Resubmissions

29-05-2024 09:05

240529-k1794she6v 10

29-05-2024 08:55

240529-kvm2zshc8y 10

Analysis

  • max time kernel
    389s
  • max time network
    391s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-05-2024 08:55

General

  • Target

    http://sci-hub.ee

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://sci-hub.ee
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5092
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9584f46f8,0x7ff9584f4708,0x7ff9584f4718
      2⤵
        PID:4720
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
        2⤵
          PID:1516
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2264
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
          2⤵
            PID:1620
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:4808
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
              2⤵
                PID:3932
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
                2⤵
                  PID:3424
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3216
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                  2⤵
                    PID:4936
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
                    2⤵
                      PID:4888
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
                      2⤵
                        PID:1148
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
                        2⤵
                          PID:3420
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
                          2⤵
                            PID:1456
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
                            2⤵
                              PID:364
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
                              2⤵
                                PID:1944
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
                                2⤵
                                  PID:5492
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:6132
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
                                  2⤵
                                    PID:672
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
                                    2⤵
                                      PID:2108
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
                                      2⤵
                                        PID:4168
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
                                        2⤵
                                          PID:748
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
                                          2⤵
                                            PID:4128
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1
                                            2⤵
                                              PID:3524
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
                                              2⤵
                                                PID:1836
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
                                                2⤵
                                                  PID:5912
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
                                                  2⤵
                                                    PID:5904
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
                                                    2⤵
                                                      PID:3320
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
                                                      2⤵
                                                        PID:5076
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
                                                        2⤵
                                                          PID:4112
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
                                                          2⤵
                                                            PID:4288
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
                                                            2⤵
                                                              PID:6036
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
                                                              2⤵
                                                                PID:1164
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
                                                                2⤵
                                                                  PID:4240
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
                                                                  2⤵
                                                                    PID:4136
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
                                                                    2⤵
                                                                      PID:5168
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:1148
                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                      1⤵
                                                                        PID:1980

                                                                      Network

                                                                      MITRE ATT&CK Enterprise v15

                                                                      Replay Monitor

                                                                      Loading Replay Monitor...

                                                                      Downloads

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        1ac52e2503cc26baee4322f02f5b8d9c

                                                                        SHA1

                                                                        38e0cee911f5f2a24888a64780ffdf6fa72207c8

                                                                        SHA256

                                                                        f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

                                                                        SHA512

                                                                        7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        b2a1398f937474c51a48b347387ee36a

                                                                        SHA1

                                                                        922a8567f09e68a04233e84e5919043034635949

                                                                        SHA256

                                                                        2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

                                                                        SHA512

                                                                        4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                                                        Filesize

                                                                        50KB

                                                                        MD5

                                                                        1a7a156a196e16f4f680e0815e3db505

                                                                        SHA1

                                                                        d516a05c8e374b962aae9f1c6484eb12d88226b8

                                                                        SHA256

                                                                        46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9

                                                                        SHA512

                                                                        c00ad12a47717ecb6d7ac746f5e681bed7bc084419216290a8aa7ff4cc502c3bf9378794e1b5882df361410c0e5c2519ba5ea6ae98859dc72d6590ce14535097

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                                                                        Filesize

                                                                        17KB

                                                                        MD5

                                                                        e316e72bd7572e0e0112858ef0e2ddfc

                                                                        SHA1

                                                                        ede4b33246741c317279591bf843630a3c1da923

                                                                        SHA256

                                                                        c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952

                                                                        SHA512

                                                                        bd85b8e5bcaf8a346e615cd3b741fe9fc4992fd91312b2a2398fe63c637273035534280fc39ada7ded23a809f2d9ed5dcdd113a8d6bb6148f79395ce667abb20

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                                                                        Filesize

                                                                        99KB

                                                                        MD5

                                                                        91085682855a0cdcb4f7fb758889e72d

                                                                        SHA1

                                                                        fc05f5ed555e251b475859f1833432fba23d72e7

                                                                        SHA256

                                                                        d8633da9b09816e32e60ed7c93f53a8b4dc528f89bc55423de94bf118c9b8f15

                                                                        SHA512

                                                                        1ef50ea8822e4f9e17ee01040988302b6322ac6c5f2d3a9d122322a421372a2a91eed4187430f11de098c14a2b0a6e654ebb89fb0a50229c582d571c77f74b9a

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

                                                                        Filesize

                                                                        21KB

                                                                        MD5

                                                                        7a9c3e5bb3208d863069b38c71920112

                                                                        SHA1

                                                                        0fe5e236fdaecf7e7482cbb7bbbe54e812366d81

                                                                        SHA256

                                                                        8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c

                                                                        SHA512

                                                                        3410ae393288480ca57e6520b9a3af6892bdb46af68fcfad04595fbc51ec9b6e3991079a622f040365d2f8520a3280f81ecdf629b7465a53dc1c64b7f56fce8c

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        b44c8912d1c43fe5eed8b0536cca79f9

                                                                        SHA1

                                                                        7d3961edd5ebfcaae667c632e6abb72636a3063a

                                                                        SHA256

                                                                        8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f

                                                                        SHA512

                                                                        62cb1b0866b1a2b054dbdc6a603bdae37984f125861fa1658579e3ac9e91dec98a3329aa53608f306440c3a2877828566f95f3b08dfd3407051b0b16efdd7237

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

                                                                        Filesize

                                                                        54KB

                                                                        MD5

                                                                        6c27f2ff737c54acafe739b29f2019a1

                                                                        SHA1

                                                                        1bd7b0bf0f76ba0c34d059a0a93f7714bc69b57b

                                                                        SHA256

                                                                        14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570

                                                                        SHA512

                                                                        d226e531d259426cc6d7e3afdd2aa8b6c6cf9b37c0758e4ef84d62758b7f794273ebafabecae19a3b73d16a07b1ad108c92d5d9e1aac93c6d9b1352e4890e807

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

                                                                        Filesize

                                                                        58KB

                                                                        MD5

                                                                        c19895716fdaf0c0704116d6b97a2b61

                                                                        SHA1

                                                                        9e6cc234e33cf708e7e5bfcc661d9ff85dd9367a

                                                                        SHA256

                                                                        c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202

                                                                        SHA512

                                                                        f8d174066c1f91774906dca60470670dcd654d2d4bb473180fb0bea4123b66fcb76de24d0fcd66264436222028a3e8ab6085d9525468ef0de81af9762bd9f6e5

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

                                                                        Filesize

                                                                        19KB

                                                                        MD5

                                                                        d546a874d6488dc7b2abd0843b4d02b2

                                                                        SHA1

                                                                        abc38412c078bb9ab9ff9757aeefa67a19ff2501

                                                                        SHA256

                                                                        c243c2a98c75631185c8d04ecfffc2765b0d3e3516c3ee7e2cd8d2b67660cf5e

                                                                        SHA512

                                                                        13c7bde4df056340a345dbf1473a01308fd2786be7a384411814afa8f005d34d2ea979a24cb2d7821b5bd928841ffc3c00944500a55c2f0934155ba786ae9c0b

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                        Filesize

                                                                        168B

                                                                        MD5

                                                                        62d783945d2ceb1bbc9b81d88097fe37

                                                                        SHA1

                                                                        b2b702423865a326820de3dec1f948d887111dd8

                                                                        SHA256

                                                                        76f25d2c36c42143728a249e848c7956597b408eaa7d378f97137d89ea21a23d

                                                                        SHA512

                                                                        404707068e200b213040260d861f8c9a16946619317fddf311b6a47a76c29a17506875306088d8768e10174c5e622fefb48a5fa0c1402e5a448e278756d7cf9e

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                        Filesize

                                                                        240B

                                                                        MD5

                                                                        3facd247171b228ecd8e48420511832b

                                                                        SHA1

                                                                        a024021f9953b2422469393fef242400ad355df6

                                                                        SHA256

                                                                        fc0c8c888aeb5e8cdab3a83ef42c3f626765f9bd40ebb89e25ee46f3f7bc968e

                                                                        SHA512

                                                                        391398564d43eb3e49e8bfa58aba3585065e4efdf3a29a6f929b1884457eedf43191db4c999e8204aa092d05f6e669df302badd0cdf5b3ae3ebfd35439d9fecf

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                        Filesize

                                                                        792B

                                                                        MD5

                                                                        a7ec59131bbf5cd71c8711ee1487bf18

                                                                        SHA1

                                                                        d268a102bb5a100a7d1f8266f8eee4af86ffe3b2

                                                                        SHA256

                                                                        71417871c5d46c44fd546248044d3a8c5e0736887e4415445f9123b4fb587d5c

                                                                        SHA512

                                                                        b5696267cb4b40715be6dc576518a5596502843509adaedb14152025d249c6a8eb17dbbe5192c0115f7e1868594faa7d98015eee3fa9e5971a8b3b6b402272ef

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                        Filesize

                                                                        991B

                                                                        MD5

                                                                        b94ef33952a699ae4edb68434a567479

                                                                        SHA1

                                                                        026f59147a7285757ed7ec54fcd34855b9cbfe3d

                                                                        SHA256

                                                                        5cda329eddf7d830f06c8bc6a32e20022d1d0cb987dc05a9238d799c56f42a38

                                                                        SHA512

                                                                        98d497ae666833d1aa48627b99bda8cd21840414cbffc9a30082fa3ec83401f71dc92dfeab6aae4cd0154891e00e7ef576ed4a7c6a4025e6ec444240e46b9c58

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                        Filesize

                                                                        960B

                                                                        MD5

                                                                        1e4957e8e999ffdd21c08c4d0199b3a2

                                                                        SHA1

                                                                        857d8bc9f9bb7ef956226a1d94371769ee624a6f

                                                                        SHA256

                                                                        b9327e2e4b10d3aeaf03543ffcb6b5ed108631a10243d804f9d88f137b72cc31

                                                                        SHA512

                                                                        299519990e323ebca133294a136010226875b8444ac084a44c9f60cda4a1b54d3eb01b62dc7962ebaf13f7f096d654b44cb43fd7cef499a2c8b2dd6daf7a7165

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        3586c23a2e4bf5dfbbc00cff52eacb21

                                                                        SHA1

                                                                        55788d0e28c800bbba88b977536c9829198f58dd

                                                                        SHA256

                                                                        044085940da51ad12260e886cfbfad468be7c2d3c1a16412e18d678e61a0468c

                                                                        SHA512

                                                                        2604730752ac67db978dd8e7b7b7adb10357e9bd0957b47605e8501721fa5ead91e91ac73d66c72552929a5d23643e61fb25297036b41085119b82c3fc564bff

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                        Filesize

                                                                        9KB

                                                                        MD5

                                                                        81d2fa7d9ec72266793dee35d0b490ca

                                                                        SHA1

                                                                        9b57488a967704315f14b4092233c6f4a93ce6ee

                                                                        SHA256

                                                                        8c2c22eda688fcbda7c189aa99201f4f76807d6414f15adf4e2382e5bf6d0b56

                                                                        SHA512

                                                                        b41cc2d9bb7b667df90fe9d9838dead67ad4fdc21c93b44e99dfdbdd0545c5e4711b132e0b5ae03c38ed711b0d254da351854db0418acc7caba3ef0120562b73

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                        Filesize

                                                                        11KB

                                                                        MD5

                                                                        a3b87128e2df84d0f9e8f1717c1ed72f

                                                                        SHA1

                                                                        1e94596d205fcc660e0ac1fd7a86bb83e8eb5e70

                                                                        SHA256

                                                                        8adbb88024fb4dc30943f9d453bc609daf2349038d7a0d7829c4fb7eb41a9d1a

                                                                        SHA512

                                                                        fa43ee2997544a2ec5ff83b6edabab0943cfa4dedce3aed08eac6e36d1275937ce0b88ae35840feecd87ea9d9973c7b4d8d9ad7590a03d938af6fefd8ee8d1be

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        1ff44e446ffc73f3d337a227d95c442b

                                                                        SHA1

                                                                        4cd3449cccb62915113a22c5cc5a12b677919bce

                                                                        SHA256

                                                                        59259df3152db3a8b705267a4ff2934211f62480b079792425ff4e11e5af5148

                                                                        SHA512

                                                                        c56e4b2ef08169d24cf38f37acf539a521ffeb22a4cedc62fec6567f82906b088c73af4ce2730982dd894765a3a40de9eaf6262c3fa52c0fa20484c1060d78cc

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        d605b70901eae3d1609a785fba7b5b09

                                                                        SHA1

                                                                        49d640a6818b63828fa9462b2147a5b51b511fbc

                                                                        SHA256

                                                                        d401a2e841a91809e0cb86f360e36b53ca06bde494333ee560c76dc202c9d6f7

                                                                        SHA512

                                                                        2812496af3bca9cc31c42478f952cdb2a2c4d7084ce9a4be17e1cff48cdc3e3f06fc7c9bb4d6d5635084a8ceac932ae675c4d7328cc5b42d5e70df0e17ad9022

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                        Filesize

                                                                        9KB

                                                                        MD5

                                                                        11cc2b4c487d13d75d79a0815965c167

                                                                        SHA1

                                                                        868f2b5e366ee169c220caa2d5b25e30fa886890

                                                                        SHA256

                                                                        e0f5290b3e994b9e9de7f4e8cbcaf3dd966ff8b3689f07c7fcdf4cd23290608e

                                                                        SHA512

                                                                        824964a3c6be106562ecd18c70fc7a9d57db659f43410922bcaa4798be470a46207cce2a8940ce882a512b7e0fcf38657e46ec2e9b8e957f719aa3c790fbbea6

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                        Filesize

                                                                        9KB

                                                                        MD5

                                                                        48aa7db87102029c563c86e2992fe6b8

                                                                        SHA1

                                                                        b2eeef9c7ffc9db6b87c7ed411b2fadb8d3b9e76

                                                                        SHA256

                                                                        59fdebd4afab3a8f3fd368dbb2fbb8ab1f7192333eed728d92350c69127ae437

                                                                        SHA512

                                                                        13dac5bf679814574ec1dba90e935ba0c3e1597d5e74761bd5d68d45ea9e1732c07eb00c2832d1e775bcf38449f81c2b29b105e687d8d8a2795d87f2e7e90c22

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                        Filesize

                                                                        9KB

                                                                        MD5

                                                                        a03cf5108b32c38f3fbb4fb157d8f920

                                                                        SHA1

                                                                        7efb2445c5618a02a3358878bebb99daa85557f0

                                                                        SHA256

                                                                        81e1dd818d15c0369237bfe52a3c7c697f483baf3801a4c9863de08e4c6ab282

                                                                        SHA512

                                                                        3809d37df6ad06508e76b20a484245a3e4657f5f49aadc271a56eba58bf0abd3a50277613212ffbd709368a1b962d0595bcbe12f25fe931da03e6fbcbd7ae3e4

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                        Filesize

                                                                        9KB

                                                                        MD5

                                                                        c9d2aba8b7b6eb20571a82aca98cecc5

                                                                        SHA1

                                                                        77dd937c0e53420fcf3a751e1d9a095eef304b31

                                                                        SHA256

                                                                        f3f24995d029da6de22ff3aa30c388617f87a620b843f4e5ae848c782eb9e3de

                                                                        SHA512

                                                                        d98ef7468f2de0cb6cbd399f254cf6d7b4925f54abca8bbc34d752ba01ac46b3a4579e0754cd59bee6081677dc1ce9cd0752244facbd2ff626a8287fafa6f8a4

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                        Filesize

                                                                        11KB

                                                                        MD5

                                                                        e8b7c08a47e56541baf5254fb61719a5

                                                                        SHA1

                                                                        2fe94c10cd7c6e3e548299fda80ae450bf0c78ad

                                                                        SHA256

                                                                        18068040e53c291f1e1911625698601870f6a585df7c7deb19de6fe86f41dcfa

                                                                        SHA512

                                                                        0fb0aadad1ee22146f5f9d1fdc2be03b1398788677856ece255be01294eb0b442fa871ee086b6e8f9734428a4a33dd9a6e32a8e9956fb113d80fe49cb0e02780

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                        Filesize

                                                                        875B

                                                                        MD5

                                                                        a5079cd88b7bbcabf46c8f9f45b16ba6

                                                                        SHA1

                                                                        6247db048650960d841ecb143b5b246ba4ba1ca6

                                                                        SHA256

                                                                        4b1557b8e66e9172d3f649e70f4345aaabceb45404b858fccfbc0b4cb39ba9dd

                                                                        SHA512

                                                                        ac402d533670871e1e07e42b92cf40db492f4ce47315db0526ee64aa5e5f87160a6e25157858bd99ed90ea147efce5e56095bc4f4db3ab62cc5828bf86856fe9

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                        Filesize

                                                                        539B

                                                                        MD5

                                                                        31c80f7f348e5d01b16f29e84ee20322

                                                                        SHA1

                                                                        7300e5831c9994e56662efceaace907b8b496162

                                                                        SHA256

                                                                        04b040f038297dbcb2a5dc7704d41ea87a1f42cd303f136a8f520c2822f18ac2

                                                                        SHA512

                                                                        f48c2380df9fb8bb2173caf093bd2bba3a2530e5f42022f888da9f69d4f4d0168b021a26288f36e9cde506c9f3b303168692ee044231bf810ad8067dd04270c3

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                        Filesize

                                                                        539B

                                                                        MD5

                                                                        3567811e53dd10fed3dd5a793863e0a2

                                                                        SHA1

                                                                        25205b10b0d6f3c83831a56492ffedbde62b200c

                                                                        SHA256

                                                                        871d8f866f0260f761f5a1420ce7a4cf7352cfd5d5f8622bf9dc3b152d7f45b2

                                                                        SHA512

                                                                        5041199f0d1c1c789555072cbb2c5cdd6ea8b0409f572ad7ffd9c581f1ed0879f3521b1b69595a88e79926ddd63e25b922608912f4ecc01314d666bf92d5e7f0

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585f80.TMP

                                                                        Filesize

                                                                        539B

                                                                        MD5

                                                                        edc9116023a98de01d7ad0fb9521bbc3

                                                                        SHA1

                                                                        801caacaaddaeec658b5b53b9df6617711a201dc

                                                                        SHA256

                                                                        e7e5e4379972c006aa1e936e5169f9dcb1a1c0a7600192b095beffe9aff2bad2

                                                                        SHA512

                                                                        115ccfbfd018e4bb8e90c828bba699519f4fb674bf3365e804c9cb36065536dac6137a3638e8f14b7b172349914c43d6cf2988edac571fa9705ef7b01e3dda1a

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                        Filesize

                                                                        16B

                                                                        MD5

                                                                        46295cac801e5d4857d09837238a6394

                                                                        SHA1

                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                        SHA256

                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                        SHA512

                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                        Filesize

                                                                        16B

                                                                        MD5

                                                                        206702161f94c5cd39fadd03f4014d98

                                                                        SHA1

                                                                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                        SHA256

                                                                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                        SHA512

                                                                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        b08acac3f4634fc03c7507f168eaee22

                                                                        SHA1

                                                                        b73f0038038fff57803c380cf0310ae38a217f68

                                                                        SHA256

                                                                        3510a086552d859d6fc1ed575591cf8dc8f82cdef55b1997380cc3b84a8c1a52

                                                                        SHA512

                                                                        17b338e7febcb6f3c5f95bd3340d84e052fb9922de0f2c9d81b7e6ab314dfffb9791dbc72394065a4ec39aa5c18ad3c82b2f4fb17ea006b5a0dbf782704ce729