hxxp://g[.]yqyh571[.]xyz

Analysis

max time kernel
34s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://g.yqyh571.xyz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
2328	msedge.exe
2328	msedge.exe
2128	identity_helper.exe
2128	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	572	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	572	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 3184	2328	msedge.exe	83
PID 2328 wrote to memory of 3184	2328	msedge.exe	83
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 3788	2328	msedge.exe	84
PID 2328 wrote to memory of 4376	2328	msedge.exe	85
PID 2328 wrote to memory of 4376	2328	msedge.exe	85
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86
PID 2328 wrote to memory of 2520	2328	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://g.yqyh571.xyz
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdba7a46f8,0x7ffdba7a4708,0x7ffdba7a4718
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17678781114549914081,3938344352333163588,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:5928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
22KB

MD5
7a204d478c8dfe822bf86f9103bbd9b3

SHA1
7114b36ea1588d9372d730b2ee5dec7a3aee36d1

SHA256
d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb

SHA512
f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
220KB

MD5
c758a89dcfa620f9bc138930fe891ca9

SHA1
f68be6d49724806db8f0fe1305e6d573d21b47ef

SHA256
c7807a5a766842371b12966dda2640923bfce3e17b06e553c4057dd5ac7364b4

SHA512
1d0f2b06adaeedc53d8519a88d354af6f3918119ce03edc9133eb037a03beaac2f3970dae333b64abe46936a89bc66bec0ec3fe764029982f43698fdca311490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
1.5MB

MD5
469a02c22ef30b832b8256cba3cd46c3

SHA1
5fed019fe44d6a401897491f6f4b95425414e7c0

SHA256
54267cd237d4bd5322a78b0d34727896fbd65f76f1a7257799595ff44307759b

SHA512
fed26f53923670116f584e30ece9eb850ff47ed0b973c1f7dc38f219a338c02f04e596e13f4eed491b8d0f2e6c3afdae5e5b76e8965110374972fde71f6ac539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
f218c31d967d7d050e360b26b39df4c3

SHA1
3a03e2ae75080ef0755bf1a1131640e3ed773d1d

SHA256
791410a89899725c497f590cb9138f238713dcf1b318340c18cf0682d52b63aa

SHA512
f97d6fa798fbfa27b3578777d938c327a0b1ea1379c4e0d50d640e4682fdd88dc210d30432320140d5ebdfb6ef721f0b844801a81305c877cba1d3e05d0097c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
46KB

MD5
f0d81b309d4441d6dc22bdcb9e9e7d01

SHA1
77e7510fd01735991f8eb242a8a20acf5c7326d6

SHA256
90b890766ed0dfc173b119f625e4bde7785d509a76d27354148bf0a80a09889c

SHA512
79d3758017eb11ff478e0c258405aeb66eeef77b6041689708667948c85c1ff27688491eb8fd7efba3e5d392e299c055b3ae54fd212a0f5caaca3d91c425829e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
797KB

MD5
0cfb67892105b9bf320af38afe0a7289

SHA1
121ab021c0387005944acf7853071a714d578b72

SHA256
8af04f334fcf75e8cb9fd7d152151e6b18e02d25903d6ee3092b2a3faa6d6f6e

SHA512
db236b32d23618864a6ee49991f594908177b55d88a03593fc208971327115d5532b697c90ee561826a147e64cfa1137f295da410e79056badbc8bf642a13e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
32KB

MD5
01b7644a0c89401f39c0cd3d58196f3d

SHA1
7b58356b54014cd00373fd17f83c66adbe719c28

SHA256
98ddfc4446c9e5e87a8a9aea39dc23d3180ca33a66072fb72b3e84fc4c9a809c

SHA512
0dd1122c2cdf6544635b8bd98d1487f4749b97140fc7879a1f052ff5ec5feaedefe773d785e4f794b90ee009e4ab79e9550ea38b8259475373b5bbff40c86c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
32KB

MD5
2d59be438acc0826f9b6f0ed8c5475fc

SHA1
c248569b512be765b38baba61d60df21b55628cc

SHA256
8969d1c9a3cf687d3cfef6268f61a41443b244530b63f4fb2582a87959caa044

SHA512
75cb97e0b78d379fe8f8e96c90f898b26a72308507aa2c15caba0675609c03738e912c47145e8d6abb71f651b64f3d791046bfc1bcff56be5af35253b44d587c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
67f39d18385e6e629bae2bc0be4efc4a

SHA1
ca45726672a23514149ab985b8ef2b4bab2c81ca

SHA256
ecdc8d236b9db84c5724b32710eb7e67a1ea6c01293e609d91f869ce867c7da9

SHA512
c6c09eceeb106c8cb634c7bc738bf7006fe0155d010aac96fba2b45488f3ccc01e43248525090dfe3dda91c246a85845de4a6e3de35dc136a592ac02c1d34174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b2b5027972de2265f1582863d73913c8

SHA1
83c42eba65f15e5e523b046819b585d75aa900a8

SHA256
713c79e19dfd6258d943bff44066055d3b9fa3993d9c646cb4be70edf294dc1a

SHA512
8bc60485009b36e694431da84d2f2455a4dbcd43b28728bf8e42c4d0a4a96a4aca0c40f193365b4299fa4ac67ccd72359ec01097e0ec4ecd8109a4b073898898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1dd073455f2f8403d9d3c15fd504f73f

SHA1
d1477f0bd4eacd2f28ffe54c1f402354b5310933

SHA256
67dac8a76b179def2351aadb2d43f989063841f1a7e3ef95a5f891437171eb6d

SHA512
6007244095d6ca86018dfc8916c1c37b450f53a93ad55dc8f260f9a1c1ef5bc343dc7c059e8e073cfc3c763815b802ae694cd70f896f0ee2f21e98549240788d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4830bfdbcf0717ec82fa3b7dda0471d6

SHA1
0f8fadfc21528f9821487fa4970fe326945e1c6c

SHA256
7637f44bfb175f546ffc5a1a50449a9eca4d94f7449adf0eb5fda061f6854c6d

SHA512
fa9eee8c21c0caf102207e19583beac017aa6b0a78e4875916cf3e8d19505067a8ece86aad940a86baf60014877382f90f8aef676a155edf6afb8382e7d338f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7b96f0e7f3a35e67ccdfcfbe7c4b306c

SHA1
c6829abd82b9863bee90c76dc56dc301867dd127

SHA256
a238e951ead7187ca82d40fc9583716c2d46ab84453021dc33b10836a5fd65da

SHA512
84c97f9df1e6649c6037715d8b8b73f453087cd6c246c1260be297de7b79886d06fbf530732c2cecf17e0cabd435174f2f9810ff32045d4447135c4dc08625f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c3d8012c415475a4567d9c9e034ba874

SHA1
3efa31877988d19f9dda9073624759ea6fdcbd49

SHA256
0095e00169fe5ce83dfe15eb9f4059c128fab3a5cd0df5e0afd2da27aabd8f8d

SHA512
f7e81040326edf2cc52e3dbf844d02d60ceb19a5034cc980e0a41140427feb46e1ada9e0abe6feffbcbadf3bfcad425f089323432b1fbd7890b35ab5c63f231e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\44210d1e-30ac-4b27-8c71-d85fcae7fd02\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5cc61e23-415e-4adf-a36e-f7fcd680a149\index-dir\the-real-index

Filesize
624B

MD5
677f79779ac8354463a151c2edd721d8

SHA1
ce1b6195904d40584f2f86a1a3f87cbc954e66e3

SHA256
9c2d4c33a6f43138d980469f267c1b18f90ba9b9302ff6af26e6e87eb312abe4

SHA512
57fdba29d41678f268a2c23c9777a4f9609d9eeb721b68c85c08c98afb8071e25ec4ec4a3f6fe2a492c4b43065b705e91c46a8fe4ba03eb63761ad91975f4d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5cc61e23-415e-4adf-a36e-f7fcd680a149\index-dir\the-real-index~RFe57c0fe.TMP

Filesize
48B

MD5
88a3a0f6575308b36f52d8e687682ef4

SHA1
89956bbbd67c47c9828b513426171f9cc732f681

SHA256
c4e6f0118b5d34b528e9f3024693003cf36c2c8df20f7c1b13a0c8545b8b1849

SHA512
361cf2d6b0304d165910b9aad50cb651212adae8db088e8464122d0ad65f27a5d605ad9f4f7404389fa9badc53046691661d4a6e86b1cf16172e4f7c2725653b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b383cad-84b6-4a01-a140-573c2ea6cbb9\index-dir\the-real-index

Filesize
2KB

MD5
e1ffc6c4cb60b3582f6b9eb7971819b0

SHA1
53e70782700d75debec7f6ae998ff0d2e6a41336

SHA256
4c687c8d5e26f42197bbac4445cf31423a17a77777402aa2a6e9d178c731d9c5

SHA512
84f9e6016ed2bba2fbdfc9362b0b71733673f9ed23d48907b2de7a90fbae60ccf13b4411f2b5c0c3094509224e7052893ac89d11fcf5c961676cdfd2d310c707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b383cad-84b6-4a01-a140-573c2ea6cbb9\index-dir\the-real-index~RFe577753.TMP

Filesize
48B

MD5
5379ce6269e6c0ccd4067751a5a17e40

SHA1
24b504a80fb94f589b752075d81af73e838c2a6a

SHA256
7eb500259013668363b62f52e61935e24710b1125079208721e78f5952007d2e

SHA512
7e5ab01f9e83c58a84be15923fd7ec13ee565beaf9fa94a4571174c091472632f9cb4c840923f8fb991db53c9495d671f504f0735afc24012dc176799888ca03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
4cdef5221ab0c04062a6cc7a34614a75

SHA1
71e2cb99c23c45874b7974967fb6201c864acfce

SHA256
221f0b3bfa8247fbaf1946b15a4589c82cc54049869b9629f3b11585c83f0095

SHA512
71c7b6ef6401fdaaf4ac3a2f6a9287e005d194fa607a65defc4a738f752af1f5e3f0199c727e5c5a54d32f754715c856a387b0179b7fd3412278bd46b2dfd461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
d2d2de6fb646915a6662b62721cffd63

SHA1
72d0e239f9bf9efdeff7dd437b7cac108cbe0287

SHA256
e79336190b3497cbcd198051535eb07c163b09106448cad9c298ef664d24e0ec

SHA512
d7555ae6b6a33ddea3f85191e0c07cf0418f3a57ea3f4d77cdc139102110253cbf65cf925676c9d778f1c79422811669b039b33d9b1e212344874f2940ad43a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
77bcd203bd788b0e5240ce55c7bff8f0

SHA1
a3a623c46dcd37ce1d497b65ea88b4a174e12779

SHA256
4595bc5546268399330432b2a2451e5d108a76667d2d8b96b0b113960fa880e2

SHA512
e6138883d16f4eae2d2d16d9e1fd015bf7e143d0e1bd15eb4d74037fd4ff4367349ec48f686d67f883749e5f094444016356eb2dec36f49154a7ea911e99dc65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
442165e8dac957e64e5ed397b2491c62

SHA1
9f7f3452e25405e1238ef71f2b41d5ce3cd8050a

SHA256
9e3c2543efea0184b78670a92d496cce92435cfac5d6470e20611a15702c6535

SHA512
f267e55d60cded0bb47db2bdd66758d732d122d135fd276f3e3022558bdf33f9dda512595e48659bf13fbd230b6371a7a018ea2232ab64b4581e8c8c4d0d0ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
2ae7f9fbb73b6545b39e6f795d36f018

SHA1
cd2bc19cc414887a6d2435a0a4a682061757cb5e

SHA256
bfbcccb921f9b72856a54b050f2863c651261c3cacc1114ebc30f8f4db6f2670

SHA512
7c37e8d074001f31f05187edf2c11471a49ee9361e63cdb85f57277e19d5a9ff9a6f78729ca47d76b82f16257023ada2256f75416f50ea2d369e414cdca4158e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
ccfe573acebcad80c867446b0f41ac3a

SHA1
41cdfebfe2e83f13296a0bbbece3ef5e79e6ca45

SHA256
b2940a60e4ae2913c8885774ef623b8ef99219f1afac69e349142bf94c1e141f

SHA512
f35fc6d8258673adbd92e24b8f404dff0d80fe7abc3faabaa0a3be3b317181c1e76a79443124fce21ba35f6c754872f34167fa4b622f695d8d3921ee2c34c907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
e406c57e1b7f04ffb149f84f20f4606a

SHA1
507a84251cc039f09e3cbdb45967e793170a8b79

SHA256
ff996a778c4ee601137a599bffa817ce6653ddaad707cc2e0e3c2bd2522e9b2e

SHA512
cea6a2a86cf758d6ddd40ec9e02c84a22f32aab4f443733c82274d0c8221a81601b59e031e11fd971909cd9c2e385b6c4a816c8ce4dccd582fee7136c7e97f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
93fe651e87b7e2abd0f150320d007edd

SHA1
1580f48fa2ccc4cc806e95b50a22f035e5e30634

SHA256
fa3c0a117d7c0cdcc0de49dfe672273fe94741927cae4e2a042b7b49c22d0e8d

SHA512
eb563237257bc2b6e20fec87151dfb5400c51a4c57621e6b7e6bb58da4aeaff1cc63fd067afcdcbd9882d0c0a7b782d571526f698ce16c87a953f09931510dbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c0fe.TMP

Filesize
48B

MD5
d8ee9f0e5f112e1ed33cf46ef381d7e1

SHA1
ed503ca7feaa2792f5e08ee65bb4b99de1fadf98

SHA256
dc4a57fbac0434a3c8b1f55b4b716465d126adcf992d328af5798c905b7b60ae

SHA512
dda0beccaa3c5d1fe3a82e3c97a1b42fba29680e4088076af03e94070fdb1cd80b33ce0b48266362b10a91d30bd54cd8b4a462a9a0cba0dd6efb1341a61f56d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
6462438e5d87fc1e3f9b6621ee86011b

SHA1
f1880c394d938f891c09f5238e70f7b89dd5e10e

SHA256
2be989e464943a2a878772463e319029de8df80c339d20f7008b737855f8de4d

SHA512
bbc766cbcc53bf2fb63658c57166712b3477c4041f8607051e00033d9b52648eac9696fbb3232c81b6196d0a8467aafdba3f8e76768fab49275275e3d358da2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad66.TMP

Filesize
706B

MD5
e7b5bd717fea9328749b3779001be70e

SHA1
b0ef76097e74f7e4d5a950ffdf4eef8b0b6427e7

SHA256
1733652613962c89985cc215c486dce21886df50767cb860e8e969dac6dab274

SHA512
8ae1799fb2c39d364ab2948323abfbc78cca4324a8b661078010f019f3b5fd10cbfe8f3ac461570c0f305f0561066662db9552d73f188ffc4e9ffb7d3ac4c7af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
882d1dbcdc060390b13c3bc870489369

SHA1
aec4b15a2679bae3e48a3f96d702c17f8fe0692e

SHA256
3a92b062c6475276d6deee61397c596fd17f24644dea5e60c6a9fdf0d9526d59

SHA512
a48944661138c1e210ea60f86d50223175ece857c91ddaf20231b701e28cc09628569754eae303d04f398a61c02997fea28fa315dfc16fcae78bdc4afb2754f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bbc191b8819405bb25e5b08bc669ab78

SHA1
509a5f0e3908923495ddc69366c120cd1c6c0696

SHA256
bbfa249c0ed332a52c6e3bc08df7300ab761936b7c757a85cf9676d2d109b6ff

SHA512
c0c3a311cd3ab5f50b14a6df8286990376c7f19ab9a411ae95287bfd6339069a9c024f864031e9be6cabc4a8ac61a9141ab395aa42df85b6f5a00a9ef4ef5343

Download Submit