hxxps://kiwi[.]is-a[.]dev/

Resubmissions

12/05/2024, 22:09

240512-122rqabd65 6

12/05/2024, 22:04

240512-1zbgrabd58 6

Analysis

max time kernel
93s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kiwi.is-a.dev/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
25	discord.com
24	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{F5F420CB-F095-4676-9135-C0507F911C77}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
4952	msedge.exe
4952	msedge.exe
2312	identity_helper.exe
2312	identity_helper.exe
1684	msedge.exe
1684	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 5104	4952	msedge.exe	81
PID 4952 wrote to memory of 5104	4952	msedge.exe	81
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 3328	4952	msedge.exe	82
PID 4952 wrote to memory of 2924	4952	msedge.exe	83
PID 4952 wrote to memory of 2924	4952	msedge.exe	83
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84
PID 4952 wrote to memory of 2192	4952	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kiwi.is-a.dev/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb260146f8,0x7ffb26014708,0x7ffb26014718
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1974379482876758082,8762998594248282391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
89KB

MD5
adda2cd81c0aef4459b0e6695839ca9f

SHA1
8ffc1cc2993172216620539047f3580af84e3286

SHA256
5e7bf53131071d94eeda6bcd61710786d7232c529fa27ee73100cfb5d6bd0d53

SHA512
c9f02b5caa24f8ea724d5de870c5005a3cc1a603923a389a3e95051e03880837344f245d24a0b5a1ce9e4b413322b39334ecd9833226e3f8e1bc36214f2ff518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
34KB

MD5
b6d5f7e56199a8b8da64263ca1da7bb3

SHA1
be4264f10ccff05c5a3d6cc80046059a08578d6d

SHA256
f916de6c9fb3d222248244ac604b25375107cd659e7dddeae424dbab75e8f5ea

SHA512
58a1c677fdad48f5c5e7b549ec6abe615302d964eabf5c51bbad8b46fa51ee667914c647d0c33570b847ac75e204786c01850129aaed70571c7eb541214b78b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
115KB

MD5
5c3635d6ac3aa4e2798e8b804e7538eb

SHA1
89fcb5a1f5996a875ca11428a6dc9ac1839e0bc6

SHA256
69128a3a50d092cb8a767341a23b1f6f851197bedbef2f61081ef33744cad0ae

SHA512
c2cbe44e1ce6bcfd1cafd1bc83fa03ae5fd1cd17f82d62266783e8bd2b9e65bf5ad2e889282e6314c364541cc560da4fd261534b872ec22485036eb83034e53f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
29KB

MD5
f94f670f4f78972969342f8a52fa0424

SHA1
f907b2dc132f8110e04130ba736272762ec39760

SHA256
eea7d75d9827b7d6f610143d3cbfc7e1c83da9324a82811692d9a7223771248f

SHA512
b038fe9cfe7a5bb571115065a280aa21d6ac16f424e692bcf93808db28a047e3d555ab30da4af4130658f8233b5576069a985669e05734ffda7f408f356d5b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
198KB

MD5
c0fdd405476c0749d0a09c6d2516269c

SHA1
41bf35264953c0ad45b18714cd0a7b4837c3746a

SHA256
e196425c1e602f41801b73f64f703cef9f2f561cffe9857696d3b04821ea47be

SHA512
755c2c609c48f925725466d29234475e55b5731a32563789481dd19abb8ae4d890f2a31b9f2c50a452a0d2b9a4f5d0752b71f5025c25dac71355de6ba823f252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
430KB

MD5
3281bc75bf434ad8989a38cdd05d9cf8

SHA1
73272cdcc560b60ab0508c85b6d15ea576f15610

SHA256
7bd979bbc99a39cc903f83009876f1d7ca9d45cc7e67a7963645e93e51254d2c

SHA512
56610f3c629830866d60cc0d5cad3ac5f295899de23ecfc293bff04b26af59365ea528d7db5a8d49bbd64f6093cf43c851146aba66b42d5fc0936c17bb41072a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
109KB

MD5
26abd440ca6125e6652ef5b80209efef

SHA1
4f28dd3e4489493a4cb633545eae46bed5811e2c

SHA256
10a0bf0b03a03d6ae737f00d52f3af188ba49a916bd654bf6b0fbba49f4a1428

SHA512
f00398011257969e160f2c5c5428e7b0e417b4b30d78d0bd2fa5aeec1d2d66df3160f1111117059f3bdf0372af50c75744ca5fb35082b543f308b3374bef11fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
2.0MB

MD5
a3042488276b60d308dacac060000b22

SHA1
1d49864028811da6bc14e8827808390a42982100

SHA256
cb0c1d3e422cea285b7b7bf794f39447fa6fcdd4da0a500dc312e21ed6a02f58

SHA512
263e0fdad8b45a7e56c8e88a0f245402d0a14b73abda2ae3cf1695c8ec703fe280d2808b32ba65ae8e52e1c9f88cbe62ba2ad50a2c2491d148da6f7749f827bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.1MB

MD5
1784b0b14d1c30660674b2ae2bbca647

SHA1
f7377569bcdd546e9c8ed0de9bcccf87809db659

SHA256
fad78fe4a4f84c4f206640634e7657f9b3889b99cb9098a0cfc5ed01cd30a3f7

SHA512
b8415c63a9dde1dcfa88931edbf878abb61f67938fc078acb98ee514ed34c4dafc7c76c5bda77b252bd88a72453a4c4c0e809ce0879c3391f83e8a57a23c01ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
31KB

MD5
6f5ed98e60e0582ad86b81aa19dcae35

SHA1
0f037401df4b7e2a2552f87e60e136dbd3ce464b

SHA256
ab1ceea6829acd0f0c90881da9d3a115a91d3710f25b9b0db361dee9cb0fc362

SHA512
80cafa60648f964a6940bd9d46d285784019703bfd9b47f87c18d02aaddcd1df906343874f781ac8f4bce86cb4447814ecea69a91dffcf2689c3c4c7a0631587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
27KB

MD5
a0583e8715e005bcbc2a22c9e6fa9216

SHA1
55c5d28d086374ae7dc7f7605bd3d80c5160ce9b

SHA256
97258078bf74d81f40abc7ec8bc176244b26bd4d787a7f0502048bb7cbcc77ef

SHA512
95af83e690449ae32fdea0179d89cdfb0c638e8533d9532f1e19854f5e7f3bead838e536778bddc87f570ca043756fc34159a97a8f71ea5fc4eaf0655385eb5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
23KB

MD5
d0e14a11230148ee81e93db6132ab494

SHA1
b9fa68e35a89edfcad13b259c5c0eaff9808c1e6

SHA256
7102a059e838870f152b207f17e7a3ca57abf719870f826800bbc592c24914aa

SHA512
c8e28b4ea3ac3df7b3531e7c0cfd8da5c25c0ec3a4417a936641745d2d4c00926d4b4943a9319f8fd1e95c591ed580d27dc608b936f8446c5a32aa42f6ef83f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
38KB

MD5
71d3e9dc2bcb8e91225ba9fab588c8f2

SHA1
d7e38ee4c245f64b78eb18e6ecd7b9f53b3254a8

SHA256
ae99aaede2f373187a4fe442a2cb0ab9c2945efbab01cf33e01be517c0c4f813

SHA512
deda05ebd575d413aa2277876991ecc2ea238907390753485ba1b487ede2f432363c46daad5f3f240eaaf8d3258150829a3ae3d2d9c420ea59567cfd440361a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
38KB

MD5
ff5eccde83f118cea0224ebbb9dc3179

SHA1
0ad305614c46bdb6b7bb3445c2430e12aecee879

SHA256
13da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc

SHA512
03dc88f429dd72d9433605c7c0f5659ad8d72f222da0bb6bf03b46f4a509b17ec2181af5db180c2f6d11c02f39a871c651be82e28fb5859037e1bbf6a7a20f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
38KB

MD5
7f63813838e283aea62f1a68ef1732c2

SHA1
c855806cb7c3cc1d29546e3e6446732197e25e93

SHA256
440ad8b1449985479bc37265e9912bbf2bf56fe9ffd14709358a8e9c2d5f8e5b

SHA512
aaea9683eb6c4a24107fc0576eb68e9002adb0c58d3b2c88b3f78d833eb24cecdd9ff5c20dabe7438506a44913870a1254416e2c86ec9acbbcc545bf40ea6d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
37KB

MD5
3d6549bf2f38372c054eafb93fa358a9

SHA1
e7a50f91c7ec5d5d896b55fa964f57ee47e11a1b

SHA256
8e401b056dc1eb48d44a01407ceb54372bbc44797d3259069ce96a96dfd8c104

SHA512
4bde638a4111b0d056464ce4fd45861208d1669c117e2632768acd620fcd924ab6384b3133e4baf7d537872166eb50ca48899b3909d9dbf2a111a7713322fad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
2a45c520b9b2d47738bca6500daba246

SHA1
b8d4986c70f44340b9f2b57e9d95a4be098857d1

SHA256
8bc8fd1dc430aa3f62dc6c9d411639e9cf35b297498a71f7c3be6025c86d0519

SHA512
2065f24c85f1b5808a692224d0d52db3453980558320c1b12e6b7558dc4ac1d04b8bba3e06197cdf1fe7f4fd2247a3816301bca67e6e2770de24054e61d551a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
202f3f41014ab75bd3e2e119c5e95450

SHA1
679676f88faffb9f51cad66a7169178fa6a28f8c

SHA256
2c0b1410fe83c3b74fe98a95467f9213660a41c5b9befcdfd77745b254101a28

SHA512
5bcbe0e1433eef6b6ad0f717ec34ca55a34248f08726985c1779bd8323fa72f17da1d85a90f1262a1b83e0b179714cb9c9e9105638c36808bb9d35107cffca9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
754B

MD5
9d101e147ff7c1d81d7d5f6958023aa5

SHA1
04260c045bbe9a0e131f46de4964ad9d4be29333

SHA256
35a033d6637fbf0132361d3ee78a73308b50abab32226c92ea07d3f1469f293f

SHA512
860d62faa3e0c05877b86a3588cb3b0fd649af26fe41e515992a9b25b78b25206b34b1c3e80ec9e027592aa5a3803f4179e1de16d31d38a4413f63e3fdd34d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a431c8635b5fe790ae9109b234cde8a

SHA1
2ba828f947bd52b40b2327dc32f8b0a8581c8e19

SHA256
7d3097323b9535dde377082f7563d98b60b21389f2cada0b83b733c69942f558

SHA512
7f2f408f387a093dde584dc10bc345da9d5a6fd84f8f50e3e5987f23d19c800804c99003a954f67280d1c2b0be9423ebec3da7744e237d02bed8c34f8f7693fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
682f3ab8ed6730201a28360be6437e03

SHA1
cbf634989f026d22be3bd37483bad2af385e3cea

SHA256
8666181a979ab3e1dc8ef88d00739f982c504e489a6da873aafd951b40dd2be6

SHA512
eda6df78d58e57a0810d9f8cc4f5fd32687d7c9e65f18f04ebda4a8725429954df4826041532ee82da353d8fc69f60d2815a5cfa68c996d183a459df67569f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
32e8e85fb826b1798eed4d3b82c9d98b

SHA1
1a62ec9b7e2c3b79d572416e691e312dbd537a0f

SHA256
0ba19de996ecfaa9d200d8e6ca25427c854347ba3424801e8706f0ad2162651c

SHA512
70d1586f0570d95be7a44468b47ac0f49c86fb4830cca81609efc6c49eab56d17e868db0ed71803c928ec35c2b1d222485a8ab1531d32d6c055f7c41fa72b0d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c412da85dd72d062d19aebf04278eb59

SHA1
b64f4c2ad81ecfbd1a6c007164c4f2b28a45e22d

SHA256
16ba6e54b75f7eb6ca588f5fd5e8cdac227eac9fcfdaef4ca08374ec1d9a2240

SHA512
a0cc6c9dce30f6e57b3deeb7fb716de8710b2faa1bf97a2f045b3e243aa45ab0e7cf57b053b282340dd44ea1e4ebdecc4987f5224099bddf22511f7428abf7e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6bd84d1d59d2440d4321ac2fa39ebbb5

SHA1
ba19adf3968bfbd3e0a92fce54ecb73fb158a4b3

SHA256
3b5e8da0ed4fc5c2824d5e7108e4a148398eff13107055c27c2837c5b5403c2e

SHA512
b03ec3430d0b31024c7a6795e6520b5057472ab03f1f39419b7059cb3cf6c4e8a4556290b8ec248f965c090255e19981679260d5168dd6b7a6f439b5ac518bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
735087d38f7f11ff006707c1cf15cafe

SHA1
efadf26de10b63a58e56eea0aef358bce0d59fe2

SHA256
c87adb8c6c880c97e9a57cc8aa03877cf06e25790ccc0c00b9c8a15b24de9a06

SHA512
0d851d0566fe8a9f9bccde6c129f2e303216fa89e6ac5d34b0d03138dc30206241543508b321978d3d2fba9186c314d5259e1c58dd500d5c698000b4f40605a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
8fb601b3266ff87b3fe2f68559c29082

SHA1
81e33c668100249aeec2dcab2128cbe33faefd11

SHA256
f9e82612bd5c681600483463b63cb3dc9a3019a8a2d1195b6364fd00fa0785ce

SHA512
9b540f2cad002dcc9fd2a78a1fb068833942e921099268efefca1213892d47526a74d1caddc9ccfafb9cc2019f8e19c4706ef34f2c2c2cff0cf39025afeb9e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
369041fa20fbaf2e59c0966586f7145f

SHA1
a6801f14139dc2e39e88cac27cfb80dcde9ab61f

SHA256
ba501c835a53c83ae9f1236a24de08c5fec4b741861eee180fe31acdb5e33f18

SHA512
a76eebbc45f1441044af72beee8229d061ae33afe707a32f1812729d078b4026786471c2348782fdcfdad116ee8fddf0a007f6df35ded08693d1b1778c1a4f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
2e7d0ccd8562430bc7681315c4aef8b6

SHA1
bf35718d2c05e04a4f4b3028d39bff358366ec07

SHA256
4b6d404236d0ac186f4faceb0e913746887ba25e7b334f03446a73aebf47ec9f

SHA512
88883fe65692d0c9d7f1179523edca194cfab0683b62c41b6bfedcb606340a4a54f4c3b26c0680d5a958f921c76365701577dda0e63041d116c5fcc4531dc4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b67f.TMP

Filesize
538B

MD5
335b1c1034edce0c3b0800af9b37d5e3

SHA1
8c4e7e202a15b6d9ee41778c7b7a2f2f6331bcfc

SHA256
363f0fefc65eb8c63a512dbad40806f14ad8d3576c495de2cdd30373fe28d969

SHA512
daf03cae807877ab5a0e787ed0120453907943a48a6080cb84cef72c1f2fd36cc45d90b5873744487a35784098456828f3ed93c897db5239d1d2951699a888ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d304ebe5-32c6-4dfd-b013-43980536cd54.tmp

Filesize
11KB

MD5
d89057c4513df3f3645782d8d8aabb4c

SHA1
03c3e9eaf3738c4cf36e897ec84340dfefbf6469

SHA256
cc6dbd03c9dda19f756a68c17329e86a7ea89504e22c3c73fbf79cb784168765

SHA512
2af5e92162eb3c7eafa42c9edf163470ffef0689f316a51cb08147f070f9fe3ce65643c66c5fa58b3ffa9ead7723562c204e3cc6a50ec2525ec403a98c26af67

Download Submit