77e0b4e91b40e27062d806bfff7a790f3ba8c2c58d1c9964

SHA512
c7391586efef38b4895676a748b61b7f3251616859505f8cf3b05d1c471a1479578d16da93d85a4f356fbc9185f12bda6c9c59e51196bf6920c40bcaad1bf442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
779cf586d7321b623ffd85e604a6b535

SHA1
3343233eb0f633c1ff393ec7db917cf67d1b71aa

SHA256
b38a783856c8a8e6e37f3023a59ffe7ce6dab6d98cf2c37717f3dc6a87367ecb

SHA512
532f415cc324ba143bcf11f4f58aba3fa36dbc04205c0141c8c7a0cb5058841d2352c8c24ce0bbe45c8ce100c5f9beb3e2a18a52a67c52228bc5e91cc631a7dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a94c385620c7853fc33d20ab4e97492f

SHA1
f25bfc8e0d2c3fcf833a57a27391c8bc392e0af3

SHA256
633a234bc44f5c275b2906a781c29d6e395075c311be4811d76e5a1edc012b30

SHA512
7770e29f3b89f9a07ac85b4cdeddbdd87f2049922d90720725311bdda958026f82e8a6f0e536d0d73810c85df8a18f62286d701e91ccbbadd8762232d0090322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c3afdbd76b84fc0cf7e25ee592ae0e5

SHA1
44e035edf59c9aeb6ac69e3164ae798abf7cefca

SHA256
762057689520c5ae0028f0f686dffc1a6bef1c5a9eb41b778df944d9f7c8fc4b

SHA512
7251a9c0f6f37b1840887b7829b80d050689c20dc1127e14a68d6ed2ca853aeac052fa79be49a5a40b7fb3f68613d169c67adafbd01d5a2a54ac8f900ae89678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fccf.TMP

Filesize
863B

MD5
19c8f02f7c69340ce8d3f926a6828529

SHA1
adae99e14940331554842f4e6c2aab03c16bb77d

SHA256
2bee518b8e145cfc8ef6f05ac0d268b050f21fd54578465b9b0bb13a63b4f211

SHA512
2eb800cce7d0636ac122730733686400f9f43aa4f389e74fdff6eb5a5a4acc665796b2fa3d10e1ada31ad81e22dbc431f61350e638afb6799858f8922f21e239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d298a81e714840123093fd3765832172

SHA1
5717c44fff06f3aa4919a705bd8f56fc6bce2a6c

SHA256
193215d054eb0b9aba17a88c7fd0be52c127899987073fb61de431ec9c5621a1

SHA512
a17eb48e1498c11de425d4d9eb3cca26051b5ae47cebc64e9de4ec7b1669f76240d389fba537cf490fc6422632b2d7bdb85fadb417d151d768d9bec367cd7cf9

Download Submit