hxxps://www[.]wenwocixwqiefwonirwi8[.]info/

Resubmissions

16/05/2024, 13:28

240516-qq2x8sfc76 1

16/05/2024, 13:25

240516-qn4n2sfb72 1

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.wenwocixwqiefwonirwi8.info/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3236	msedge.exe
3236	msedge.exe
1460	msedge.exe
1460	msedge.exe
4144	identity_helper.exe
4144	identity_helper.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5196	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5196	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 316	1460	msedge.exe	83
PID 1460 wrote to memory of 316	1460	msedge.exe	83
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 1768	1460	msedge.exe	84
PID 1460 wrote to memory of 3236	1460	msedge.exe	85
PID 1460 wrote to memory of 3236	1460	msedge.exe	85
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86
PID 1460 wrote to memory of 1048	1460	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wenwocixwqiefwonirwi8.info/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9303d46f8,0x7ff9303d4708,0x7ff9303d4718
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3296 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1166948522552994579,13579310706269328006,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1112

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x2d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
31KB

MD5
0dd287737ee632a5cd6bea503c645c7b

SHA1
07945c5c9fd943e834472c2bd6c20c9c82480256

SHA256
11a39ba203f300e70194a624ada2fe31639f495edbd4bebd23860e67bc6a38e4

SHA512
a625aec6e31fc9b711087ff14c1cdfc53825116bcdd77a103c15d26c969ab61ef60f28a68f7800b17c2991a9869ee3c6116bb10b8fba2ff987cee6dc90c0ca81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
217KB

MD5
3f4f8b41dc2270854bf920b0b51b57e5

SHA1
11c7f81d85a9dfbe9396c27fcad11bdfadf527fe

SHA256
1ce8c4712adac8cdaf4cb8c9de1c2e5daa369d6ed90c7cc876e2ec1d51d17fec

SHA512
44474cf48107520a1af16fb3f9161d5ada89fb9e92b1319d376e442a53859c73d7431ed25d9b6af12c89834680a29b2db9ce417dc94059588a80e09cfb2e41b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
50KB

MD5
e7122f584d4fe053c6bfb5f6d1f88e1c

SHA1
96891c1a8294d6465c0ed05732c90d51521eaf9b

SHA256
7364a6474d26d20076737787c6128676fd1bcd0d7c221f4bf4166eda41957d95

SHA512
6681c59dd94986ccebb58b551ee5ef4afaea16b4d3ccac87e5b3da0cd0f3b341c62c21ef52d83253631358c52add1051c13de09b67be464f3f89a3a57a7ad594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
3beef81fe8d019bb71c548ec46afae34

SHA1
5a4cbc21a9d8bc86306ae302c98407a153db866e

SHA256
d0a2a5c91ec946970af7f063c735acffb64dfff6378bb91669ca8a55cc512314

SHA512
1402cf3fbd061c4d68cac574864b11c18820d834d923a6a6eb54d7f9bcecbbbfc08d76f1e8b760e2b2791bab68fe21077914dfe10dce7e16d8bc816d96aeab3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
99KB

MD5
17493443fd090ee4a0fa50cc3e94768d

SHA1
63d7c7228a6ea2464cba60610cc329de6d3f38d6

SHA256
c90792bcf28771416105cf2374d0553a242f08200e1fbb54f29aaf4f3c6a4710

SHA512
510e39060471d20b42968c3823e2ec8d95816ecc2fd735af3bf1f92de6646fd74e47649d72555a202ab1b2851d328dca5d861e9b0ed6883c3227def4e33a9d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
92KB

MD5
850137e7056d1fe9503f8aca3b48594c

SHA1
5135c4db09823cef953f57639eda72ea109d4de9

SHA256
9c581ec6b372118aa4cb69fcc3c421f84f7512f26f1346f7fd37aeb6e3a2f4fd

SHA512
c5e47541cb527bc198391368845b6b9ac8edba5f05ea4c2620800db08c0427fec976eff74d35f96101bb416a73cd0176aeef53160a553bd587aa5fbe630b03c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
186KB

MD5
dd1ce00e8e671a694037b2d63c4598cd

SHA1
80eff7d9e060872a23b6f9ded86c4ba82dc89cee

SHA256
7ef82477c9bbec18a5fe5de28001c51511d2f39a021850e85f694cb1ff05779b

SHA512
a6849c8aeffa1f8a5d676947f0889c0d707878b77e24962ff0abef2ab5069d8ea40053c6c9a487856fb9f44ffda18271fd7d5d78fe724748ccf678cfdf5a0249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
165KB

MD5
1f3994e8f23845de72b145aab1326993

SHA1
20f60c7e635e051207e70ee2605958427625dc8e

SHA256
1c3d50284af189a512f61d7490498bf36d450068c5de9ece0e43fc7690625fc6

SHA512
f909a666675f6361262302f5a3e5e2f92867e9d5f83ea873f75e24e48dde119564ae29d1a1bb021ee0ff6b07951c1ca1033f8fd115ae81913d28b00fd782cfc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
91KB

MD5
f73426673b16814ac965fb31e58cfd90

SHA1
74f4588cc71579a11457fe0c67c7ce685da4eb35

SHA256
c1c83932afc8a35d1017c2df83f625a2d03e5f051de7343dc814af8f82d5c2fd

SHA512
abd5c495e0474dec5d8a08ac13ee282b6374a54e76141aa560a91f1d19e87c9e74ba21a79995b642ecea9c373b738eda80f151cb24ee753f123bc2c76ee6929b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
56KB

MD5
78c2b586d013f22c00a7fba84f1b17dd

SHA1
297e8185e03b95dc9ac1d3bd61d7fa6870af5e22

SHA256
296967c3f68bf40c880602e4f9332488b55e6b901d7f9abb0190d391e2c1895e

SHA512
6904ac1bc42db7d8e0b7470369dbd2de6936f90af3e00c247d773ef2b8c20cd4ba54ca6fd3983f37052f8d74faed449d14d790ba500ad0ac72a3d72dca82a077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
33KB

MD5
06143d3ff5e128eef959ceabf2e7f7f3

SHA1
1b1cb0e1ca05d30365395a94d610a6bb740060bc

SHA256
e20315d2bf38473ce1dec7bbe4f41319116f857d88726423b2a0876b14c22818

SHA512
5be12503b13cfb9f8c04367c12add0e32ed6c4618f751fd1672086c537b61184515e64aa6f3a7be6ad6f7ebc41cfbf7bc0cbe746365a4ef04f89155c33ab4cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
273KB

MD5
9885b4551dcedf3f6fb9144966e52558

SHA1
1fa351c063019ee84ab50e3d6c9cc10ac4b230af

SHA256
3bfe6ef1e21631af4748fde62a6d43bcc027ce931a6ae5ac0f114a0ab52bc881

SHA512
9f2b2add7fec50722b54a8999e87ef8bfffc1c8e87c5aeb43f0d43f9edba1d9b1ce0c873ac66d1dcc448ab8890bc5f0ffcf85a2ace44115ff22e3e4fbd880e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
5b158e60864da4a72a3bb34302f22d3f

SHA1
acd7da92447512821afe4a0fdfc526cb06e877d4

SHA256
02b0bfc67c7962b5cfa47862d2bdbb420f6029ed0038f0db6bd8836229711fb4

SHA512
018084bca750fdea7e5388b7de3c7e7c71c338c808c8e903d0edfdebc289b3bd01278ceed46da46a7fe35274c95fca842ceb9be91d6b8a1ff8bb764efcf55db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
6ef1534d42976ba42b8f913c28fe2c12

SHA1
882f073a7d8e8ac11cf93650ccf1f5e95cc103fb

SHA256
bc433026f175ce569f512e978deb05bab40f9aebd27deaaece2833e40933fdc7

SHA512
3b6508786bc773d0ebe623ecc079bfa720b9a1601af59db2a69c81ee8cdee62aaac8d73ef89b4bc340c8a88656fdb9d6e80892b0e1a92c3ffa4d94504c89ede3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b50a90188978f93ab0c1d3ac2a3a318f

SHA1
2ba6930fb8c35fe4662a1f22f627fed7b4d7d371

SHA256
4ab22e382f460010f22dfa900c02ca333cb74839948b5dc8d1e3b2a1b008935c

SHA512
4f831a6ef95673b1360890e8e077b8a1cbce55c7c1d48b6e0f098d6afa09a46eeb6dbe454b2eda5c62100946df350e8d421a775f105e658b236be8d10fcb36cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3519eed7e4f82d8e7200a28f01cae169

SHA1
4e25ffb3e0e74c47265ef39a945825fafd3e5e72

SHA256
f34b93d4412c4a248ae83c62a41a791efa2666d24aab5687d1056d5ec9c946cb

SHA512
fc53668c4fbd1477cd6b9cde5de3178ed64ba10adca39d1b4e6e50dca88dd11613a78b394de5891d0195a5849bc22134f360d3d03c029b0a85c370afe8fc68ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d19133e452e1965d1c31fbb51572f5e1

SHA1
ed8b4c931acfe61799718952555db9979de70a89

SHA256
fd345e36e34ab58a743755b2a77c7e088691245f07bbd7d13a0cb23844fa1fba

SHA512
56c307f13133db6543daae32d665a679daf058dd22b3fee3d60716f1f6e33437c84715ae2efe3dd11278eece901ec824933bb1793381eccb324f4a5e9b8838de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
91efc43dc6cf02f6d5463b6ee3d22422

SHA1
31219b9db22a418c26ffed12281313dbdff2e351

SHA256
3ee2fc6010048588577f54f413700b8baa58dbe176797b8bacb446ae4d4f0cd0

SHA512
30cfd831961350ea3defc402545718571cf906606ed1e9f93dede2506146edcd2f7204b0f2cf3be1b888891f315fd28bf4c0810b1368d82bc63ddce9a133fc25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b6f01a9ce6df4dff799e56bfc20ff27b

SHA1
7e199231928a0a9e8a8069e1d7a7a52098131cb0

SHA256
62f6bd3bd445d0a337259a06b3bc6b02a3282cdafb2c2abfa41b710eba6052cc

SHA512
baca75d2f741b9bb4b95b5c651f81bcb5cbab3dc316d616e4e873a5ed51a462ac20f7864a511118bc5a552c99098d9e76240fcdb5b19c0826a80690d25d8d9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3c6f9830d957fd8c8e4f60ecc5ecd44c

SHA1
9cdc2a6b2d9168084f58812a26812e543526cd3d

SHA256
0a641036a733adcad29b8762810701b0869e5bdadcb2c318bdcec185e39bdcbb

SHA512
fba0fba9840c4cec63d90b42284b8254b643cfcc9af47ee132f11373fc95395195c1fae741b9a827b696456e92b62c8be4f28df34b45ee191a1cb71706689d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4d535329cbdfce5c7192c6e24bb45b3c

SHA1
61d04ba25e03f0098a0e9a32b904469c1a2af519

SHA256
ad929574ba882b66c0c2c937538b2d44e10078d6a40337ed04f57030b5c7bc74

SHA512
26c65a29b1ca3b651686978dc0451eba17e4b4c50ca4d2e3a82c92b3a1c2a5782775edcd44cd27af2cc0096ba2a32af9809b19367e7c014453af06b997c35b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e67988d7e272921bb2b832a689a054ca

SHA1
0957ca0968d7de74a1279770c1b6e4302a8c284e

SHA256
697e4ed68072c1d4e0394cdea4c8f7369429879f864af80da862023e64576e0c

SHA512
cf3feda5d9a5f0bacc0b794e6ec8af8e02fc2f7e619bf310f31156c9524d3fcbdf68866c37023152b04658ed6aba65bace80b877822ca80c3f0b106af0c99763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
23b288a9e159ee0fdb22341447c54e02

SHA1
b2a099e21b108c7f407672d45d32f3f888ceb23b

SHA256
75709d0fe7106df6d2b69c488e4a368f57eaa968abfca5292171dd5b3d0ee7be

SHA512
92ac1264fcaf5ec1e9e34938cc980705592052fb72fcf79288964449c62763c0e0311cea4e700cb495707c3b9fe4ca11540de7cd94197da4ee3e80d9b64efbd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
0469fc10d0a7b4d4f714bfbc79d4a091

SHA1
ba389d86275330ad4463a08478909fa79f318b51

SHA256
9cc747e087394bdeda8a712e75f6727267313def40b9ee60e8ab7839d539cb0b

SHA512
5021c508e22e18f029a055241fc41b69e9ad4ba61456e7f7fb21a92d51ff4cdbc51909fa91f018cd97d13d45ac48b91a6afd45417dee80869635abb7a34b93cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57abd0.TMP

Filesize
869B

MD5
3452a832ea81c59c55425a525bacd00a

SHA1
42512dfe48ed760c02e4ecae5d8c1d80bc176390

SHA256
7794ef3d5ad3d5e6b4589ec437606bb7b2020e39d0504576c3aef3e355401ff4

SHA512
e422e8455c2d7e306dcebc34c5613aff31d054680d0f3afa59bcf539b2c813274198adfc61c2971ba4489343c2b362cc582bf6d4645db02c409b5eddd224a421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fbbc29923291cfc6c59b85ad667e37b9

SHA1
0b985430a314568ac3b45ab8e0e8908365dfb8b9

SHA256
32a1c92ff49a2d013dc1cf2cdeaf25d6e174227fcd9f8ac2fa7479c341cc03e1

SHA512
4bfc137474fd552e62d8b8a6a2b8130a7b05135aa7e96fae273e435330a4c7642c35dc5aeaeb2a4b621530f38f70c804aac7f3186e57945b22a7417cda85a9f6

Download Submit