hxxp://oras[.]freeforums[.]net

Analysis

max time kernel
148s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
13-05-2024 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://oras.freeforums.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
3940	msedge.exe
3940	msedge.exe
484	msedge.exe
484	msedge.exe
2484	identity_helper.exe
2484	identity_helper.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 996	3940	msedge.exe	80
PID 3940 wrote to memory of 996	3940	msedge.exe	80
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3508	3940	msedge.exe	81
PID 3940 wrote to memory of 3480	3940	msedge.exe	82
PID 3940 wrote to memory of 3480	3940	msedge.exe	82
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83
PID 3940 wrote to memory of 3844	3940	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://oras.freeforums.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff973053cb8,0x7ff973053cc8,0x7ff973053cd8
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
  2⤵
  PID:340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,16219382942300804670,8698051631634577276,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6876cbd342d4d6b236f44f52c50f780f

SHA1
a215cf6a499bfb67a3266d211844ec4c82128d83

SHA256
ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e

SHA512
dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1c7e2f451eb3836d23007799bc21d5f

SHA1
11a25f6055210aa7f99d77346b0d4f1dc123ce79

SHA256
429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800

SHA512
2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
29KB

MD5
97e430afeca947d57de7ba175c7c9016

SHA1
10de8931f9ccef15eea975b443e513a853f52ffa

SHA256
6d268e4fa8c07fb54dc1cb6d3bd6c4680a3aefac29b418edc3210b916585083c

SHA512
1fdec4edb89fc8397bd40a80a4e76339ebfb43a92d7db48814131722d564222413ced4b36c0b28f0977c11bda3935b3527d2a5b9f8a2a103affad2df4fe85615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
68KB

MD5
8c97c83955c0c62fb49bdb654dc4ca22

SHA1
627181ed60b7078b191144adc502948a57032f1e

SHA256
b6afd7278affa3ff6377c8912e55bfe7e573d75238180ee7b479c63e05a0f992

SHA512
8e51f26e0ea18a073f36325236afcf9fe46f4daffa83def0926640e501936c318c93f23c4c60d68fe9ff017e1f08bac6144d2159d196b5cdb2f90495b9c3e7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
66KB

MD5
73617539f550773dd737af614fb96fbf

SHA1
52d1e0287604d2ca606cb7789385dd3d96b32d69

SHA256
6d5c92b32a3cf8574bc525556864807813ebeed3aac5ec41c08e0f04740aa71b

SHA512
810a328e6b10774f79704db347ca24c0273ceed6bd5d69d3926e77d8c4ec1a81786b183e082b6f196ecc8242564bf37528663dcfe5fc793da2920010613d5e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
239KB

MD5
d06aa4657e41084dc0f07d7e95c1a567

SHA1
43661d8705ccebd67b37c2cee002befc5aad8a66

SHA256
e6c52ef9f4605d7c79309d6981065d6bae01769324a1028e589e149c4182b41c

SHA512
410c06ccbc97c733b2d79fd22fdcaf3e31bc7f750aeb10dab6bfec14c66ca789a3fda9aa24c9728864080a0824ca612c2e5b74c65304bf331dc49f26e55b9582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
141KB

MD5
e37ff0d4416a8481f3aeb89420492e16

SHA1
06f80ba46de90e82bcf70554085c4a0fd3ae7e3f

SHA256
b1557195bd8756b03e934fd9c844925fab35abc621688ca41cdd9040d5cf1d1d

SHA512
bb5cb5261d2aebed208b70e192cfdd792159d483344e2cb6291d06888c6aee9a69e85ee89f1e77751df771fc5c02106e1cd4649252082d3c0def5fb55850c1dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
93KB

MD5
4d763db0ba8004330e5e7a85ddf5c070

SHA1
be2485817554de231357dd52242ae9e555a8d494

SHA256
eeba7b2ab620cbe32f07cf92aae0c399eea630a0f5ab0b1cfcf1fd9883813930

SHA512
c0f0e6f97a119886508ca0ab7e788323f24094974f2bce9939b4809b2de209362b7aadb3a6aea3481083fc09132a5f24beb05fe32e75fec3d7f412a8bec91def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
42KB

MD5
6aaedf2659379e2ae12951cfcccaa719

SHA1
1bffe7294ae86e8a86f254a330f4acee72b2a777

SHA256
dab4c8f4e661abc3b6b13bb620ec6eab6957a194510e4f5cb47eae23be890526

SHA512
d281b82479fc869606e9953281fd9c801f5d6e94353722014bda9241774025ddc8bac30fdc6c085814443435bf9f004279b46e013e1982ead02de26a65d35b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
28KB

MD5
9c4bd7f981e42473076868eec1e5677d

SHA1
2c94659ab852b0a424cdcd40954e6c9232efef4d

SHA256
4916aa4616fc474e3f16557b2e128ab5f8640dec8d58069529be9f5793f4a74f

SHA512
43fccdce0acc80b1bc579ad560294d2257030904b334c279a361fa3667f3876709f0ac15eb2b00d40f82e4ef95bf4ff59aca4742493ec275c5ed29bc382ba9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dbf335fcbc561b1aaf4d7529cc2f84c2

SHA1
b5679a718cf7d87c38a2257e97850b4a4f5eb58a

SHA256
99d5699819132ddf87e609d00979afd0b45e572a92d5c09328b117530fa8b09f

SHA512
9559487328e7bb1486e50db220ab2d9e8054063516c1cb4c0bcdf808fbd8372e15cd2c747565041b8e1e7c541236abce99ee01dfd7bbabbef176cef4e9a9edd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
653ccb9ba03eeb8f615f22b2c9b999ee

SHA1
6758258b40e56dcd5782d72b2491ac41f34d35f7

SHA256
12345891cc277c6a91a237994c06374aeefc11bf08104d819928266ed664aa15

SHA512
40ba35fc4a82408cb901996b8a9ec939895ffc0cd1a4be7a2e2d8cd33774cc2fbd300ae06bf670da133bac81351556e0f2ac4a272b07f1a20406c4f6a44807dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e16771214ba46c0425d259ea44ac72c3

SHA1
aceb8e524787c7e8c95a4483967ea3ce1bb388d1

SHA256
c01589f4d33e7915bf3b55ef9bdff5e9c7b4a4d0d09ab8c5233789da12833ee9

SHA512
285bfdab41808084e8aa81e6b28ad36b1ebdd740be5f01c89c3dd249670680fa75107e83920090482bd4240e1e3bd19591aada6b1e9361a66d107ecf81808040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
200b705a58605c3ddc3974901f38d48e

SHA1
5120ee0e2ea36cc273310b23e8be48a8689eab98

SHA256
9c512206e0b6444f5e86e8b2c242769f6bd9b49cdff6f73a63d37df3772bcc09

SHA512
a7d74f4c10bccef899d237f200dca410c93ebff5dbc6c6653f82856ba0dc56c02e8e9b1444bb7441d8c17f920ef0d575eb7fd014b009fa47b3c0e96a79849055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3551f5cbab530d4755e5980c98719c17

SHA1
d91aea8ff9565d6fdd4b20ffbf101d58887ffaac

SHA256
3edaafdf664da0c2122223df395cc9b23af0c9ec34168c08ef0254701530bc33

SHA512
3ae53d9634c6f6e91a4f17512fb39d1747774b6ae95dc99509505375f604051558635fe0f4fb3399b6d787d5fae3219c18830259c12df150a2e8c9f2135319b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
430fa4de42ac71cb8dc23df96e963307

SHA1
10d0b9a957b9bdbee145b905604ac761f4be1989

SHA256
49e4def4ab0eaed1833f9bd8589e751fba0b33b4ece3c4146712bcb5e41091b5

SHA512
86fb36a04049207c39969d25cfc421fe68314725b620060f507bf6227e84f2287e18507e50bfebe94ac1ab36a0143d5edc202558fa145589f1cb9441b431474d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c728.TMP

Filesize
704B

MD5
6db969be1ad4c60ba134efc610e45463

SHA1
693f9c89d17698194d83d80145d543045714b094

SHA256
ce61696c990932a7185aba73bfd24421fdd4bba1f7f4fce85052572f2f6a51fc

SHA512
1aff412d33ccd882bda69a7bfe294f7517024f85aa803701b0cbbaf41696029a31ae20462caeaf0325509083dce689b080b8e65759b842a715f66f227681b8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a89d941170dbbe471423959f21463cc8

SHA1
a086fc52b786d7e3f34a9930eba8dd756c059d0f

SHA256
a5cf01c30e6efba12f0861d7b3257a83cff09b075b9dfa6ffbdba82e1f02e19e

SHA512
17cbc97d9de7557ba645351e06db674c4401bbc618819fda78d7a8f75338a0dd1e6d4adb2443c864b36f718f087bbfea6e91fdb1e749da29e2eb6305f3652321

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit