hxxp://gofile[.]io/d/LOwlP7

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gofile.io/d/LOwlP7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2177723727-746291240-1644359950-1000\{039C4D05-A85A-4E7F-AE3B-7136B209693F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3384	msedge.exe
3384	msedge.exe
4040	msedge.exe
4040	msedge.exe
4828	identity_helper.exe
4828	identity_helper.exe
2484	msedge.exe
2484	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 1168	4040	msedge.exe	89
PID 4040 wrote to memory of 1168	4040	msedge.exe	89
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 1912	4040	msedge.exe	90
PID 4040 wrote to memory of 3384	4040	msedge.exe	91
PID 4040 wrote to memory of 3384	4040	msedge.exe	91
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92
PID 4040 wrote to memory of 540	4040	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://gofile.io/d/LOwlP7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9e9c46f8,0x7ffe9e9c4708,0x7ffe9e9c4718
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9935157894915500694,15428696754857399126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4888

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x4f4
1⤵
PID:3512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f38951143ede15b2f00d3352e458d47

SHA1
1130065985230474657d5f744e99312f22c69485

SHA256
3a559763ad1634ef40108700025a909cc76ca8c66d6c77f41a07e2ced4c9ff65

SHA512
5376e21235d1b828a0d04e35d26154a1e52db3fe02690fa272ba982da55b88bb0ab7473e6b2031fe8d19798abefec072e22542132b175912b31279cda6f15f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b533661b945a612876de1e58ce73d065

SHA1
d93286945efeb7f33b49f8e594cdb264884c827e

SHA256
e5480b47432d7b0ca972afe477fac49f5fc1e8e82aaeab6401de99045949bd65

SHA512
672bc0f694e763a8597eebcce7728716a09515ad17854fae58d1f8df8aefca152eaabfd637bbaf8acae8e7936309809525a9f058a990148964a58c831d96dc4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
36KB

MD5
1548c5f675f1d1fb0e51d7c1f506aa78

SHA1
4170f4215c2c9ea4eadcf3770dac2ced5e11f413

SHA256
2149403b038e0b92af4544cabd1b5b0cebe5b3caf3bfd17b0a4d8fe96fb3bc48

SHA512
b724040d3d6228f9b08c3f4a94148585ce385ee25af0eb83ccb78edbaaaf4efb94a81e19e27770adc5f34f34a8fd5ef90234e02f25d773aa09b4fd3f13c2664e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
1.1MB

MD5
1f557ae943b3a1e823b56cf9d410e7c3

SHA1
1340fc7fa2cf9fade7bebcc8b4dc62a1686aad54

SHA256
40f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb

SHA512
32d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
6e81f832729df76e9f0a13a467931920

SHA1
b09548bbe60051e96be2e7dc5ba312e68854df6e

SHA256
e36872257ec457d1a2a32a00ea6f97a1867f37d3799284093e58b467ddf913e6

SHA512
b9b0fb1e5a0900173b0bdd1af8a785a224e5b06d997c43742b8861c8437cca0c52d6eda4dfbed8e43f0107f2c8662846be7b1c0d590d9780d707b86603e5992c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
64bde6f92a8232a8733c2242b6bb5388

SHA1
007a5fe2719ba2e484c19cdc3131d8b57caf74ee

SHA256
bdcd30164e588c31f499f3593e8b3b15658c1fd88580f44be1ba6e9047a1fddd

SHA512
58727ccd6d82de912f1aef40c6a5ff8d9a7f7195b2df4595142e82bcd324cc9348ef55ffb0ebb5fab5e1395dcd5b495c3afb01c208ce0997d73715766a09ccc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
317B

MD5
f7882637afc8b3a8573ee92354ac52fd

SHA1
57f51eab9658e1b2125ceb9f2542b238638210ca

SHA256
f283cbe13d4f8e24cbcab3dd49e62a50d45ca40080cccdb55d2b7e0ec2d90ae9

SHA512
25dc3f0569e9e4e01d11b8362e068f19590b4f81dfec23c89beba2edca96436a150d31f4c747622ff9484939ad98bb2e7a0b3553fe7388f49b0d3fb24c4a6baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
899B

MD5
408bcc9188aeb3ad830520d671551bfb

SHA1
132863267d0cc9be4907872b0a3d3d3a4bee109f

SHA256
fb846ec3aa8ee9c6fb44ec22d9c6398b82306d1c5ac9a6c3509557003d498c8b

SHA512
2affc09723f934a3d63b67226f379b099cdc0ca5f8f7dea289b8c2a8fc0d715817123aeb1e61ee3445afd69e015720c0493298d8f6f6e42367fcfd626bf969a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d6920e10ab0c10a6e718e5e83d152204

SHA1
a0931fdf1641b170624a26edf4a2147d67bedb66

SHA256
e68e4580ffede92e197022d34c6dc47ed0d076226aa32d6377d773217c0a05f5

SHA512
95a20fc80fc4bd6bbdbab4717e9ab0ee15b85634ac1336aee510428ec96dd103a029a826241a65b40f5572fb5bd906a9cb508f70589c2af39bb6bf83a15a5bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7f02ebbb87fab1351d0f667aa72d6a7

SHA1
a02edbbdc0ff7816d80587bdffbbdbc7d2570b79

SHA256
94d6bf1a98a43c62d8c3dcdf31f90ca8c95de37f775293cbb85ebfeff27c782f

SHA512
537d13bbb900bf99542aad93241b0bf593466f7cc8fde54db1e1acd81ee628ced2be217b3157a4773ada449ba1ded40f0c9768b56bb64183e3f54eda0a343f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
341130769f99873d610f936b2039a8f1

SHA1
52a9a2877673f039750b91bae27f2e4c6996e037

SHA256
7f5c676b2fdcab46d6ab16a01b0bafc864326537b6c1de519e72de9c3dd8a1a3

SHA512
a917b1fa882fd1fc73838a344a342c951fb0a8eda74443b5338cb690ca5015ba06e4a719f60531fba973edc485e382c38094c45470e061076c830764c98421c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd62abae28d0b283198bae0b29415821

SHA1
4924b62b981aa26b586306d51debb9048f771d2a

SHA256
8e970e4dac920227a812c56bfe2f306a07d336a74212a2ad052c7a01992fa257

SHA512
eab049fa5ab790d406e8e76a305c0eddc9a5bc5e7829a7f4292947583abac9c9400a705c2ed937a5369542e4996ebc32eab8b5e173a4fc5f3be0a88e487176c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f545ce2fb5e663e675e6792015ec0fb

SHA1
65ba76f5d8e1393dac9189b237e618eab991db33

SHA256
8aedb71130ca0a78d0aa9d90b9eeb6e3f65805598dc0e4225c61a1e32ff0644d

SHA512
6a6379cda3c75d3619533b63c31044813c5c39c210b92ac32e12822c5463c1ad04cba490fdcd03a31064a6825332210819a9a398c1d20400a4806e8156f9b263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ba7df714cc9ff0be3adf44436ba2d29

SHA1
f85f7e712b049ce1eea21bd71b6bf7793fefdb67

SHA256
24625510bb877a2de8316cacf065228efc054b85208f0be1e08f7eb803feae96

SHA512
442d631ee11a61cc1cc4223ea7643ecadc72c058234860b9540920cf883483214a64098d408784fc7142f5f4ed2395fbd728b4b2e877230db0b3e9e602ffee3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8e56004901becea7f34b7aad0ea77606

SHA1
f361acc867c4e8a52ebd94a45ff6c0d3cfd55fdd

SHA256
0482230d53f0386c6742e4247a9671a48a27a31b827d333c24e609ab3d7b4293

SHA512
53d956f620f2ccaacffbd12e655683d39c071cda1498a5d562015f5642b84a4a084f9878881b8b34d2fb11d089179ccd74bb4ede1c1f6dd34af91fa3da8692b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
eba8517f3652641367e901d3a54f7581

SHA1
fea9f4fd8d38fa53f21cebbc148d48fb07fe13c6

SHA256
2d7c268095e786a3e6c729a4503a10709df851a8899197637e6d42aa11fce388

SHA512
da857ea24ab0a1f4e1eae0a23c1b50e86c5e4c5781f9cff94eaa20127671ed5b1ed681c9b626366f155ec89e767ca11554a77f0f4c3a42c44cf821654b483517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
2423b14f5fced0ddf41c875d048dcc76

SHA1
7d7aaf7158e84ba6bd4d009327d4033bfd30bbd5

SHA256
eb0f573a628630b36182aad75f97136a8342bf0c7da185562a14f0386128b5be

SHA512
0af01961ffe4461b9bca55510aff8795eeeda2085d2a06ac46f2b91d8e1830f35d4125c06bcdc6aa2d72c2a2757aa40bb5fde8a42395f2afca3476a365f266be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
bcfd8ed375e05aa88f6624d32efcedaf

SHA1
a79c7133c8523480fd02f3ae216da654b002a99e

SHA256
d64d11a1edead5cc58075ef03cb9c05bb61b1d864c3555395ff2a2926313b549

SHA512
60d683dbda05f974d94260d3ba5bda911c4bb46768e2fb8e7f87dc25308d1d040db6554576e6dcc9ba3250777dcbb6cf632853098cb8e556a3c12a295dfacb75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f0be3674ef3c86656c70fe22c6dc6a49

SHA1
4950d650766ddfc963bfefdd92426f41057df338

SHA256
5ff09d5ecfd9270dfb949e5312c361e6981e0b42ef2a94e260f7116681991a74

SHA512
3dcb00c7ba922ed23fb98a98fbbdaeafae9e8d7fd7281e325d95179de1b81d70f5143c5e25b4ef19654f8f8ab71a33bdad69a45a1eda161ba5f813ac844541fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599e78.TMP

Filesize
370B

MD5
13851e5b927303ab17c29a946aba42bd

SHA1
63f8cce91635b1710ffae418cf1e4545c9979bc1

SHA256
d02481b26f8a45761940ce6c2c886c53bb8f3b4e7c867d0bdd2651b76c6adffe

SHA512
70beebf7f6454d2f2097d2a16fd7c37ef15a0219cf2c01291d9c0762f2ee745a8a8a3ed56fd9253c410d358609813723ac7f8885b0d23887e126e004ca6ec8f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
333a34a21b03cc89f22f12f4105a0200

SHA1
7f05bdd00c44052e187c329303f719256863904a

SHA256
66fb2af0e0230c80d4385ba7e7ba707d324f87320c4bd10e187e4f20f38dd100

SHA512
9d75edfd81bdb3a8dd23f8809a3de1fa4bc0efab0df3e07cf4724d5dffe455d47410e993db3303f2ff2b56bd99bf1d3b014f244224f4529df13116df8e581317

Download Submit