hxxp://tenutalerondini[.]it

Analysis

max time kernel
646s
max time network
458s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tenutalerondini.it

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{35ED10EB-C891-4C70-892D-4D50AEEC4C05}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2004	msedge.exe
2004	msedge.exe
2732	msedge.exe
2732	msedge.exe
3280	identity_helper.exe
3280	identity_helper.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
4168	msedge.exe
4168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2564	2732	msedge.exe	82
PID 2732 wrote to memory of 2564	2732	msedge.exe	82
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 4232	2732	msedge.exe	83
PID 2732 wrote to memory of 2004	2732	msedge.exe	84
PID 2732 wrote to memory of 2004	2732	msedge.exe	84
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85
PID 2732 wrote to memory of 3228	2732	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tenutalerondini.it
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1e8a46f8,0x7fff1e8a4708,0x7fff1e8a4718
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1356 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1080 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14846246510014963742,1191725378571927983,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\13cb1e73-cfab-45c7-9f71-fc9b9d427526.tmp

Filesize
5KB

MD5
0c6687b65d8dc354b22c0e9749f3ccf5

SHA1
ed80f926d70aa46dc379f413a6d3ecdf3ec9c863

SHA256
5269d9906e309e676830005a760b8ecd5cd0234974491f8c95e7aa7a756f3e16

SHA512
1dbe7159517683cbf49f3835be0093d2866d09df9466ff5b3ff653bf9fd1bafa446165e8a37137fe1527c5e92ed3dfc1c89b055ca25e8357c7d928278f629681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
fb945150f1118a1c0312b60e5134b8e2

SHA1
0b1d47d46ecfbf1f4144856b7ceb62f1697d9edc

SHA256
14c5e13f89cadec2005c78b903a87bbb781fcdde41e3b44f6e7bca3dc0cb8d7d

SHA512
438fd164fd13488cb8584e3b06ec9fb152ceb3b6d36ad22625f1bf625b8480005b320e976ee03ea9ccafd45b3b2caf68d90d2ecefe012373d936fde7d1e5bc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
b857a5d2b95232e03ca5723bd8de6ed2

SHA1
2c5423a086f1dcf70a9783ba97fa6c8b8f38fd05

SHA256
0b8bc7c5d0cbda685b52f0bf89399c7150e63cc416f5c814d9921ba43c284d55

SHA512
4b31768490f247e827a08f28a6a1dd999219c25eb5382f0b218a362e3844464df2c6618e0e49eb6433115a2a938640caea1f883d4ac9efedf7aad6ff66c07888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
98d0cf9a3befbfe09b676be5a9c7299b

SHA1
a93cdbd7bedaedeccfdbe8bb4c9a633735f4302d

SHA256
666a655c02aab0ed900f1c244c01c9c668bfa003efda2d90434b3b6f5da1333e

SHA512
8782dcb9aff1e0a8a7d1edc08292035190291f6531c47e636d48164fb5389f0e514a56ad23d8f316d4c50fc23019b48247e7e2c84026135de5828d35f435f2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5f010ab2b1b2bfd535205a741b06a412

SHA1
a1c9e151af98fad26fcb7120afe7c2b77907217b

SHA256
30afc4184e1ad81cdf0201054dba608457527735ceb3957776ca4a5d54bed013

SHA512
150fa904b1228f64e407c01fc706f928f72f99318b0f808ae56ebcf923ec59a48a05b4fb1110dc2a33704d7808a50911ff21e597d3113d7c1c6adedf716b4a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f00a51ce75a34e1bfa3b42f20cdaa927

SHA1
124a8be3b6f1d5a9d13350f0ea5527c7ad88f334

SHA256
9c8de97d3818ee1efba1eb09056adfbdeedde5e5d50668c3f6dd60d53dc3dc2b

SHA512
0f4b935af8bdec59019c03f439da274e045e0d329b4860accd1261a8576be91f92fbf25778e7b49899acf7836ca7e00795239033091a84c681eba42fd86452b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
801B

MD5
53a8e08de968d8a57622e351bf697008

SHA1
b25d70a5f4a4e3c0653d0c3e76aefb5997ba2f15

SHA256
3c49af5e726c63a863b4b36a6397daf6640b87b132b5e136e4727745c958a294

SHA512
2d22986ab0de31e81db8ded666aad4d5cc5f9c46ba29f555e57c2d1690bae509f304e5051f430e9ef0edd6ece193b759c00c3cd98924e26db73ca9b0c19d5612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0ab559d2b870eb54a271061c903136f1

SHA1
b7e9d16ebdfa9d6d267b9375c7c548ce3bd1e7f6

SHA256
00e9c317395285e43582c5d7090e2d1ad0ca3517c92d8e17aa814e5f7fafb598

SHA512
130104ee81e7912d540b3e0569f17ac296c9f80608839a37398ca139509a3e320a25c363c7ec71f02c5c3616f01010a34de192d09dc4b5efeee312ec5072eeec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fe9dc7f3270dcbc9c49bc2bedbf7743

SHA1
e488a5613f4a29715259804fc023412bd0bd8fb0

SHA256
4fbf735c589554f981631a3385f580953650fac4c2591d8ce21a83bbd062b00d

SHA512
443ce8393a1b86f186c9679b9e8409265bc549156c8d6be67936ba0cc015aab31d3abecc84d5fa50a734e6c0f4aa5f89e283aa4872b992d64d87de4cdd212e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e702725f47ac79c4a3822fbd6f674287

SHA1
df248b7b69cbc0634685636e9123dbd6478b8373

SHA256
f668840adb497c973e409917eed0c12a0df0ab64e165ac1167e6b861b189724d

SHA512
3391f081e3d21947b3a6b9ab5e5dcc13a169e0ca7fa0370caf0325fb7e1440849cd8240cf8187277928379ad2ad7071efb3180568324eb2e15914486cf7312a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
743cb54f97389181c84bd0595337cbb5

SHA1
ac77c20ea49fce2a2c247f599a842257a0478b10

SHA256
377307cd45825017b434f3a893618cdeef58312cbd1b8c6ee3f902bb0d3cd285

SHA512
a6fbfbaba868e0f98af308cd14c9282f3fe53a206e4271b8d6a010440c56a4b882950f38ac6ad059b87731ab6f9a178dd706d1efc55f45c370e1cc83caecc7b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aad096ffb3531fb3a41740ecf3cac3e2

SHA1
754380edef7e3423472c75b16dcbd056e9bc7a27

SHA256
6f0935c8a5a5105937e06edd2b7f40058097050c28e5b3216e5d99fd3cdc8c1a

SHA512
b0a9057b19e8694e2d81f107e5a5f784468031730c0416bde8875341872081fdad87f5ff3e6dfd2b24cc2885439643f48a50b0f62eed87a1268c4aecbc663de0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f7bae0363d2527d472a1cc156bc2a5cc

SHA1
8edd3785b399bc25b093f8a8d28907f6aa8f5f5a

SHA256
32761ed7fefe9e8445d07ee2302a17f72ae9d23c97d012d07bfbbbe55eea4bbd

SHA512
bd4e94b8dd86f7cfd80c586304ad946b4de3c074dea63436ed998809afe1555166f2f786f53b61f32df99851e960673cda2889730b0cb68f76327b88fce27dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
866B

MD5
06b81c2c76072ccd31140207236660e9

SHA1
a7e95b8885d2f2a77cb644a52b7bca52b216163b

SHA256
4891c1cba2fed46a6ef0cf69aa30ec771f5cbad76300d550557da011f8e10a04

SHA512
a6a5486f6dd5384d171c8f177ace018766b8372082093b40b57f454657a18a1d508f6538c0e1b291a55d45d7a0bab80c621aa8699fa4c6ad149981eedd3248c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aaaa11c860b2ff4f4f112d79525eabe4

SHA1
432b48f867d3af0019772de383c527b05ede1924

SHA256
1f44b12c798807a63c92bc0ec6d285fe7f83711d31b8af80e5e850d980bfb502

SHA512
f8916d23f0f188ed7b2ec06d08768f900cf42fdf9d3584c0675905a979eb27f49c856470498e47108951a60562c3cd07ed2cadc4aa9770cdd9e1965a721aae82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583c68.TMP

Filesize
699B

MD5
88d12e4a6aa9063ba200089c4cdd5e77

SHA1
0d10de324b339f18930da9ca7d2a318ac01c025b

SHA256
b6161aa775787a675dd3f55dd2a576c1d39365e429143de2f0b724fb5f0da619

SHA512
223d04233b9b0f87a1c0526e02b66bdd653d07163e1b14fa3ee52daee820bcd9b7dd684272bbb7828e25d20f63004271840cf83f1729db8dcb01e3fa5b9d812c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c7823de9a05b0c8c7703ed34cb940604

SHA1
e2bf7935b03f47134deb2157cdec6aa5167827cc

SHA256
cdf9eeb1c86a756d0702c10bf2574e8b90557248a573b518ffb800d4b3152d89

SHA512
a888ca9bd54b71b7b1437442009d225c5ccc6cc3a9a1815a7c8584b434e47332edb34117e033184b76e13d6d36216cf1f5625587d1bf8d71e3849a539f8c269f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
80d8725ad40120d531d88811c64273ea

SHA1
c4a57cc78566e93fcd6e28eab9dbbbd488f52466

SHA256
2e26a631e2319cb5f65aab196d687458b5523f08218acebe93b2e86f0349f693

SHA512
e65a94aa5afc1c0bb2dfc836e320759dadcc0fb82c4e4d4cba71cc8d2b57eeb3706a47928ff1315cdbcd76715c15f66b0e945a44edca51319b3d0ec3871aebce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit