hxxps://d37hm404[.]eu1[.]hubspotlinks[.]com/Ctc/5G+113/d37Hm404/VWt2BH2rQYS9W4Zplxr3jM8jXW4HyYrL5cZrfFN1RGL-F3lcq-W6N1vHY6lZ3pQW980n9824-gt0W3m508D5q-lvPN8q3tgkg0NxBW7HDN4-6qjVzVW24Kxm757c2C4N22mstWYfgjZW5rhjL89fTbM7N1JlcL_tdgyFVtMrJ0966kYJW3wXbxX3kN4B6W8VpDSm1XVGYZV5Cdh54n6qF2W8GCd3n5Lwz8DW8BXVKy1n0hHvW2yLlj617xBRnW92Tsfm76wzmLW6Vmygh7BQfx0W8Jlrtz4tp-WdW588b6T6682sqW7b2NVc8j71-sW5t2DnB35l-dXW2yFNFs79XNcRf7CsxWj04

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://d37hm404.eu1.hubspotlinks.com/Ctc/5G+113/d37Hm404/VWt2BH2rQYS9W4Zplxr3jM8jXW4HyYrL5cZrfFN1RGL-F3lcq-W6N1vHY6lZ3pQW980n9824-gt0W3m508D5q-lvPN8q3tgkg0NxBW7HDN4-6qjVzVW24Kxm757c2C4N22mstWYfgjZW5rhjL89fTbM7N1JlcL_tdgyFVtMrJ0966kYJW3wXbxX3kN4B6W8VpDSm1XVGYZV5Cdh54n6qF2W8GCd3n5Lwz8DW8BXVKy1n0hHvW2yLlj617xBRnW92Tsfm76wzmLW6Vmygh7BQfx0W8Jlrtz4tp-WdW588b6T6682sqW7b2NVc8j71-sW5t2DnB35l-dXW2yFNFs79XNcRf7CsxWj04

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
4540	msedge.exe
4540	msedge.exe
4380	identity_helper.exe
4380	identity_helper.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 3232	4540	msedge.exe	83
PID 4540 wrote to memory of 3232	4540	msedge.exe	83
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 4792	4540	msedge.exe	84
PID 4540 wrote to memory of 5044	4540	msedge.exe	85
PID 4540 wrote to memory of 5044	4540	msedge.exe	85
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86
PID 4540 wrote to memory of 4212	4540	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d37hm404.eu1.hubspotlinks.com/Ctc/5G+113/d37Hm404/VWt2BH2rQYS9W4Zplxr3jM8jXW4HyYrL5cZrfFN1RGL-F3lcq-W6N1vHY6lZ3pQW980n9824-gt0W3m508D5q-lvPN8q3tgkg0NxBW7HDN4-6qjVzVW24Kxm757c2C4N22mstWYfgjZW5rhjL89fTbM7N1JlcL_tdgyFVtMrJ0966kYJW3wXbxX3kN4B6W8VpDSm1XVGYZV5Cdh54n6qF2W8GCd3n5Lwz8DW8BXVKy1n0hHvW2yLlj617xBRnW92Tsfm76wzmLW6Vmygh7BQfx0W8Jlrtz4tp-WdW588b6T6682sqW7b2NVc8j71-sW5t2DnB35l-dXW2yFNFs79XNcRf7CsxWj04
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90aff46f8,0x7ff90aff4708,0x7ff90aff4718
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,5482159210624539227,3348768144368098354,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3304

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x4ec
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
846ce533b9e20979bf1857f1afb61925

SHA1
4c6726618d10805940dba5e6cf849448b552bf68

SHA256
b81574d678f49d36d874dc062a1291092ab94164b92f7e30d42d9c61cc0e77c3

SHA512
8fb228fae89f063159dabc93871db205d836bdb4ec8f54a2f642bd0b1ac531eea0c21234a8ca75a0ae9a008d2399a9bf20a481f5d6a6eab53a533cd03aeaaa2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
104aab1e178489256a1425b28119ec93

SHA1
0bcf8ad28df672c618cb832ba8de8f85bd858a6c

SHA256
b92c19f079ef5948cb58654ce76f582a480a82cddc5083764ed7f1eac27b8d01

SHA512
b4f930f87eb86497672f32eb7cc77548d8afb09ad9fdba0508f368d5710e3a75c44b1fd9f96c98c2f0bd08deb4afde28330b11cf23e456c92cc509d28677d2cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
16KB

MD5
cf5633d228049e97b2956cd106cc718a

SHA1
d98494c67faad4deae07fe13b7cfa1f2f02570eb

SHA256
13fed4c60028b36b6211b4aff48a8b464d80c50ac3a8ef7ea64707348c861bef

SHA512
94c56463b83bf2bda6d30bdfea39fd6639d14a4e3386c032b3ad4d3702cd11bb41c5892344cb0a794b958e2c2dac1b692dcc46038ee30ae19893a4737fc8f8a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
152KB

MD5
c0db606a9ba345efc76dd72e0685ff0e

SHA1
2f72347ad0983d958faa3f0fe1dd4650e50283a1

SHA256
cf524bcacfd8fc5ca81aac18d27a9d927add2aa617d90f72668504261b638d50

SHA512
ddeca8554889b022c4ad5b4b655153764e5b1fea45662e1f8a266c790e25254359cd05da0632a81ad9a4fcdc95c30cbd5294118d5650d886d99581438c4f60c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
49590e8162cd5e73e16b9fe6dbac5b3b

SHA1
539be22dcf85517edbc5ee44e0362d3249fca799

SHA256
00f828e6af80a276efa1228477b674ead4347d83b54a1fe283daad5f4e289ab5

SHA512
9fd0cde68886da7ddb9762661706d6d95a36bb6e19612bc89e053aa9e69ae32480ac128a05300effa5f1289e9ceb24f88f6b85e122ffa34eef86d1d860624848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6ff9f86f1db0f0c93dc7e67b88ab37fa

SHA1
553dad6eaf8be8a9156693472941c075abcb9b58

SHA256
4fed5500bb36c687038ac4185ecd668879cc3ac987c4148077f690e71569c87a

SHA512
5191145de73e5937cebf5c56aa8081fab99c8e82af0c8e6bdeb8ca88e0fae51fbd3df44b7898478229231b912c44fff6d32ebb635c0e6ebc204cb73f21208204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
376201427a383065755a04753c15d052

SHA1
1f4a314d593ecc7178a4ae20f289a162f10f4a6a

SHA256
4360fb618b870f32f6936449a69d54d0717dc1fa73d29f506cb25e63f2096137

SHA512
3191b1c04a790d25deb20d9ff6b17bef6798ed7a49ff5ea9de63c8baeeca8e0c8fa8a5035309d4b3d132e500ffda910f0d8f79f60fc535c1fdb756b13d3b74a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5012f58028de5fcd9d07958ff79666bd

SHA1
13e15fbbcd6749d69a5c31a0aaf676d227a2dd54

SHA256
7b21c836ea9f9858593ab0218b365cd0e598d62add3ddba1249ff242f82001b3

SHA512
04c6fdc6c15ca4d5ed5cc589084b8204715f578911021ebd1236d66e9f667fc1e622037cfc7c4e4a5f0f435c573a6b00e2982dbda558bbf55f9a1c9a9cf16858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
908026c3aee6098b28dcaef5646064cb

SHA1
b53eec0db7a28907002422dc8d87b6919d9070a3

SHA256
e98e958319c8d621c46873a21693c7a0e02fb56f7a1026b799c50364f0b99954

SHA512
f31ab970d312e3b8499d0250d79260f880f5e3c287f4fc230ef1a93a5547e4906a5311a99a062e88110ae07844ef301fd67a7c8e1a4975cfc474a9e3d533cbfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b71150f15de4948a8c6413056a6793a8

SHA1
07e12fbe51cb23f1dfe451431426bcd5998b6518

SHA256
9dd0fdf8655e237cc61c97b19dfc3bd0b33674f2c564584c8bfac3f171fe6829

SHA512
204bc4d0bf7bc20b5b144024ca9217bd3fa61346b0d58cebf63cdeace1862e23d98cffd68865fac0e8c997dd6c045c7958c7e2b4da841ef092fbd44b2321f847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c382992daf78e953a1e23f972271f0bf

SHA1
56c9b2c91851ab13fe5583371ca225dcc9cf3197

SHA256
c659d51d78da7dfd1ad662d2a3006abc452facfb68f0a275ce02ec2fda4ceca2

SHA512
53618b4dc4e75f0ada4781157b46750b0a5c2eff079992bc2a9d47457e7db2e23b04f34744bd1e332e6ac43bec37e74f6a0e5bc8e8945f8fce37ed64ce644f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
48a6b5ba5e31d9dd466b0eb3bed5c363

SHA1
3f46a03ade3ee488d6cd9de6bd3d36e22e8e6d4b

SHA256
d40f2c7588859a561b19fabc8b65f1ed130256414fa0326588113753d2fe236a

SHA512
36b6b03a529a0147c95c4c9b7c213a9053f4cd4a6f7378fb2c447329bd743cc4fe18897011b3fcf25d473f9549fcd835b6389df717bc938f548a1636ad816189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ca105a47286e9cd3c8cc47a7e058fe63

SHA1
a326ff254de05db7dd09a2703ca9a870cd840cc4

SHA256
26b8826aa397c6a58868e92e70e1e555147b245b8a7c08cfb5972a119e08f0d2

SHA512
db46dbdf150da05a972f00c2df836e4cd0595a6b271d64dfc4e2d4cf156b351432e5835e4b03801f9904d2fdea8f29652628cd4ac693df4173e5b3fb3944810e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
39902436639334da9cb9bfb7c94b4c3b

SHA1
d601ecfc3f22e284ab895838b14c5e8dc37b8c18

SHA256
c4dcf268facb2d588858bbf44949713f2d7948372931899fe857a255062bb2a1

SHA512
3d8a5eeeb1f4951da66416101317b502f2a0e3a4453cfbb3ff12f38b35f6ea5d5ccffecf58a4ac1bb447009623de233c1edbe7dc4cb62c9cf9ad9fff9f050cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b2688794fb4b50393623001c7ba34751

SHA1
2042d70319670f52fdd8d8888573b083ce9b2e36

SHA256
987b30d35d2db4e94c114ff05921833e178ec299d025548fb675b08524ce80de

SHA512
66e68d323f236c5e2b0ac82e90b5a36c49fc0206fc1dc39e36c7fe440753bef4b6ab870c9883acab6d9c2000ae663ad7d8587d4b5bbf7c9dd86299a751ff2126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf37.TMP

Filesize
1KB

MD5
72e3ecf3d6f02e4dd671ebcedf3c5a1a

SHA1
4a6246f0bb33477f31ae9ebecf4d388889b10cab

SHA256
261a7c8640516aae11e5ac3dd6562091cfc627daa03ed0bc88c7e36cf034b0aa

SHA512
efdda0a661bd9c4ce2c720db81445b2f0683779c4b23163c4bd6a1f8f3b5311e31a1d12fb6f2bfb8a0003cda409a9292686e07427c002b2ad81a182c5524b83d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d97506f19f0fc026b65d86ffd52c235a

SHA1
00c8a7d0beaf1d2371b92df3868eb903433ca1c8

SHA256
c4b45f79e7c9911ba14b296d052e991592fa075e04172562b840cb0394736aa2

SHA512
94187becd209861253f8ed7b433805432cd5f227b98a2a5c0beb871b0ffcaa8e77ad293175f8c59cbf51f662347643e8d35347db4ecbdd0aa07b5b58e6b125c2

Download Submit