hxxps://replit[.]com/@notlukas0001/nysrp#index[.]html

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://replit.com/@notlukas0001/nysrp#index.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
1492	msedge.exe
1492	msedge.exe
5324	identity_helper.exe
5324	identity_helper.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 624	1492	msedge.exe	89
PID 1492 wrote to memory of 624	1492	msedge.exe	89
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 5040	1492	msedge.exe	90
PID 1492 wrote to memory of 400	1492	msedge.exe	91
PID 1492 wrote to memory of 400	1492	msedge.exe	91
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92
PID 1492 wrote to memory of 2428	1492	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://replit.com/@notlukas0001/nysrp#index.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f44846f8,0x7ff8f4484708,0x7ff8f4484718
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12099388112571609093,13886104479864235067,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
18KB

MD5
50c00a6825c7436cdcb6914e12a7517c

SHA1
ed09a9a43f69f243f32f0f9376a2000edf62ac8f

SHA256
f42474c9052277690b0dbf60d9058a8d98d9a826a2cdc475c38c2c662513fe93

SHA512
5ba3465f8a3c99f1e499a0d8f687d6563961df8441c22879f0484d4ca3ce664e72afabf7cff33fdf2824f145ef06911284e8b16585a869d7c390e66e7847ec8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
19KB

MD5
9cb9fc8a29a429b874a8b94770cd30bf

SHA1
b4006e71274b7513bfe7946ae810cc90e86ef6e7

SHA256
ec367f9659d5d04a6df80256a3baf62b25b6798411e0cd5b6425190ab04b4d1f

SHA512
4010d4b6c0dd549226c388d5d944ace4f0d6b88d0a99c7fdb8b66abb685cb633429d3d2a8050a2e72d03336816384d10bbe17773c3ff5c150c555195ac371085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
23KB

MD5
f4abfb8af8990e2340b776217d8211ee

SHA1
ef78c86142e7fe2ade7f4a5e2aa4315ee55b5d10

SHA256
fe69b74e7c628c3ba07b7714375932adc6aa2491120d0d31c45e1512c2f63b4e

SHA512
5111f3733a048b0abf3b7c16c96ccd8cc719e62b4bfd1146e1937752421a369f239dc279d2277be8e398a797cdf8e23ca153b785b3b4806512d72221ab4d9d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ea88f4f1aa34c558424809b04b9a72a9

SHA1
1bb49001100256f499f7e45abad8add04f8074c9

SHA256
524bb7cdb0a183ae5e7898092b63d2dcc65625164a4e50f7cb090346d7fde4f7

SHA512
1344130b6251f684817c7d8da174cd740a6b136c0a01c3ec50565ff2fba2552716741284a142e563ca8237bf37fd2754baccd0715dd8f511b40bd3edf50edce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3f8bb92737e27b8b1cc8ae1f9f6ad166

SHA1
3fdf8196c9ec017920908788b62ab10326aede36

SHA256
bf16e6a0ce21b2718f24b8ea3022d8b19dba4b5c0a42c513ea13e29b584b1596

SHA512
d89f05c7e542115e0c520f35c6467e3d92f20f3993cbdabe6d3d3bc7c17bb493ffa1826043d0e0311d6ffddb260e23e2cd6be48fc7fb5b1a047de3571401b5ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5011589a4001fdd3d8319f71ce7dfc56

SHA1
ff057b2242e2e63b8a8b14ae10fe53e205d41637

SHA256
5b3bec73a7a20095eb034df4521d28c5e99355502aceb112f8926b81e7fdcb9b

SHA512
95eaa3446987055718c716cf0da4bc47cc8dfc8b5945aad92d38845529a8e1093fdb0f2fc62fbcf03fd4bbbcdb5a9eed69895b0f376f8d55640ada5bad794dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
c612867b58820a75431351f2c2340f4c

SHA1
9272f80973b6ecbd6f5ae249b2e97fbb6f6f322c

SHA256
3016d50599345b3ae7be0f13458cc1b93ede51cf7e0d6acd5824504e607cc05c

SHA512
75865de1af9554cf981f5d28651912b2c53cb84b6409852372e40636b2958e8983b97472f2ca2c20914dc87cb492bd02f2157cfae6c23c2e78f1352e784e626b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1a727f783efb173e56bb36d76c88f19e

SHA1
acf28b3c7c997eca6042b5adec86ad5d7ece9d8e

SHA256
1173a57d945af299e636b33ec6b5267c847e9be7c622fecd0a383b41ae82b989

SHA512
65af1686b30b763c1c950caa1fdfc5cd0887c70e1ff44a9c434e1e789f6cb4e275262be7895ba21824a3807a9219bd114ec10810cef53b8c553b3906ab66f7ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4d0ec32a1d736da4fc4d3fa547d9e179

SHA1
436f4ea8afaf407f74c97b3d476f843c253111af

SHA256
65c146417b4b6c348f62775b3e620bbf5f9df2655361defde90352a25b5e2216

SHA512
b57d2945b728ce94039cedbc6c68e265d70c237c061c656fa41e329eb9456dfd572228df59cc9a6d4128f956ab42da1dd7e0893bf528ee6acb8130c34d4dd9eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
115b9b437d70c4b489b5a8a0dc25b59e

SHA1
6edef46a23579992b51389cbbaf8a3b3d77d2bd1

SHA256
9747519820b7c0e043132d4c2e870c1a58a02aabe8b4144030384ecfc0fcdc6e

SHA512
6163c2a074b00370e5116a554911c236e431eef1e21f7d7f46044ad9e4989b32e98b715cfd25ca41ccd977f51bbf079a47040c17cf9f1c4e34fcc4e60aadf8e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
089918e84b1454f41df75008a0cce252

SHA1
47141671a76ddd5d9ca55a0ca8c60d1ae4129a5b

SHA256
fcc9bab91973fc2e51ccac589e3d2d03762975d02aafaf10db5e3c2718da72f3

SHA512
7b89eb5f3a3ea6be5307cd77295ccc1bc8be65ed86d90e4caf1262804678396d3e3c400cf7c5888d3cafc6944a259cc3e7ee27fd4e49367aa0966a080f7c7270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8f2808dc18d793ab83356c7432416677

SHA1
d70a995a5d785cb2b16e960867503f47cb1a8eaa

SHA256
386e7d5620bc59621d55d876e5d9f4d771272d322656b0be62de68c493eadb9c

SHA512
7dfd323304aaf78853a5ebee7a055d3bba342c3cd7dd022425becd2201339b1a696f6b52af0979b916da8244eb35d81184047d7130aaf03168931dd5bc24c19a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ff2ff93b6c8d01fed4b3c89ad0d37c85

SHA1
0fabb2fcde3aeac387e9d4a4797b2aae74288ad3

SHA256
f3323db8fa0a09e329fdd8680ac2d308b6bd32f3d0e349198c10740d9d967659

SHA512
dbf96fac350a38b6346da616db27390ae5b1df28fa53867c8f679b979a4a5868bde60fd5219c527db9c03689dd70467fdabd10f8db031e16a602669009a65732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be256a9e68e0b9a4f259981a5f04df84

SHA1
ca52e24f071b8362b86ddf5ac533574ddcca2bb6

SHA256
37985b48100ca3a10b449068b06b98e849148d41a9dd2ce0694dd8e9978743ab

SHA512
688513a7ac06eb13d010d4b3a76f96a81663d5f991404b8e71d359500d48deb4128e7906eed1da4c6401db7440e70d41ca3511626d1d363f03245cd926bdb6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
60cd0df26d8c0f87ae98314deb4cf603

SHA1
14744a5bf8697168b6e83ba6cbc7d8e644c41646

SHA256
88e8f6f1850b891ad2a97903f3585fb050386a6bda4268fc73c7b92b06bf0265

SHA512
cb433ff76d828070a671d0dcb918d86d14a988b2e910fe8b11aa87d4fdb70b47ab63c51c6d6a153f21ef1f2c5cc9d1d1289cc90670858fb673f76de9b01a4e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7493b0c69144e4469863f53ad4da051d

SHA1
b027dfdf50a90a362792ea244ed02151bb1463df

SHA256
f983b83398b129f8a6fa1ed9b2a1134caf1eab665837575d0e467448f227260f

SHA512
ec5e172603d5bd93fb7a1a58c19a7387e16b4271e8bcce385e8f2eb0d77e5fcbd1dfa34222d4f18a072b384bb7fe98477280880f6f47e67b877cfa14b20154ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\ecd61f24-1466-4628-9ba1-6966d858e278\index-dir\the-real-index

Filesize
72B

MD5
f87f2b9ae0270151327bdda7a201999a

SHA1
baf68da51f6ec3eb0ea6f523a378ee73ee571372

SHA256
6d87b76de251f5882f489458ba742f80672d4daf45df16b43511384376d69ec6

SHA512
f6302f42bee3ecb57e16b4694ab6013622b0e4a40f9ee90c2b067a82d93f82c4923128362599e0394fbda88dc202f0111a9e96064d09fb671b0bd9f31f8274c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\ecd61f24-1466-4628-9ba1-6966d858e278\index-dir\the-real-index~RFe57a037.TMP

Filesize
48B

MD5
a366a49e191f6121b3a7646664f75316

SHA1
e784b9d8f127c183ba9b1841d6f4fa286eeb67a4

SHA256
f47f01283dcd22bd03ea153933a56e47e14726eca74aa769e16c2df9e8f8493a

SHA512
d813499ab5d9f3b53438035e35f6b2e5bb9e3110eecd7c1bc79713443d53985f66ed9294d56694abf05e75002bbe2ce3aaed546854bf8b210e39af415d61350b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\index.txt

Filesize
77B

MD5
ef4f7f1076fcf91c97591dd8f29721b6

SHA1
be1ddb89cd92dff5a49e12705410aec2d6ec7fec

SHA256
683b3c09065df7ae5bd01c589f46b1e3bec913f9fba294d220cdf0882748d6f6

SHA512
dd2d2bdb5485e3b613c5d62aa3b32f747cb9e94718c77857899eb4912d3b174fda47444843f0d5e1de03c5767ec42c3198165f357fc81e429f8889478fd8be4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\index.txt~RFe57a076.TMP

Filesize
83B

MD5
1c9231c59949611f0df555247a414bcd

SHA1
54e60920912f721ed11fded9e45be45bd452f073

SHA256
92073cb04f7568f13d165d7861a3771eddadee66dec1c23dc61548325edbb408

SHA512
a87bc43d566fc328beb2c2f329354f2e009ecbafe8132b214a1a43da86051525f4d745253385997b5268ac526c7f72cdd78de25cbaef129ae6d6c54c3d225149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
6KB

MD5
0beff728a35159b967db25ae7e71d464

SHA1
066c97803868967eafb1f33a9296993dcc13e670

SHA256
aa895bc35ea04303716f1cc3035f67dd3786dd9a0a7b843d7c44f85dcfaae9c3

SHA512
93e334c65e5707c597aa2d5583e36af43490134b30ae2ee8e110d60699bae6293e941bf9b7fb2e7a2f9041af0ae48c38d6e5774bb93238333210d0d336475b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
2KB

MD5
ec3318bf8f77b9dbcaf20823f771a2cf

SHA1
62d0e56031d5ed4ad1ef2a3bd7cc4fb8b670d68c

SHA256
3cedfb1b4525ef69648a99d565766c606570a9536aecccd49e2fffe77b35859a

SHA512
699f35fa38dbac7b4e82f9d5f5051df99fa06353d8d26996c1d8b746c5a1f54d274b6b8b2efd199c24ba5908142ff467d75b4f4f5ac32216de7595934446e0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c10d06c72a187254aeda4829d7d354ec

SHA1
2bb6942846ef29663765f7d6a4257cfa2b7fc480

SHA256
929d23af1e7883084e11d0980d55d96268a6f59ea0e88b53dd4672b27a37e5bd

SHA512
5ee7b21ea84d1759f0b60558a5d9b05cb16adcbc5caa81e2d349ff41f7aee6d3724f528a331196318e20f619ae11e810c4e97131f35fc9782038a385b297300f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579f8c.TMP

Filesize
48B

MD5
edad129e1f3879fed581400e9661d443

SHA1
5c2e36166ab2b45b0373ba66c898d133ed45be7c

SHA256
3d3e4c316c2894042850d15fa81de30f340ecdcf67458c6e7c57ed2999f89d1f

SHA512
3c811dd7339892f71db0c61142ceebdcf1904c3d72a101c3c7d9f58c6de2d99d49d55f8be2f33f11e277705e76bb9371e3e329a40f54556da572f2ccd22e7d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
006dc4df4a2ee86adcb0a9425fad4236

SHA1
8dc38a92e8d0d87b6bf18597e9e4cdf7e577c656

SHA256
68c3afbd31eebd8afc3db4eec83af47d4bbbf2cecc7efded14c3bd5bab8c6e8f

SHA512
b553e42ee8356969478298ab8e5b988742f1d87bd3294393bbcdcd1f046b1cb220109d5154a704558f49f38d37ec9a8a606eb289ab5ce926be8bec0f997c0b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9a77e7e8e1f7b9bea95c33ab84804513

SHA1
a4dd44426b5730772875f2ff153f46f444f3967d

SHA256
85fc721115c471dec2c9c85e8adef24e54dd84fe9faad0f84a733828f3ce595b

SHA512
070759a53aed0fce854bf4398e2cfa16965e57971a13741090eac61b5bb6ad69af0f482986736d03fc207be86cee525a6e2fddd63a88b9add10c28bd4ecf93df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0ab0a99b2c848e17242ce81b6a82e984

SHA1
2d549c7bea3f85ccc5eef0f7038d18e83898eee0

SHA256
0b764cf63fdcae28da0aa4607a40d56895a84474a8d94bf5685e3bd93d4a1e38

SHA512
ca5790fef3080b9d89307b36ee9f4096334b1bde4f5ad9cec7bc9797238ed95fef37a519b336f01df46730cdb72785e38d10354510b28f478f2472453daa52e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
522d1467e5315402ebe9a0631cac59c4

SHA1
66d3d66158100a34bd79f029a57351ba1a198245

SHA256
44f05ce576bb3f752f713b751bf4c2070a472815a82bcdee2cd90d04805ea845

SHA512
bb8b03945b86f45d7ffea808ea9742000ee333357c752ec127e33a2bf0e467a251cb987e9a7e1010d29936883a1efd2b6a622ac32ef49ac2b9de8f2b51679576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
492d58bbbe984d816101d0c862d4f163

SHA1
0245dad4ec6c03c9a8ae6a9f0cbe068c1ef42e93

SHA256
5b6499bea5c33a7d623b58f114140d5ceb4b6a06bdde757b2e8494d55e42c937

SHA512
e9c8a046ccbf4eb924ca5842ff999d0501519a22bbc87840d883442ba2833272057e61aca698fb6f0f1c41564a381a5070612eb96e7684b7d82f9a5cf1f9e46d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
69ab8fe01b3030c2387bec35f6a33efd

SHA1
87db36b50d31525c568b62fdca315a5546f291b3

SHA256
f5effa93c4fcc8e85ecede2a2b3ecda3e9b628392f45fd3ead1f132e50ff3da1

SHA512
0cad985a69c047971ab7abc74be1458c360461aeb0d0c127f5b44059df7a90539e9e11fedb2f5c85e102284ab83681b884752a094036291185a6905dd06e8447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3ed27fcbfb6e690c34953347f055a249

SHA1
baea6e00971d6e4ee831c5f79d938ef3bdd64656

SHA256
d9a413b63cb56d2b47689225baad12e6daf64668f1db444fc79c7b1067354ddf

SHA512
28cda8fe8a978304cfd1b11ff10a9e5d6591a705324433f40fd633384b1c6a4cccc9ef67f27d63f95e3b2ba6469f1c5e474fd84da3cd06d6c5db59e287905e53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c7bf69944a5c934a08f755935d3516ab

SHA1
8ff35f84c43545401d306cd427de75f7a35a79ec

SHA256
56096ef2e22359898ac8e8cb9a6d73be03c9ac9be56b365e4e8b5e62e017adb4

SHA512
a9f75fa400082c98fe99c3ca56a9cde92e4ac1d7ebfc7b63dafd94f34baf8e4afe43beeabc0bce0a6726b47d2340f0287b8758a0ecbef59f9b88bccc7a92368d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6868ebd8ef475d05c752f7a17c03e692

SHA1
461ca3cd25de24f7e7ae86e51870813753d0e95b

SHA256
671b4c027a695a62033a672cfd7a3a2a0e722d0cb0a6022d45938c0eca77795b

SHA512
3e92e9eb59c341557b9f1caedc7126c2d073fb0c0607f042b2116bc4f1ee4a7cb3ee0a7dd80e07b554dfcae0a93c83900bd8e1d1904af5b6913ab2c6345f14e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3c4d4ff0ddde146b331f01f177a39bc9

SHA1
92c7a26b8abf4f8a1a4ea2f00460bcbe3a9a56af

SHA256
9e259f7101b6901be32182939250ea779d720ea55b3f925d0195a2e506135c6b

SHA512
aba39e32e3f4d9f8f33dbb1546e60346a5bd1a4d76794bc68658d507b3c4e21fbe61916053297de4d368bd735881e6e53896e39484b7c237357e58407f4cc322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b8a1.TMP

Filesize
2KB

MD5
147a7d23d8196dfddeab74630aa8317d

SHA1
39c71bb3e5a56feda77ab4f065db082db4d45b64

SHA256
385a5519bd549f6651939b473d250d54dc40c8c1a4dd128ef49b4d2f31b64d4a

SHA512
27c1bf68222b645b5d493dff651c3d435eecf593a9866d765e3fdfa8cfe5d6c1b526273cf22b480f18740b0dbd21c8748624273772b226c17834f0ab71f76419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
88523c12c4524a034986674ceae24ccb

SHA1
e507381ac5522ac798dd4e9d5b077f915873a359

SHA256
7d15d3c5a160f7a06ed670136880be16930cae25f325d0a59bcb9e593e7c5ac5

SHA512
d53914c541b204aed015890ee4808ec1748e9cf18e3ea964d08fbf7516d5241afd0b7fe0061a41784d675a363c733492d845e131149f7ff57d02fe3991cf1fe0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit