hxxps://www[.]metodbox[.]com/

Analysis

max time kernel
402s
max time network
404s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.metodbox.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1796	msedge.exe
1796	msedge.exe
3280	msedge.exe
3280	msedge.exe
5004	identity_helper.exe
5004	identity_helper.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3280 wrote to memory of 4996	3280	msedge.exe	86
PID 3280 wrote to memory of 4996	3280	msedge.exe	86
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1932	3280	msedge.exe	87
PID 3280 wrote to memory of 1796	3280	msedge.exe	88
PID 3280 wrote to memory of 1796	3280	msedge.exe	88
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89
PID 3280 wrote to memory of 4520	3280	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.metodbox.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xbc,0x108,0x7ff9e1b946f8,0x7ff9e1b94708,0x7ff9e1b94718
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5484 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10442373795209009757,3753439594178403367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\40ac588b-c76e-498b-83da-533003b4dab8.tmp

Filesize
1KB

MD5
43744c541606912689b287d34e13b2ea

SHA1
d523dd9a41876d6f1e1d1c60afcc09132c71941d

SHA256
df60c518a779d9f8b769844e7ff7f0be91a921311888b06936c476e51cecdc1c

SHA512
abf1ba81261d4489cc2338c69b7d720b0f94658580dc22855f5bf7445e8e73d98a1309abac86984c4a36adad2ee5615fe36ade64d42589c7dfb048036e28fbc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
53KB

MD5
38442f0577903d8e505a179ab7a7f47b

SHA1
c3c3327c7297ecec908edf58d4432f92e15809b1

SHA256
42ceff69f1251a683fad80e54466ef0188ab5e45316cf05c8992e37904e05288

SHA512
5da35b882ee9a333021ca04e5e27ec5fb6e949a18b4c3c19c20865de0537050f2f480436d843b7ecd61f82ff201df594687db7658e499fca1fe81619dfa38cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
92KB

MD5
97ddd88bb7768494ac99e3f28d058544

SHA1
8601d20c4744552371ee815dc0f89547ae5c7333

SHA256
07d41c87fd07fbf85bacfedf6be9f60f67c535cf08aa362af7ad777a25d9a3de

SHA512
e9a6636e1d223a87889ea59812e4cd06b601a9b18df0ca2e92bdf1b4fb7095a3d39fb8333c7afe6701dc7724317b65df0836bc0d4d36b08809c5d5d4e82783df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
19KB

MD5
521d2a2b01bc9f8d554aab71f835ed7a

SHA1
61108f12674adc8bfe9700cdd034db531cdc88ed

SHA256
4fb1ea459c2e55876d46f1f9f25f37633696242b502dceb7aa97798bd88022e0

SHA512
32eca8be09e8c6434010569282285ca2a4b06880f45efc19602e7e875e3deb5686ffc53e87d0d1ef50aa98a76a7cfa9b16fb4766c8a4456a4d0adbc248be4068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
48KB

MD5
c0f37517e206b752a65c0e828267b1bf

SHA1
11feb7745af432554f56cf2a28f6d2854a912350

SHA256
763d8128f19c3515cbd6f96558b9b4284fd3bac42517ff979d55b0508090ff5c

SHA512
b44bec5130f4c73e2e84b18fcb3eb3cc1e6b8c927dedc6de7fc5342b23cb7e93c99df7fd7077aac79120b7497443e98e9b4a2ddfc912a960aaa3cbbac583fb1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
92KB

MD5
79cf0ffa023d3c033af11a706a3dd03d

SHA1
97eb1835deab4e599a6cc37251506c923c391c92

SHA256
327c9a6d0135d57ec0130cc54a1dcfedc437e5b9d681785b86529344999d0af2

SHA512
323bede0e3747d14aa5e68dd479d2d2e28e5b1c864193a7fd79024ec4e7cf4a030f04e4fb45a77c2c17204297437f024837161a6a28a01dbced79237e7845b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
60KB

MD5
85d68e1f6437df96778b0c6bc5490e25

SHA1
a3a05c184dc0b59197205111a061501f07fa021c

SHA256
3d31db050face1f8c5bcb929746138443161731a75403a1ec3f11160a85684c4

SHA512
13f6ac56b204d8704e6a5be5155dd09be57fa9daf17599a7260fbe8d1b70bff0ba1f9a5e05c36dc676630739e299dbd5c3f38baa9c397683eef9443376f3560c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
28KB

MD5
6a1254d7c6fdde05207bf32a2ad52247

SHA1
0a15842ad1093456d07d76fb6bbc15a37626504f

SHA256
1b224373b1afa7ab2babbb513590ae2a23478fe3724d8cf4bd4d3a92b638d183

SHA512
cba0699aa934f82b71d7f501c329be8442ddf3aba23698f9371f64e9c4e0a2bf6e7784d72c96a53711fa32fb63c4ed39d8443dc8d77871fd4fd6cf81fd5b0996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
31KB

MD5
33674358ce9ad4ccbd70a28510c784c3

SHA1
6c54df85c451064374cc1560063d1fd48904867a

SHA256
dbcf0d7c8181a278e689695654ec25485070953aa12b5ae90616eef08954d526

SHA512
dee0b21bc26690ec5848c69c778f3a16c35590505996d38ad002088d0c6c54dfd88cdeca9a2d26c14cb2d3428966545e85d9f63ce20215d79293ff711543c091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
741KB

MD5
ae450d3e5be7cabb4993b047e1206d47

SHA1
9e35a8ba7e409133e5730dc0326e8ede9d43f807

SHA256
8b46860482fe324788f58abc0b7983dff326e9ae8aebdfbdcad9bedf1c4219cb

SHA512
cedde289f3abf64e0ca80a6485553169b987bf5e3f980541ff682318e9b773fafccfd68437243e38fd6e7837f0e75e65e968dc6beac8f0863a28b7d3d872617d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bcffa2c6edfbc3c3d2a290df31f85960

SHA1
a1b4aa2edb32824121d25e69c2ab0fbfbabe74ca

SHA256
fa17ec89e9ceb451cf5f2f38c7530638ccd2239a282842afd5e492e8b286465c

SHA512
d2e3e7086456f5acadc279d19e88e71186d3f4a7723a0f2d951aba38fd34d09b46068080797a4a57aef4ed81069a3bba9d4e965ed7b37fd3c0a1208d802596d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
83414463e468ef27103fbebee1e371cf

SHA1
7acbc68264594d31020b9c307133ae675e04e548

SHA256
fec0e3bb3744b4b3244f7390429f5032577510f18d6d3e216be828075266e45f

SHA512
cefe09a2801ff3862162851d66db718912d61e76fe32cd4275b88feca61add7af2f39c1215ff8815d420cb172fdc7461049a64ce56250aabe92eec610bca0762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
544bca80708165447c3a59f9a442eabf

SHA1
84e9be2076218c86c416cd782cd4139dee0c4689

SHA256
4f5b5e749d68b22fe2dabead8e7d1db452039f4f6f9c3f514b56e5f30a78df66

SHA512
503218a1a1af7ed693a119b2f6659504c0e092ee62c0065dfeec96468ae4020eb60e9c8b9fbf7f075961fb015bc79e2da6072148acba73b4f3928939cec520aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6db56f7f9868da52413c1af6a9e48ed7

SHA1
ebac79dfd598a109f00f76ab72a5e6d608358819

SHA256
5359838b66ec89462457bd3e6e1ba5752f61bce365516f96fbae2b300f7fae97

SHA512
8c4ed0cd5fc5410896a84dccf05bdeaec9c476c5eebe18702d8fdfb821cca1c7569df13ba22a7451b1dc89da06379b7639b6443a546eeab31bf132ded2fc4654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d845f52c1d9f54ee3827048008586c1a

SHA1
120feb5082242f9fc99c566f23fda73ca4d0297e

SHA256
fe3ad1a46c4f20aefa925b04f3c81cea85dd22263a76f7556dc98f547e1c62e7

SHA512
f1c0204d7bb6976b38f5231f9533056a23bdbdda16969ca43699d5f274d4b40418c3e7a39e31608fc687db64f03d28ea1bd9b589e2af110240f5cf3cb0bc6994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
98e616510ad310009a41e2cd9f1db4b7

SHA1
67013ff4be80fcf72462cd721e85ddb785336ccd

SHA256
ac5e0cd90ab239873f61e9dc1ce889a6a3e044e141c2ce2ac739e0e58f443b8c

SHA512
da0ca459c233814aa9527d217a85b4450c5409f0fb25776564fa4b25817bfcf4f1ca514087d72495e1ad8460ec61dd0b84f3a8cf53e5b53e801e05011eddb086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
766da3b0047ffe88296dc8c330411df1

SHA1
2d113147213921a6383e380838156585c7b2ee18

SHA256
aeb27e127f0e49ffc8729d35ea89f01ea4371a2372a2fbc1eb4114266fe0b6e3

SHA512
780663ed00c01708f75c9203fc545509fe185a8e0500ebb0a73296e05191ef4fc77a1eeb43fa101abc25c8fb6baaa6cadd59db81b24a3cb2391d079e30c1d187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55c582c81a7069c3ff316528cecba279

SHA1
55d34792558d8f24bb39ae3064b7654ef7f518e0

SHA256
57b5889510344f563e1e22d0c41fc6453e4e7cc49a311e447366bdc3ab53b696

SHA512
abaf1f8adc584371b33ea5a4f6b18e045fad5ec43ef08f0efb97797c736b77cdbd9be1e624ae8f357504d180de7ce5732169ccca9671945be2f5a119e4710295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fc7f8e628168d11bfebe2117ce53c63

SHA1
07dec643f1645f1783e7faac25df5f0a79fc1d9e

SHA256
c8d55bf5d557a6d6fb0e17747aeca793c76e06a8f7063277e2dbf4e3631b89a2

SHA512
0391c98c9d63c36d3ded194125ce4314d7a572e83f75c96488a7e8d45ae51e3d0a83b16374077403ae8886bea75ca884656788d71a123ec969178a43d683c8d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3bf2ff263e0fd5d46c181199733a445a

SHA1
87e6fa4a6832a54d520bb02263c266e59a0f9645

SHA256
433a59836b236eaade5169c25ea6b3cac999eb18cff0f6655c074547c2ebcc46

SHA512
733be59565e034f008f9bf373d3d2e86d4b9ec4deee89d7d413bc745b6f48277df91bb8fabdd61b32563438fdf3f468e7722cf55559bce29fde6fb6539f35455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8aff087fce1719d6810af2ce20fc6392

SHA1
b64fa027a5581f7d0b07887fa52582555b8ab8d7

SHA256
199c0ea60b6619d79e97849617bd2ace0660d88552f599e70aed7026fb221d87

SHA512
132d0d08ee7c5a72d332196d53cd7041eaba133f47b6de664a62a99d794c0b82c3e04db45fa6791db80a9de81a21a5a2a4841cb4615d04b112d215055ea3df61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1768209e1d67a058e0ed09f04c96dd9c

SHA1
ef00da6cb3e262c06597c928fc1b7febd389b4a0

SHA256
a410327b68f74dc99d7bc3ce1013aae4fbc48590bff41462f73fa2862d3c2948

SHA512
492e21260dbe743d640ba734eb4832a91636f6204c8c55a41842f73f5dddd847789fb657dfda61d746c73bf41611bba42883528783b540eef4c8c0ec0d3f13c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
c2f1e46fe14d4f4c9814436b02cad0fa

SHA1
95a9ee4598cbddda320cad6bd667c9bb30debdb1

SHA256
3e3588f4891f51811ec312b5469dbf61ad5d73e1851044d638032c5570e3afc8

SHA512
4a6f09c826cd5420cdf4de8c0ccd72361e97df95848a6b1c64ef3f34209d472b161110e6eb79f113bd43d812dc28695edddf35f04b3d4e015fcbaa6d0da1f05d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a7447.TMP

Filesize
48B

MD5
567b0a5d6f77d71ebc4361ac9f721c82

SHA1
a3e8079e1a404c1ae919265184be42822b328f3b

SHA256
fd80ab17122e4a3ae6b9c894148cd01dd03a5b600763e7b7e1d9c81449ed68d3

SHA512
89ffe1ebfc3a40c68e0fe16735a1b87ad05981b6517d0e35f845d0f4ba633076055cc87e9e614287239d95d5a2f16f3d9f50cc40423ae3a89fbda9fc8beee4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0462c73c9553c9ad6a258941a58d9422

SHA1
dd07cd329f3f0177f36cee39fbafdcd4af5c3f62

SHA256
c7e1183557eaef737cd009cf6cca26b8b71afba62abcdc342bbf74369998131f

SHA512
4197f2f743c2f0c98098b3a6b2ff69ddae033017cf852f2ece68744d1da0dd21c56c2afddffe4f82f5dca3b71a8e950fa7bc55f6f45330476f79ae3096f8f4b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
860ed05133a5eae8a4390f6e1d74f23b

SHA1
dc5b96644e521fcc5274a6a2c4e05ceffdae2e8a

SHA256
0474dd8d46925023a8468595659a5372cc24dbd08b8e3fbc24547ccfe23a0ca4

SHA512
1f16fb6458c5158c70c3189ffd64729f096563290ea46dfdbad1180bc49417817c7c5c84dbba228339388414b62ac44fa4a69e7f623174a0d28aa029bff00aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ea4c6b7397e0b46c512ae7c3dab7bdf

SHA1
b89eb9e578c7ec8934c90c00475ca9ddfe2c682f

SHA256
3c268cc09af919680906b2f26690e61ef558dda597e57486f797a90eca4968a2

SHA512
0f03bc7d01440a0c1263e7a7b0b5f68757e57448d98b9e7873452f119e839c3946ffbc5040862d57394dbd57503d61943554153c0bc2d285b6e3c9c51adf1b8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
df7d9b12ba371b93f95012e1ad9cc10c

SHA1
8e403a5faecbf292043514d7d161e5bd4de1056e

SHA256
fa6941854b735bac234bbf4706422631fee7681dcf6cd401c61a2f0fdbcb8e19

SHA512
6d9ed55e4d70e66095533abc4771fcc99be6eed4b75f2d5c455d5f8355e5a8a15567d370a12cf8ab474ea2f286e81be60046e05e9bc25e084eef8f0e693a1faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b6c4d903227f8fb054ca1f10f46ffd4

SHA1
18cd17094e2ad5087b1e43aa048c673413ce99d4

SHA256
8f6242be7ee236e78972f40a0c50f69bf537c1c8ff50b3e774968563a7573f13

SHA512
093f7eb6abb147707e80b3f990911ddc04f1570d79d2d1f31e16a67a428c311971178ffedaccd5d5fdde734e1a5c6992d36d16b09f1b58ca5c0415bd0c03ff0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a13c8.TMP

Filesize
705B

MD5
467775d07154f423a90caf1b54ae4c09

SHA1
d5480201051cd5206d6657ca8b715b9adc3dd3bb

SHA256
ee5786aef01d3f10df0fff8893b9cb25e9c813661bbcd6bfcd69278f4036d2e0

SHA512
1152c3282f3585457aab18364fc80dd2ce773425bae06f5b5d684da56b0d37b63a07a63047116a79d87876223a4d53d55caaba2e1c7a6629c99eb3e276dc5e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d85db9ad-9a8e-45cf-a415-53733302999b.tmp

Filesize
3KB

MD5
950d22036ca0cbffb9b45928f736e902

SHA1
d7b876c6bc3600580016e8899de8b927eb5902b5

SHA256
70e7579003bf99ed266ef74ad2e5104b847977366e25adebf2aabf4a87a3e915

SHA512
e6de380fe55cc2fc6e33476ef41aaf7cb9b40f1fa3fe39d5a0ee9492126ef2d89734c9e6e8640a9333b62d435582cdc0ba49a20312b2fa3ddacf868d43e39b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c78877af1823098b614c06412976b0a2

SHA1
5c02face0051924903f0a84e9a001398ade24991

SHA256
0c2bba6cd86e7b293ef5052f52a29357e5bfb5e0ac38fc3e8a3e86209847d5c2

SHA512
a5d083ae11864e8628d367c3b4f92052aecb8d1d1236a57e9ac74bcfe0f8e5882db21704b800cb4ececc5eb45df9255fce337383671d9704dc5ad73d7c425d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
12cb04bba418cd41dbf6e8bf81df4fd4

SHA1
af7092aff5f21eb03a1e84ffdff3b0a1f300d7a4

SHA256
9b8f485852f3aea912a6a8a649fa9a40b0ffae9132f4d9140e0cb467d42447f4

SHA512
f75c5c4c9223f0bb3a3777ae579c8fc314546bd9e63b46642aa4c4bb6bf9a5b9afd568f3ed2c440950b2ceb9d8aa7c2e7741d58e287fb5ed892abc09dc34b4b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3a1bf43928450159bb8dd4ec1a9c032b

SHA1
4a9083eae8b85a9c85f105555916ecb2f9b740c6

SHA256
06bf69131d5501dc40e5be6f719883ce99bc65d120de2cd1f330cdebe4e838f7

SHA512
e1c612bdf31ce046e4bffb6861c88d5148377af1d6565ce09ae56543e881bde1fb328725d4e145a203bce8600cfc9272699367e28989b0712f16b5fa1fe97899

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit