hxxp://nonews[.]com

Analysis

max time kernel
205s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://nonews.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2177723727-746291240-1644359950-1000\{32E54439-1529-4854-B056-327B507EA3E9}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
2232	msedge.exe
2232	msedge.exe
4644	identity_helper.exe
4644	identity_helper.exe
4876	msedge.exe
4876	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 5048	2232	msedge.exe	84
PID 2232 wrote to memory of 5048	2232	msedge.exe	84
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 712	2232	msedge.exe	85
PID 2232 wrote to memory of 3108	2232	msedge.exe	86
PID 2232 wrote to memory of 3108	2232	msedge.exe	86
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87
PID 2232 wrote to memory of 4360	2232	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://nonews.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc888a46f8,0x7ffc888a4708,0x7ffc888a4718
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18056017171139646820,16860606957137736457,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
36KB

MD5
d7e61ebea387a153960e616a63a4969d

SHA1
ff18868f840346f4d6df61d895aba61aea8df059

SHA256
8c1de92d4849309537f352d583cd58a23c1edb8da7b9a6f4c7be210453469753

SHA512
ec9ea1238801cecd398a174852bb601625993e709befd83737dbd4cdd492d8f8e3698834a89c6e44a044f18ed18e22ced342e3b243df5aa02c8d792c2514d77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
1.1MB

MD5
6b614d28622d170022a25f55a5c6ddd9

SHA1
e87fa47e865e71b3d071eda23a920289b2c89d93

SHA256
7cac44b8cc8fa4c58fe466a79e2e913282a772bca8e1ab05ffaabae7a3765e9b

SHA512
4dbd6c976a61ec1cf8c0db4e90c20794de610d82417de984e0e3b6ac788e5c6d3b9cfdadd69696acb26c639357b8669fa2b29648f41ead5c5ed3a6f6f117e469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
382b9b44b1e4df32e3c0519b8d957954

SHA1
a6e25d348c8ee8f30603d659a6cdfd3211bcfbac

SHA256
3797536314dad11e52c66208153cd268c5ee5e7a17299eba1ae8335f3a21a76c

SHA512
e722ba03ad6f8e93d15c4723b8926021596df8c511d7a04ae5ff7f2f8e3f5c885e4160d298327b45a4ce734ca00e4f309df5934ff8a34e44099004005191e99d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fe744debe9fbd1ef84cb101ad2020813

SHA1
f5346c4ca94b6b2f177d61e256fb9acda92ec9f9

SHA256
16ff395504f5ee1631bd93828c02afe589bf34996454407b2d297994f95ddb61

SHA512
ee25117395a37e66f51c4f733ee118082c9ca86a8b90b1fd4007bc03c2ca47a75998d91ee422d83343dd05117e352aefb817ac025f7491bb8434f43371bddbee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ef00ce621a7e0100e44e7d8d820b5ed8

SHA1
a461fcb61c7618375ac5c747916abfe996e0636a

SHA256
a71503bfbb970d64adf19cd7fc9d502e539b3cb680c160c33c494c769e312908

SHA512
ab29e9fd8257fbd9e5fcb79371b3a5c2da0ca9cbebf42f555964a2caf0f5516f4d0fd7d0cfef001fbcfdc234a94e62e2f00d4d96f521e86a46c5f177808ba60c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6bd84d79b2b9b1019f75841bbc957bf4

SHA1
4b938e75c457fbf60566074ba91625771fba4e3e

SHA256
3199fb20e1099866e06bc452bd8a5a13e60b88a71a2f139128c252d87828a05b

SHA512
c700b76750194b785780bb3f8b4b0e6269f3f321305c6b3f32b0dbb48f35a584efb84eefa092974141f02e9ba6d007582a236e2fd1ea79a7d4b7e06fae165f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db141f9d1371e6e810d516e834206e28

SHA1
0438e1c13c8aaf50c74438a01be96e0e55a8bb7c

SHA256
501d9deb968a5d3ffca9ab02efb2e37a68f207ec64b873f41cbff101d8d33653

SHA512
7fcd4fd2c4f87e207d3446fd65388254e97320808e6fa4407aae10411cb2b05b55230a89483314f210d78384624d4a52a9cfe23e9ded7e170c4f67cacc8e8052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4bb95e1bb9f5d0a357074ec83f69ecd0

SHA1
fb892927d34ffe397878027a45a24e006c53055f

SHA256
c3094db52ba0a417e11b3fc4e09b984d88fc6517668b8c54a28cd79c0e857865

SHA512
f186aa7b2d52456d8358674fce65a11fcab57ff5fd7fa844ab419e44be8c3f666ed2f113a8bd93e5ffd041d5ca0fcf67ef63fa84a8e2cf13a3381ca3aa69013f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c2c18aed754f912d23b6021de5afdafb

SHA1
a6a625f59c29830f9065c66474d359e5add00c9f

SHA256
1e1c32fae34af2e77af75dc74c738622204f57aeb5ce00b40ef320662af5fdad

SHA512
243600bfdee54ce2393561e538f2b5258bc39f5995038dc96818e479e6c3c944088bc35b1a7d4400314636dc0a8213d376d9ffa51d08cc485f0d2dfe3346afda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ff47c63a3cf8497db78d075c86cab642

SHA1
7ac5546e54826ad81dcc5ccf62a05ec040050e81

SHA256
ab3da7510cc1047a204df4c566bad04d02232dc4addda4a4474772de86f287c8

SHA512
69cbfad9befe54975cbaee25b9b89e0bb7713099c46a20b108aa25b1a5dfc7d0f2a16b30e8081c9c62d2cc58f5bf75fd8c9758f6a6f74510f918bc67fa22d32b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d5e9beabb7ac77df471a33e008b58bc2

SHA1
f5a3816ca3f72ed2bf73b243a65cfbc0c5655e91

SHA256
cb50f868b1930299c88173b562ade9b20b1624ca7c58e36a0b6f51abdd3c2a48

SHA512
75be88f5f258281e8f9daf6cfe9330490fc9b56e041ebec2aedb0ab5ae68fd843d4344621c5f035f648aef5350686d48e7f5fb7e25fce7d7ab1f8743a8a29d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2298abdae76aa1ff3f6ffe334a2e9551

SHA1
5b3f253cd1a11538e65b966f601c348715ad7658

SHA256
07bfd6fbac73761b3670d7bb4fa5fc2ad5354dd73093b03e9656b83051c65b7f

SHA512
1b7353363ebaf1772d05ae40c400904d5651b970bbf1b7389cbdcffd82ab639b0fd6dd8667ca816e71e67a6890f204c611dbc6a1f8bb191fa056bcba4559bd8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5789a2.TMP

Filesize
1KB

MD5
d53e75db3e97e7ad83fe07e8f5801e9f

SHA1
051169fe4dbe171d5943532128c38f76b14deaba

SHA256
15805e2f855614d33beb821dbe55c5a8bed5a40e6aa3d37d978e4431c6ee9fd8

SHA512
c4ccaddb743db87028bce3c90fc56c847345e60168a4d44cd8759e369e08aed4399bf1e324df13c616d98ddd0226f0616f4a94d42d65e36d38ad1861156b9018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e3578626e10798be0d15e5948a927713

SHA1
f28c3eade37f626573d97ef7881bec8429a43bae

SHA256
53b61a6b9aef04d3784421681847c0ee94cd4b46a33d0e3a0a66c8fe20363880

SHA512
fe34f5e93461dae886243f3ea180ef86591d50873901e6f9a2692e8667d663c114f34250aa2deb07b49d554c05bf27c84366ebdcb91a6abb99b8611fcc26167e

Download Submit