hxxp://Spotify[.]com

Analysis

max time kernel
1170s
max time network
1171s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Spotify.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2036	msedge.exe
2036	msedge.exe
2524	msedge.exe
2524	msedge.exe
2200	msedge.exe
4912	identity_helper.exe
4912	identity_helper.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 3000	2524	msedge.exe	81
PID 2524 wrote to memory of 3000	2524	msedge.exe	81
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 4224	2524	msedge.exe	82
PID 2524 wrote to memory of 2036	2524	msedge.exe	83
PID 2524 wrote to memory of 2036	2524	msedge.exe	83
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84
PID 2524 wrote to memory of 3932	2524	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Spotify.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceff246f8,0x7ffceff24708,0x7ffceff24718
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.CdmService --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --service-sandbox-type=cdm --mojo-platform-channel-handle=2352 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,14964851978738044828,18309002875168704866,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5544 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4b450167-d8a6-42f2-bfe2-a836c3eedbd2.tmp

Filesize
7KB

MD5
f17242c0f4a35555e859752422b521d6

SHA1
58a4d1c8e4da66071e66d64d7b70acfe38f19b0a

SHA256
86854ce4c4fd751774e63c7e6d78d7bcd37678306d6c49364188752ca7505521

SHA512
acb9ca585b201246a00c983400af5822aebc3c49108ca8f5627b743d9e0af6390eac45ca6e8526e02bef26482d00a860dcd9d6b32a6c82c97522cea5094e0a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
8734f92f8c8e1ce6069e97b54bf9a364

SHA1
ed41f531d28d7b097e05bee11a5038c82501eaaf

SHA256
d6e6a4541ab9381ff63dcf6ad09f501fa5b71860e776d2d96a72ea615cb2f8ed

SHA512
3825686926636dd82744f327c6282bf86c923a7acb9b140cdbcc40077c504e65b98a08df8b89d8c3cfb3612c64a11b6b84a5a36a6d46da3a267395b41a121b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3563e9c2e3cf6edbe7dcb868f12451b4

SHA1
6431423a6d3a4d0762f8adfdcb5db43aa1a4a0f1

SHA256
588b20bfb5b4bb41d55143273c9efb4b226ba4de84e9f69115fecf005f51dcfc

SHA512
30fa9d88398e24d4973dbf79de28cf493498d341415b500d9a1c7802f5c4a2b773b7aff6a4d66a89d3f8e87329a69b568f7c0915e7e5f1ed840ecef32b55b114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
27034ef90a9a0391b3199b88bfb137cb

SHA1
ed54fad694a3e7b910b8141f0e950709413585f9

SHA256
574eb578e8e00abd01b33439f0637db20d7755570aa3ea67b5bdb0f1bdf6e924

SHA512
9a0c29b1887f03763aa0d03123c22f3e2b0a74bba592f2408a71b3feb490920a1e0fc6c3b2d572ab9a3f5a269610a8ec39a3f53926d955399a7a3c2041491714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
214b071470157281dbf1f5e471e92cef

SHA1
9aa9a37d9b84169d84d86b7e1b46ed352c630be1

SHA256
fffd777d52c9e016e76656d4831c1e1e71cbf58d92d848b354b0ad57a1964271

SHA512
3e7cfc3022fa6a7983b39b929a5a8a0e690a5b8144d55a37c46255db82a7d2728ac8b7e78cee4bf13897e8fd61cc8caca428c120f45290c2b3205b3e1a2d589d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
32c67c3e0d33c3ebc043c28bebed657e

SHA1
2fc5a8ed1807f1a73d1ddfa0499394bb134819d7

SHA256
b94431f0f504563f3cef250dff513b610d1d30205e41154f26fa759fcdf67bf7

SHA512
037063c16185628ee8fb264bc8946a05a5845aafd74009e28323fac887a7d43b301dc16e4cd783b22f8e13490231d2ab469eaf99caa3a778e45c9bffa5e2af4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3fe69b5f0d45f4213702d89203a2e460

SHA1
0ad71424eba7a7e55d542de604591bbcab5e26de

SHA256
eb11634aa7b004efaacff92abeaab1fc2c5189fadb66442e0b9ab854a70fa1c9

SHA512
27c54d80d150cd37707e12c440cb69ea84ed974033f492b2d9bb17b5f2652550f194be43274d01f5c5663c0bb806b211767a74557f66b2454ed6c7c00adf0c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
709c7fe95feb417846e07d6cbc7f09e2

SHA1
9fe651e7adf5d8ea940cc0a94cf2aa64b4222b30

SHA256
7c0d3f2b85fad4640de93a3e67486efa0220d579ced4d8eec8bb6c560376c2e6

SHA512
2cd95db3349026891710b27c3921da2a0ccdfbc31b95a5fe024a795a378d8e523c7b6dbdfeb1b52439ef2b1ee94bd4faf3e7f70189865157122f2b9d29b56a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b716f006be8ebcd8f92be0c9bb36d034

SHA1
3ba3b9dbad53e938e633edc37dc9ef7292f54251

SHA256
e3ac1eee1034718aca7daa7d27e80eb936b2ce8af0813d897ff55f59b76719f5

SHA512
c8da7415d683ad11c1c38d57f0918073c251fe1f1ee6ee8a79a6cda715f8de7b453c2f87385491738de2312340634e1ff499e4fe09ff5ae465c70c8f66ee9dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1fb28e12d6991010c0ff1c6f8fc08800

SHA1
acba542fcf02852c0ac980dca33f39c50fc0a38b

SHA256
00a69e4ea528749082f26e6cf26bd1654f44544cdca865b7635fd965df866791

SHA512
4e29b7e4139449761df0900f61558ac0f4e5141275c4a2743e162cfccc1bacfbfad312163a4b8dc9479c9d0f34f8e386a9c164d7c7273d760fcca631a0671ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\1a663c09-5639-47a0-9878-3a2862d6c939\index-dir\the-real-index

Filesize
2KB

MD5
31aa7b37227ed15f09e88f00a7b4345b

SHA1
db19d29b02df17fc3f4b6cd8fc6982c916c92939

SHA256
8f46db7c8dc989a377391812a394cfccfb3faf1c5d90a2f83eac907d12d76947

SHA512
1fa855c3159b1a36c1da4d0d3d0173f35d48d7a886e631146c5e7c741dbadd58478a1592121e9dac2b627f349aed64aa91bf967df90dd0b7e78999aab6b89129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\1a663c09-5639-47a0-9878-3a2862d6c939\index-dir\the-real-index~RFe57be9d.TMP

Filesize
48B

MD5
955fd6ffa9aec42b3117faa794c06f70

SHA1
2bd43e471873b0548157e1b90886b2fe11ffc311

SHA256
3e24953c217bdd79850e523db1f5e78baee21136b78b478cff8f0608b0eb2fdb

SHA512
0c8e09b1deaf3b1e13ae32b3ea48119da07b60131176c3147e60751775983353aea471ed3c348f1646c783557ba569598a0426515cb351f60ca988e40242a89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\index.txt

Filesize
127B

MD5
d05a189970ac77b799f5dce7c6a00e0b

SHA1
226e792e49c1bbace2d272cf39df6d34926f482f

SHA256
cd19d0b89afaab7641bfd512933d4b48ddaac551a73682a5145ba94f5d29122c

SHA512
86327b13052c540b5143a886ec777511992e4f6c9d6d49b8167240ff823ebe477cec7692022921449b1b3453062dfa558594aff74213cc05983ba229bf4196c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\index.txt

Filesize
123B

MD5
764e7297381e5307cad4df3094144379

SHA1
910d79747c344867426cbc710e3facb23de998f0

SHA256
899113859642a4fd4b9a7a7dabb213e78739226322d6e36a0b8386f161e43e3e

SHA512
b70e6a6dde4605c3d3c82b24d45d2bde5f079726a1e1db5a0d7efe9f41cd92f0bed883dec60ebb2e9c48d7b7fb21d6b333f1eb211c0011a85cfba605ce707f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fbe6a89e8296d187e4a75e7d0e3825c2

SHA1
88e4bf2028a431b152abc9c2c604d0efd71b7b62

SHA256
e1187792deec32366a6c88618c0831251c7deccf9d6a38b37a7d7dd5d1b7c186

SHA512
6ed879787485868fcb2d56a79c5530ca9f50056b9254cf76ade95f39212a035f0d5e1af3bc6d8ad186d2000058f49884d92d8eb90cfb155bd8233dc392a14b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a18f.TMP

Filesize
48B

MD5
92521f37a89058b93a30123ac47aee54

SHA1
680de73b974d54ce6095eef173d7b6803c88b8f2

SHA256
3d138ed4888567bf71d9262be35d1c74264094510a30583f8c76b59c92963d00

SHA512
dc8d4bca97576c358a026ad2b3f516d40260573459b46872c50fadfe19bfa3900e64a77f6f78136cc549b35b848627f9c078c1a2d6da1e6f986128453b0a7c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
814d97a4fa374fefbf2c8bd368c8c9b9

SHA1
a3f35d64fce7570e966e52f989a66774291757c0

SHA256
10f2fc25095d438b7ea6c062b9a9fa1cfe59a10af2fc17e2a60eef48f91b3a3b

SHA512
8c147baf448ec7acf09a131016a44e9051b4927a1635824ad9d07d29c3d69488f4a54d973b9ec682c21d3fce3c79679b47d0a7177999c817944ed102b6839a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1d161e208c444fa5ca263e88439cb37c

SHA1
34a69aa4e57f496962f60c5cd748c676e4c936de

SHA256
24d3ef436bdb84d937f386f670ba7f32108fcf4721058058e4db64c4e0bbdec1

SHA512
13a5fffe8b4d3c174d1a5fe070f17d39f767ebb2067ee305ecc115ad3e4111a8f5666be6aad06b18ba40e69fd0f09daafaa3b0ef375d0da5feb6bbf46dfc4805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e27f6c5dfbfc03a6e03021fc8c594690

SHA1
f97b6b7a1e62d0a19c8a7f7df4201ef320eae021

SHA256
1ec4cf34fdbca87f82a00791ab895ee100e611f7a772f24ea04b080917d01b51

SHA512
2f4c15ae1d549fb7f31ad1233781ceaea6b1ea591038f9a88868c64042a10d3c656e9e80e0ec680981d7234d1aee175b9cc9406b0461cf2e28df777e06ef2e77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
25184bdae2c8ba25420d23d8ebae04fd

SHA1
2fc8302ef1c1749b9c30a90095d4615b01980bae

SHA256
e02aa470f4f36f18964dc3ab3ff8306b03d26da8cbc9c63da4bc9f548163844d

SHA512
ac2154237d0bcee49b4e3979a38f27b3468bd763d2edd57a05e0dd6ba9948cfdd7769f1f71aa674302ab87d37e91374cb65fca8c3e3f485705d591ed7cc7b4f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fd69c0334bd6711f9d4c626309924e0f

SHA1
ba77bd3af898629191099ddc2f56ea2bc1ce2500

SHA256
3a82f99be440ea0d76071ffa815750955720c7a1271a92aafce14580edf606de

SHA512
612546d4d7b68a24c65dc55fd226f406275647da29b05969fb41591c40fd2943a76b8605eb8e5701b92f97c0f161d5505821bf5839a3095a33938f686d00b5a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c4ccb11f01870c18ee3833e2c4318956

SHA1
6ccdff4e3c1825b5dd37443cfad8330b6b4c239b

SHA256
7c907df97c3c9a56e3033e2c252912f278fbf4192f72b143604486cb7203b920

SHA512
e2f459f10ba75a04618cd9a584073d70e37735ab7274096c9dee2913b02e0481f13ebd5dc1664cf9afb10ec90dcc6f8746964b514da465320a586dc9dc0d67e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
237d7b2b196799958d21d308487bd1f9

SHA1
0323d5762414b3482551d8dfe53a64a1e53ea6fb

SHA256
262a41e41587d7f776af42d375eabe831fbb8e46a975f7b64b3dc354dc67f90f

SHA512
d269f5fbd4892f31f7290cc74f1282f7dc6e3d5224e68e26eff2ff65044c8489cdc2128fd8065411edfc2f58e96967f383bd5aae5ccb165b1e0900deb3787037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578f4f.TMP

Filesize
2KB

MD5
9d37ade7c252f3fca2f3b2f20084316f

SHA1
d5bcb6544e6c58dcb358a636ce78a495246edab2

SHA256
ca7d28483377e597e14c5a75b309fd8f321fe619370cbb3fdf77e9ad7560350c

SHA512
deb854927c708d0f79cf58bc6b61c30fbae9ce423845c0955ad3d41b0b1c460bc92ee400cbf6d6ed8db3b3687c30d9d2387754f1419e18fba6a19993affd6eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
228633e7df0ea850a9a99a7b2aae1a0f

SHA1
32788570d3b1f9d784e4de697efd20792df15722

SHA256
101c97084f81ae390085d9ee106514083e516c370a3dc60066222546dcb33b6d

SHA512
67e58fc00a98e9027f46c477064d8fa582a1da07fb908ccce688301127feeac9a464ed17c498959c958ecfc782412f31bf5a79f51feadfea4fe348f305653515

Download Submit