hxxp://rb[.]gy/m6gejx

Resubmissions

29/05/2024, 17:20

240529-vwk9wscf79 10

Analysis

max time kernel
76s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://rb.gy/m6gejx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{AA839AE4-F6EC-4E08-9BD0-1EB18BFE90F8}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
3208	msedge.exe
3208	msedge.exe
32	identity_helper.exe
32	identity_helper.exe
4152	msedge.exe
1196	msedge.exe
1196	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 920	3208	msedge.exe	83
PID 3208 wrote to memory of 920	3208	msedge.exe	83
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 3724	3208	msedge.exe	84
PID 3208 wrote to memory of 4016	3208	msedge.exe	85
PID 3208 wrote to memory of 4016	3208	msedge.exe	85
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86
PID 3208 wrote to memory of 1976	3208	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://rb.gy/m6gejx
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae94e46f8,0x7ffae94e4708,0x7ffae94e4718
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3236 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3948 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6504857097161700407,13729257241165615901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1512 /prefetch:1
  2⤵
  PID:5688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
20e324fe52991a833a21da131a8ee236

SHA1
b0bf6192784ddccc45a534b4f97010d0fbda8408

SHA256
dd8cb1ab5c044f318d226e2491adacc3430c7c4fa293ec043e8278649daf08ee

SHA512
2ac831029f7d1e4f19c67d0f3e56009b1e00427d06e914897ae192a2f6a7719e81198498888eb3f9da3366a3752ef291ca6d443a317ae3d262854ad699d5be3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\309569be-2dda-400a-8005-bbf1f37f674c.tmp

Filesize
1KB

MD5
52b666e5031687bf6e5b4c56943b989d

SHA1
f7828ceb6cb7d29c72379d8ab4ed4948e6ac27ca

SHA256
f196b3e249435fe63e9ada74fc517dc12edc59fc78d8e3c38ae0fa42bd0d2880

SHA512
643fff7b2ae6c4f2eaa763e1cb6362e2a8e97a0475c8b1246bf1f15d8b19bcbd7edd69e5b9a6298b7e4f9f3872a6184b91b26427759952ee909132cba29dfb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
86KB

MD5
21b99db6353764fcff850ed4de1489ee

SHA1
e1771dc14a7d394e89c3a222993ce56c86f44236

SHA256
0791bfd5c9dad4b28433efe5937084a816644a47560926dae6831452468c718b

SHA512
c92d27c11455e82d60302a0c206e711400f1a74f91473ff1a710453d4a23aa7e4f5632e349c12e4d6b3572a03f0171495bf4782c4ec67101c705b570ed76de4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d4cc5f334c514847cf3e3d5fc8562cc0

SHA1
35fa778d7b956dcb4d4279b177b9b6b520329f18

SHA256
ef1f427b520e8f174f90b52e18e99f56bc42bf65fbfce48e8e37248390a2aaec

SHA512
a049a116321dac409550e6baf9bf5683253327b591c4d0a90f8beb2451a75967e40b5cfc8c53d263c78439de3dc33c5f44a4f5235da9eb52f55c46a5fe99c745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a47695b318c2d13cb85f6cd9ddb7d2a0

SHA1
157f2e6b3bba8ab66e93ba4eb1fcc7b50039bd9e

SHA256
0d5d7445d3bbae4592fd4405f7b957ba456a9b7c5246acbdbb2e75afe6619cdb

SHA512
08749349dd8f0409ff8398440bc0f1ea1f47b64ac70321be3b7011683b52a91237378423a2b99fea3c3d17027bc25006382a88fc912006e2a67d8bd0b448b3cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8212e65ea50fda4eac350aea6d3bce72

SHA1
fe04358d5bc8483b565411f028dab8ae3a833e9b

SHA256
82408b44c81471f14c7289dcebd44e4053d5a86cf84ca8ceb78c37202ed49c8f

SHA512
3eab16d9029254642a2ce92940e8fde8578434e1c46968f883b21a97718cad6772e01797b113effae4d47c5d8d850880bbcf675ffd62e09d5fdeeb9bc4edcbc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e24c899b8ee1ac2395de24fa29ba2131

SHA1
2f1b59786cd8402767c590e63fd5108e8f2d5128

SHA256
bbad049179dcae1bb3a754c0e9835b5d05e0470a37e25b43f08a9a6d6c4c896f

SHA512
9740ce1efd03ca135652b34a64cb23b067094d3f09d23fba9029d6659c36e463cbca69618fd1e49f67e5941d51a8cccb37683855a0004231fce9c3a2e9c4a891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9a22cbb2b3c47b7f9b79edbd86e950a

SHA1
210a4ae3131579ea06179ec6c42adcac01825df4

SHA256
61234dea5ecf7bdbc95bde6dba208d2f16330d290cc911e359f5bfc2ba4b08df

SHA512
22e652e3bf2c98c3412cadd14ba94bd682533cc26a57fb0a611625f206b56b39b93230f09afe6c3c8bddf8232270c8284a2c36350d8764efa551d2ec8e29899f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d624708f75dbe3f15def8b797dee38bd

SHA1
2eb6a480bb3293d51c1e8b21e80e5e92e51716fc

SHA256
f6bd4d090ea3e489a14a0a73f809ff7f166cf1c25abac402f4f9289aa0aebfad

SHA512
a2703c1544e27bc6453d0a3d069e98402017a53fecf3b06e4c7990056895fa89fb094318d729fcc0dd7e320b2b745204df7df102c5642574adbc1276637e1864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
593a2c245252ff9e2eacccd5cb321621

SHA1
ce679297ca2ade1bfc2661abce81ab83a71d2454

SHA256
9f230ab5b5c5cb891be6783f14e43d71730dfb6306c556561233e19655eaf7fe

SHA512
b4f1377c1811f183ca48918a86eeede73cb30a8854469a634833ac587c577c6dc7d2903e81f771a298545fec3872faaf9e2af7b376fb9cf942bfbd528243c702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d1422afe29b75d07501e6c35354e492e

SHA1
d6e3a28e15ceeaf653438dbd936cd43edafa38ad

SHA256
b4586f72221cbadf049e0e88a2e2ec46f54d9b1a5a704620140cbdd71039782d

SHA512
26946e23ec52fa0634fc2c15fb14548e0ab6da16853164b56efa3963c0f8c4e54b93bdf72b062579470d85d01086fadf6e7af3d98496550e028941c68719550e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
56de4c39e7082beb37f8411af9ba6dee

SHA1
7449126a7f74f11ef9504863bf64cc10d2c3b9a6

SHA256
6e651a32e83f844db2e8ce0195abe0d30d2180ae252f7efdc5ede80205bd5bd8

SHA512
138ff7a62be6c7a236d68b6920ded0a0a8db6f4fc533ed6a638eb998254509b0f0f3d9a1fc97271d92f4685bde1d04e3562dcbcfd2d0125811caa2b5551147f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9668a156779baee3a703bafdc437f95d

SHA1
3c6eea5638fb0da956b7ddc7785fd7de61dc04c9

SHA256
00a452e4e2016bf4c637dabb12bb42eefc1c716033cd2fde3d9aa1976b07c81c

SHA512
61bfb67c94b9cbfa0757178812481b29bbb946cfed3eb55a2cf48bc6ee458e05651bf6fe629e51f81c68e397150ffb3132a9e3630b08e05b49f856c2c4955ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579d88.TMP

Filesize
1KB

MD5
8eead9ac760321287b6b796429c39e5d

SHA1
d7767789dcf6a08454ba31b7be2f101780d7848c

SHA256
2d748563ae43a9274b30f7bc6df41177f5962320bfe9d957c0b689130d68a197

SHA512
b6584cb803cb22bc81cd41d74e48bf65ed01133cd1cc42dec6c46b31e4ae0daf29539a4ccff8b2b46988de8cdfea0059ae9dffb5ba4a36cb1219d8ac4c6338c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c21ca01f3d74c883f492c19f7af5abf5

SHA1
73fa74ffba3e6a7151c3f77dc30e73c070c1c240

SHA256
3e79f8fc71427cfc632803962b0a1382980cf7b3cc7ea204d9142fb252e7c19c

SHA512
483b232460db426dd9b3230064e42cdbfeff7c34623c37943d6ecfa28ab6e8177709f6232f289396739cc272e472b111eb293151a135cf6102714b054f3b1b3d

Download Submit