hxxp://jndi[:]ldap[://]59[.]3[.]186[.]45[:]8184/a

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://jndi:ldap://59.3.186.45:8184/a

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{C51A5D92-99C8-4DEB-9CDB-B8F73F6431A0}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3084	msedge.exe
3084	msedge.exe
1476	identity_helper.exe
1476	identity_helper.exe
744	msedge.exe
744	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3084 wrote to memory of 2640	3084	msedge.exe	87
PID 3084 wrote to memory of 2640	3084	msedge.exe	87
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 4584	3084	msedge.exe	88
PID 3084 wrote to memory of 3612	3084	msedge.exe	89
PID 3084 wrote to memory of 3612	3084	msedge.exe	89
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90
PID 3084 wrote to memory of 2604	3084	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://jndi:ldap://59.3.186.45:8184/a
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d78346f8,0x7ff9d7834708,0x7ff9d7834718
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2128 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5429435796264802219,321468751341781953,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
35KB

MD5
79f91534597302cc1cb57ba22ec86042

SHA1
d7ab8f86e2ff3dcab8bc8b598ff6d91f8035bee5

SHA256
9c610df49159055ee3517b4516c4e64102d9d02802d0650616b2bee1e7111e8c

SHA512
52257abcdf612eb64c0b19c9ced84b9949091fe92fe466bfab167fd027f6cef570dfcffb48b922e136cec8d7d0c68a06f3f6ac520416fce5da1c7cd9742b813d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
b36bf0bc042f10f9061a6f5e555b2dca

SHA1
76a0b3e1af74adbd78d75d93bc7bf38d4caae779

SHA256
db2243add96c4820c823ce724ea39b818179f8b3bd35d5f30830300640a5df5a

SHA512
742be95e1469fcf9dd4d3c3a68b9be6c90186f05f04bdc61b9bec4bf20469b1cbe2ca7a2909f661f64ee385837ee31789b98cd6a78fd3f3a1d169ab5d20fb1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
079fbf7c2092e9ef8cf3c547ab3749e5

SHA1
7c593678d4dcd807af4cca9c44db00455dc80ff2

SHA256
284f74177a9c23a6b108d12ad6fb8075abb0bcf904760c456bac9f7e1b961699

SHA512
c65d556076bdb866c39759ad9cbe1372e67e1793e9debf1a8eaa00744f6b7cd7e2c64088355443198e194602daf7b982586f6f028710262ed2d1c4e4a3b03ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
481B

MD5
1345c1981bd800b7676c76a1de3c0f1a

SHA1
91a857a730825981b317222b63ff655fb6b134c1

SHA256
c166a3047cfe78695d25f789ce0666d95e6f6e3b94f5125ab13a219ae2736b61

SHA512
02749c60e387eafe7b52d5c64255be6fcf12363d2e4cf3544d200b6032e0b929e05345bf4b6c68daffdbc0f126407f80398f030a684f5711972f64c8dd49f890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f61c2d00b59f4a70e41f6625188bdb3a

SHA1
5da469cc02ca65e3093a90fbb0c2ead2700c3d81

SHA256
732af0e3b835be97b9330bdbfecfc819b21a14c3a1e2587b92b8c22fe6f89f2f

SHA512
7eb2f3b353f44346bf07b8c4511ab827b64114339acebf7da5a8c493cc48011a3f5f895ac4513a167bacf0fe165bb76b3ac55e6fce10621ebff19898df48ca0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1cc3a91241ea74648852eb87de7dbdb

SHA1
a1826ce21866d40e26a8f8d35fb017f456545d53

SHA256
7c41126b397db78fec9ac367b1e21d3aad98b9a6bbc2621ec968c4dda3f31150

SHA512
fd1ec1a6a84b46de6bcc9a388df4c931f1e6a1fece2fff00d23164d519e77b69c36c671d5566fb82fd81f1e79bb119fbd702d58c4530c0a263207b45bc270ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2973a703b195c3bb029c57b5fce36b41

SHA1
3a2cbc151838e7724fb2b5129e463987118d27fd

SHA256
416798092c5663a1cd6037afea803b4c7782eba5db9d791799d7e7d4ae67ccc9

SHA512
f41ce78c82a1641ad605c1f45dc2452f30974e968074d28d3e6d19e27abc162f820039f75144d2b378f5135e428e4d2bfe790b576591fe01a88c9f1cb982424f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
58c90645a3309b3bc70483c8901f46cb

SHA1
5dd583cb5b16cf87c051e1bff11a5df197aa2800

SHA256
f109fce7ea265764ff783391416ff7ee922d898272582f8709a7d6d315bf4050

SHA512
a1ef71e4231d70bb0465e3daadc0d2b4ecc89833d589c376d6593dc9e87dc2a1ffda8e4ed885ab951839ef5dd1a4a0b61733e7d78789661022f057b4dc30004f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
22a3edb6b1bfefcec5984279c90ba81d

SHA1
8ea4d306fdc219f29c4f9c3d60672ad6472e9f6a

SHA256
eaa8486feb1fcf51f48279a0fc7dd492a90418b49c00164d2f597f595f2ce01f

SHA512
3be007e554fa4c3415754b7e1ca6b5cf40dfb30a2ea0cd6d34f1ad3d75572ae674add70bdeb17ece0c17d62c3f975584de2b09f59b25fd289a3ee107185ab354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d4290dac-37e2-48dd-a8f3-6bbf5d40eb66.tmp

Filesize
6KB

MD5
c055a8c1b30b3de63daa0688a75ba61b

SHA1
f55e6e2209e2aae995026729d45acc5298a3063b

SHA256
de1e6aaed5c566744b57f8c3d078cba00b85808b9948027703b3673322204322

SHA512
ebe8c9863b4f26e6699c481623b2e4e792b7270eca13542d99ae9047635b4c26c5479fe771dba024c1a2fe56e28fcaa17a32edf29526d2b1b2a56c282da99f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
78e2e1b3a38cadedf8012898512e9045

SHA1
b4bdf35cda938c29bfd2f9a019ff8841804b2eaf

SHA256
85b81521820b28adaacaa0b4c625200d5bba087bb14206cbe468765b4c1c42a5

SHA512
21ad06ed24adc3a9a25966c1ce7e9d50b69b6755a343542f12249d13d7ef450f6d88c8421e1a0bcfd893605562ef5442e91d515a91a0e8329ddf45f0cac6393f

Download Submit