hxxps://github[.]com/rxzyx/prodigy-hack

Analysis

max time kernel
1795s
max time network
1805s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/rxzyx/prodigy-hack

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
29	raw.githubusercontent.com
30	raw.githubusercontent.com
183	raw.githubusercontent.com
184	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{F071ECED-010B-481D-AD80-0EA522E73D18}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
4268	msedge.exe
4268	msedge.exe
2288	identity_helper.exe
2288	identity_helper.exe
3936	msedge.exe
3936	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2876	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2876	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 5076	4268	msedge.exe	82
PID 4268 wrote to memory of 5076	4268	msedge.exe	82
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 3028	4268	msedge.exe	83
PID 4268 wrote to memory of 2952	4268	msedge.exe	84
PID 4268 wrote to memory of 2952	4268	msedge.exe	84
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85
PID 4268 wrote to memory of 2516	4268	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/rxzyx/prodigy-hack
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef86946f8,0x7ffef8694708,0x7ffef8694718
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,1315753149577288235,1882733960750104678,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4812

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x3c4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\35b0a3bb-e43e-4154-b99e-66b53908222d.tmp

Filesize
1KB

MD5
229893bd689ae46e22f0e3c0bf40b6fa

SHA1
3d969418a4c1fa0c04bcc6fec0cfd1818f39b942

SHA256
d9890010bd430ddedfcc6bacf3d74e844547721f2d612787e2e0c19773d53ed7

SHA512
d8a3bd8902c8024fa07e09e7ef1650b529f65692ddb26e3cd59e1db05382c27843c0250143644bf739137fb9122b917b5ea0105f6ec28b0bd75d57b5b6bc9609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
31KB

MD5
165c48d31edb3cdbff7c9a02206d454e

SHA1
f663a2b6b3025584512860ff05028039ce178973

SHA256
33b58791d0554adffc6122dfb15921256dcd61ce9ffa0957f6b6100f20447f65

SHA512
1e02b653897f47e95b7541576ca4916cdca31a70ccef2787a3ac7ac8ae2cf3cee50a99a95fa5ef1e298e79079bbdfd424ac6ad8d8df3418800b56fcfec00a15b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b4cd2195be82f24c46617c9cbabef4c3

SHA1
79be2a0a921983fd93db4a26fa3d7d7a87a491e9

SHA256
69d0127f2a5e904c10952fbf290d30e9e3b85b9627874af7ba8b9f77e445cd45

SHA512
213999f585324e80481169c7a0753f4d2d0170e90e7b46d7765283f6f0790a69f1ce52796e4d72fcd9870327c8be6408fb5922e78b3891b3a9911b870e6e26ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
25e319e6afc35caba71f1d497522a70b

SHA1
e3d380cdada1484012bd08bdde31d2a004961f19

SHA256
714d0ac2bde0c1b16a2732c32722fe196cd06a8ff45ecb8d3647d23446074eca

SHA512
352933921bd4e6ad16a53efaecb40f2b3fae67d47b2fea4d848ca47534f6864f79aa09952b16a9ce808437e8d03993b01a349a2443765b947857316337bbb194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
67be5a532cd7016348976f3882eaa4d0

SHA1
ada7e7640abbf0e39cafc75d782becc2e20439a0

SHA256
208ecfa0aa98e4ba8bb5cde157f7df4a2b6bd85b9b8914d46ee74c82bf19b401

SHA512
8e08a5a5f45bd929e02e13f8f163ab3fb15412aef09a36d649a4308d793f39cb1940e8353afa8249ddf6e8668b8455618aa503ee14446fcec551a28f23f61294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c4929404fd8e1e765da021254418c6dd

SHA1
72b941ce457eb75b9d3ac655489b74e4a6681a91

SHA256
036a61ce4508af5ae5b1b9bc43524909d6803579b2bbeb1dbe5aa1ca902257c0

SHA512
c4e14db8bc8f29be3884295d09fef27cd54634b95386c63422b7bd656abd44f707597528a6c2ab3e771489cf7473b2e71dff953fdf63a50826d976abef1e742d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
42b5fd8bc7f77749eae7305144dbca76

SHA1
9b4b7b08e2ec361d086454f0f5103ac55710ed65

SHA256
9586889958ec07b6f11f1f4946362b8c8e7a12cf7822c6fb238724a9a873b62e

SHA512
ffe4acfc8b1fc13c7d63d7a916cca33d22f96dd2f02dcc8e284a63ec7be11e667ab0ab3bedbfb995c862dc97ea269821837131a7123e614206bf4e46f454126f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f951138ba7f1cacbe0260c601c6e9ee0

SHA1
50b8929e159c328a4feb54bf6c09f0ec9c12bee0

SHA256
abb07424d78b9c3bd3a1d75c3cf9d8027bac06ace562248985f8d0a797087184

SHA512
89cd7c342911c9621e87014b19a409c66357d80e815633e6cc18212ec66ab9f3c86a8be8e55d1057588aa0e895a6415939fc8091c7a53afcbf9bd3aba07f6156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8bb6e1344a5aca74a24623f216af6c0

SHA1
df5bc47457ae287df1e0f1a276964077746e527f

SHA256
fba45011dbd0b84b72d2dead873025385876746993c787ed7ff28891ff645f2d

SHA512
e6e0817fa07160c2e4abaaa975f36c7bf620440e166847fb0df58aee2787c3a07bcf25e08a2acdddb83cc09ae1a4f9a862860e1f6e0a12b4b7e7ab286a2ac935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad09b3a6740ea0ee8315f2b63894e244

SHA1
0e5eee2e35e063de1f0fa021a9a7fca35cdbb09f

SHA256
7e4362c800c1714a486ae138252220befea0860b42c45e0a72959e5772f9dadb

SHA512
25c880a4a59c03c814f62b3713e8a050d5cb74d601276f3e3d6af59cb89efa6cfe0fd3a0e49319a6ef45a4e3f70f48d395977fd278571571863df9043d4d6e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7265187245cbcaa97cbcf9511584f7f0

SHA1
7c6970d48ee7b37b75d5a813730001d9aaef33f7

SHA256
c1f61dd60ad86d0c6075a3d92d320028f346fd05fe3c36befa477c1a8ec94f73

SHA512
0895b8b306a873c2205d4137b517058a3f8ea0dc2a90ff48d313811b761231777887d4cd852906290757cfaa492a1b49617e8e6d7260d0e7519ff36085514305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
651b921bc6a2d9d66e8e774c4bd7c776

SHA1
09ceb9db23d07390f231b8a9706b829b7ad91e9d

SHA256
bf5d143f6ade75994190baf56b420f4e79bba26dcf07a63a27290782ee39d7ea

SHA512
5181910a89294aa78eddf928aeb855f4f2b86a2a8afbef24a6aef4f22a33a12883a0a1d6c8f951465d8ca15f402beb2f6341220cfd5e7180bac47eaf1b1911ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e8a2d848f9a831608a6bcfaf82c1528c

SHA1
9c05e64b9f34bac4fc9bbd20296b71c3f1c769be

SHA256
d456b4be57145c9b546ac77e9f7a694b1c05ddd13d88219580969c00f11d5078

SHA512
9335af8d99995835cceb5cf6b306a7a461f134622bd509866146b34d3b19b960ea07520e9f10db6ce6d1f92c722a5f242b9f6d72f9a34fa1c3f7bd50ecc3d012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
316b4b4e716ff0196af93040535404b1

SHA1
9cf7712e79cc9fd93e95f1dc44eb78ba624550f5

SHA256
3c3e8e0896697600d3526f614b64f9febce83f19308c11a87edf4d70a17b62fe

SHA512
e1708bde415e7602d9cd1dd72e05623cbd60226ee8f33a0f5d4eab69911b96de0a8891653f8bbd51c1a54d20929b7bc0adb065b58de2dd5d933d24d02194b370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c3f2749b1034e66e1bc32abe0254a977

SHA1
7b706d3a9591e8f2fea5833217daa5cce08f3106

SHA256
8ff06da2cc0889a31685ff946453091d42a870c67ebea7b1a63ee2464912260b

SHA512
79e542844c861fb1a553d63e32e77548bac0efc829b978d915193fea1108addc475ad0ca407b57a81567a76539806036c6d741c0bcb48c62f8356a0a48739e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c11ea004932238f72e27bfabeebd105e

SHA1
c36fd9ff5d2b2f59f3e6eeb0d66a6e3ee7cedfe3

SHA256
62389d8c3760e2734442b41b50d7296be9e01a5042017664157d1dc23a2396a3

SHA512
00e9fe46f395ab474b1bafd24ff3364dae57cb19ed013fb6a863b92d267aba5e5f133cbb1c87b60c84c96c90c7119af0f9d26418c1720a0e4143ac38b0b72bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1601bd0ed184912aa2a3b1654820293

SHA1
3324198d2d357da9823848d9837c754f982b5b2f

SHA256
fba391ae9eaff1141d7a43c3c856cf88e381210edb34967fcfccb40c40083d7c

SHA512
8a884c844a91d2a5838c4d78025b8ef7d1880d755b7e9d3dfef0d1b3c2281a5f20060917476299d80d47d8d60655e63d7a8cebdb7963d675d234f66b69e25374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
caff2735d2cc8c7f8cc9bc84875c4aa0

SHA1
2480682baa0a023dc22604bd7b3aac6a23602ea3

SHA256
2cb24176c339d3c2c657a4ba63c03c139ccc4f33801b3e5b032ded81d2795aff

SHA512
2659186542c36a72c05a25f88a209e05ebae1746a4c11e1c1883215bd93a2d57778de564f9ccac925dcf8b7bbae725a1d7999d91ebae1b169caf156ada25abbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2a12fbc181011e1fc0e1dfff6bfb0e72

SHA1
09f5a874e829fd5c2f7221996249dc3c2a55bbc8

SHA256
5796adbe90254bf5b79baedf7cdbcd2140ac550ce6590ce51664d4e8458e1133

SHA512
496cd52c278e20b783846af51108e8d7446bb67a79b251e41fc03be8929557cceb14fd0c76ffe578fa8b7965abb6217b3f62c24f49e3bc53f9fad62e3b018c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6af088b030afdba2b817b4b481c5f70f

SHA1
96ebc95470c1df66d29b968e7117a31d487b87bc

SHA256
a09f0c5f396c2a02f16eba9b0a094472a8894723a021c3d03840575d7cf8af93

SHA512
104ea6a015c5954e1e712eaffc122845aa30b20a300551b001ad8defc3cd9fbee5d5da49f03393c07ea28d6eae116f60a62153ce786148e35ba5c26e1b4659e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
30b3c302fbf4ca6111f0f757644e8ec1

SHA1
40c41bc7018b09c0c6b6ee0ff3e02596e3380e62

SHA256
b536f941f4e180dfbb05b64ba502ce396c04725ace61e9808873c6911ed9e583

SHA512
701463e245020149c506b270ba767f3dacc93c2e47ab5d28718de1dbd32f6aebdf5d3fa5a921587760e197054a1200dd5f049d434ee458c5ec10993568d523aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2fabd751d46b24a92b8db6998320e6f6

SHA1
ce7ef6b09c37f84e4768238b1fb22afad0a339d7

SHA256
48a2b7ff14f76de5b6c914c8857ebac98ef805d3278a8f32465f07e00e7a540a

SHA512
84665aceacd26ec830c7229452224f5d716ba06d109b92430397708448f6bb55d181166f88aa2d851120807ae4f0cafdd622eb08b0c6bae5779a6709a082e871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
33e04551996dd048b8e90e0b17a8138d

SHA1
6d19fb89a02894c7eea74d047c4b8bb11b43cc70

SHA256
27474e0967f50b3e2292d916f43f071a38ddd16c5d5105b5cc9f250d404b4f1a

SHA512
eaf8e0587ba4682c23ea8fcc423d783eeed8b7ccd96b3f82fdb09cb1e3d7fb8c37780f48dcc8bfaef0f801df92d0e24706ddd1432088bed7e3ad2ab48c7de7af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
833232df620d07cab303d65d42d4b9da

SHA1
0f09c24a0e5222319a71863c26989ccfc085376d

SHA256
098e8f9f0281af2f12c48f070102574faae573fbcc067fae9002afd4f87f5915

SHA512
52ab41375cd962ffca3fea8eeac35ff6b6f2dc82280299321503c149cc9e2f6d12067150c5aca12ad15f36331eef78765e7e5eabbc1f12b3e1e4a21e9300055f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cee9.TMP

Filesize
1KB

MD5
a65226b24b2351a99c6d9a67dbd53543

SHA1
2496fd000af99596b4eadd81c50ec3fe4327a1e5

SHA256
03d69bac99cc179de7bb7cea54acfb47e902a0651ed29cf23aedc51be119b675

SHA512
d1205af474cf4cd960cafdc9d7de058620bfa4dabe0e15ec299d9b305f5cf68d2baeed8605eb7aadaadb2494edb84f214aa4ad6b1f71b2453b7e5af74d8749b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a549ddddad5e29274611e577ce8fe754

SHA1
05d00fd7caa5e41201e82f3135d76f4d116b7557

SHA256
cf51bd3e7a04632fee48a168a4bab7061cd8fea4dc9e7e499b8158847abf2084

SHA512
4ffcd331a2b7956c5c8b868c33e1c6cf9b1f9694e194a6d75c5bc7d6744dc575036523cfc70ba8189790e78b4d518d039de5e50bb28609034a42ee8afa48235e

Download Submit