hxxp://www[.]bbc[.]co[.]uk

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.bbc.co.uk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4260	msedge.exe
4260	msedge.exe
3364	identity_helper.exe
3364	identity_helper.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 1864	4260	msedge.exe	83
PID 4260 wrote to memory of 1864	4260	msedge.exe	83
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 688	4260	msedge.exe	84
PID 4260 wrote to memory of 4032	4260	msedge.exe	85
PID 4260 wrote to memory of 4032	4260	msedge.exe	85
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86
PID 4260 wrote to memory of 3692	4260	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bbc.co.uk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc835446f8,0x7ffc83544708,0x7ffc83544718
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,6281428655553003120,1025943210752725147,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
101KB

MD5
c7e380c82b76d078a9385f8bc69fc0a3

SHA1
06069a6447c58faab67e0a36c151e0e8ee3d1498

SHA256
9975f46c0411f0f4d0653071c2de50ece966047341091792f08fe3e31f68d49a

SHA512
458989b2f0bb3a5867bf79bf5845e220a17342a5b51fd0caa7459c3c55ea1641ea17f1fe1e07e2965ed8be521ab400d092a5c209d9b3f60a4f727f0bc019e584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
25KB

MD5
15f320e3a5401b724d437727c6a043d5

SHA1
240ce4199164243e6acb87c444e3c5ab3b34e579

SHA256
ef651b470680ee1beef26f492f5ad2684e9eb4ed9d2bfae2fd1d557adefce81b

SHA512
2e1007b59ed2eac391a0131ca2d1779cbce8d8e968911abb8e31723ec1fb710dbc3f9aa46cb2b246aa5ced88221e03cf2a4da873f5017f2352b00d3f6513798a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
17KB

MD5
a0c41035a9dc0bd7dc735f02fe53a179

SHA1
2832dc635d3f5b74dd0a50aba00ecf2e26f7434e

SHA256
da6373fd055cfbf06981230760f90b910eb8cc64990d223bd018adf7b06f9c7b

SHA512
9aab02fb3ad611a17cb4510d96fb66167ce1138bc9b1672cbc9bee49686083254327c3b02652a8bb1e22d1ece00b94ade3d94bec45b18f45fd6b854ec3b3e48c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
64KB

MD5
17a0df970078d0f4764c04c335ef555a

SHA1
aed492b4aae2620cdb6b4bac3f62999728062118

SHA256
13af37b33a332856c4f9194d2020bea0d8e91b078aac2f68ee90940dd7fdc070

SHA512
fb09d0c8f81e45e537d8ee7437926f3092e96d3cb45d8c7e3c07bf8a4986ad31fe11e50dfe82bdbb41ab5815edcba1fd5a6e2c0d33220c5c47a038888b7759c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
58KB

MD5
a119e2352736b09277d0ebb23b2e1c91

SHA1
5b968e385a615cbcf7eb3af9c60d9161a8c5a233

SHA256
c2daf1f588a2908c2be252977f1ede62aef30dc7f7cbdd1802a05899b45dad3f

SHA512
c812dbc911b55e344b6e75a573433a38b4365e615d541ef3558ac08b834a683bd05814b47d43df257158ddc9465aa4ca63833f75cd7ecba89565d79c68e4de59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
24KB

MD5
3cc11f3b23db9a3b9e853303ddbe9163

SHA1
1a11ea346df39ddccbc760345e3bb2c51b72864e

SHA256
9e368488f5639adc1516fca375380db7138488ced1abc60b5d51916d573d9005

SHA512
aa23ad3181674c1c82a99889bf3c7e051f5352000c0561433cd16e428a49324150eda6763a8930bcf6dcf29a3849a3ab67914d1b57e786c7b6bd608cfe5cf3d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
28KB

MD5
9ae658f2b68743801028cb0059200279

SHA1
229e3e83200bbf9fed44dbeaf64cd47452eeea8b

SHA256
bb6b3f432cf027a114d499e8e135a4c33c18f606898ad45a4e4a292510781b16

SHA512
ea6dece30af7c04ed92d567f47e5dcf543385d8feb538b0a6678454cb8e6173342a48f157a882cb545a10b3ed72a196bf25e95f0a8b262c9881a3e7ca8033832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
25KB

MD5
8b309c2c709817cca2847e42b9cb9631

SHA1
9d897368b2336bbe97e7b6938868e02988b99b58

SHA256
518fb98017d808a2df02ebc43f331aa2fb44462832efc6cd19387802364cf871

SHA512
b5f86656bcdedf60d44458fc29301ac423c15a849809a7c8d673ef91075c6bd372eebcc60660b4557d948fb3dab7fbb30f5d6cb0d5d85712338f192a7f7ddb90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
23KB

MD5
427ef1c97d06c66992b15c56177c4bb9

SHA1
eacf38d35d19d67674f589f54292dbafdf984844

SHA256
fb78225ddac2721a3cae8914673b6ec0610c6543c12316039d05878cff75baaa

SHA512
6bb65afada4a1f5d6a44d2aeaa028ec606b78ae17f995529c683cc91e599c17de599cecf8c8d82d576144f727ed97987f2708ffa97e3e69b9fffb7896e2829dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
43KB

MD5
87268cf57b27279b475f0c706c394c32

SHA1
16c556d8221138ecf4a7bf63395773b70038f7eb

SHA256
edbe2f4ef4f231c2249a5355c2a98dda52477403eb8f67d0499fc29c2778d1e3

SHA512
6d73dade2269017d2708ce502e25b34b9b40438eb0f8366aec3f13bf926541b385f39c502a522a78f1c34075f96989fe62b51104220aba76763b1b004390f4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
64KB

MD5
93c9e2a26c05bac23b7b91ff91e552be

SHA1
5bb7301545aaa75c207120d258135b42dd3d0658

SHA256
be4077860d35ee975cb9715d016f01331de167b918fc75bbacc51f9e8bd843bd

SHA512
695dc2cb4a5204921cda3222eb4c11a8128c9821828ab9ee84f441a060c06e9762d46880d2b76d51b384652bd12911ea7e1139f95f95830975501483e6436a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
38KB

MD5
89ded319097d4613e8e003b91b4ea95b

SHA1
f45707bea7dd108ef061104153da9950dded98c0

SHA256
85c4081ae47680d61ceaa6b7a28f8e65f93adb07de187a98b93c9ea318031e3a

SHA512
02f4603f4f2ef512ec6eb69df18829ea040cd0d9840b39f5d708e5145f98e087572012131b653ed8375973c2af457a2a3b644bc545deda5b8f64207a88c35590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
47KB

MD5
d85d003e6fa9d55cea41f7ac0c4aa175

SHA1
747620881f6f58a0bd327694429783f4f3f2a6da

SHA256
06ad7a677839b75cf07a32125a7b11c481a368dea56364e0451cc1ea539a4fe5

SHA512
3ad8ea3c0f46f1cd25495f5860005d123e9e4c2fd139791f21d2e993e3063a5449611835d41ba2a97591311ca5a75d1260313630987239b51220dd9630efe98b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
37KB

MD5
811d3a9f6aad1e958c60af00c3ac540e

SHA1
2df7710abca9babc92d03692700648454b613391

SHA256
a56c9269bd99c6fe6b26818496c0063c253c046eb82737ae1154ceaafcddeb8c

SHA512
b0b833bfa742306df4bad9095b06077bc172d792b3cd4caeb3215c871c8ce928efb70d9484cc3950a8f19f571b929c7dc8dbdee8db8415579020212af9497c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
171KB

MD5
af479a2e70bb329c0b675d3ba4ed22c8

SHA1
c2449f51add47d860504c63f64589c6c979b397c

SHA256
dc72c8f5e765bb62544c090d76b5b26a51b2177d96ff7bdadc27c4f866a7659b

SHA512
8c8adbdcad774375a9510102645cffe0283c336cea433783770d7a028e7ef253fa0df0dce2b5e56268cc38c40d080653842a990dc92c5f857dba7dca1fe7cba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
31KB

MD5
095c664f16d1d35079f2572d1f61be2f

SHA1
9fc2b9cdef414297a5ed556b589185c6948b6472

SHA256
6e8c72feaac10293af5d806c82fac088dc454e003df0c328e752a1f35e3b9d00

SHA512
75e6aaa66ce6b9a56b6a52df464781c9b6ab9e5fc17b6c0c670166fbf09aad1e2b948707071d4b6a7f0ea90482749dc89935e0d01ea5678d3ffeeeaf13274d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
692152780b18d8484f34bbb9a0e03fb3

SHA1
9c9920f294a8fa4b67f520a0ada80b9d80c33495

SHA256
d7a158159df633e086eb80ea26008f55dafbb6ace7ad8e2a35e360a535a0a8f5

SHA512
3811c227311ddc2693b19480e544d0ecdf3c9a5e552a82d458863aaf232e11343cf943d1d4832d00ff3b84914d7ecb7b56b5a325d9916c1bfcd3215f4d9b95df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3253b5c48b47d6013bfd4ca759171d46

SHA1
22dbd82e49bca2c3af4405c843bf16f42db0150e

SHA256
6eda0c6c3249aec2bb9fcd6e799dc7ed4561bf9d19b90f245d066a31d733993c

SHA512
f8cb87fcc5f26703beddf7145fc3672acd4f50fb17a60eb309f0fd1e5cd2ecb0334c4641cf65a4baeb720ff062e11b245a1e865054db6bf61a5d96127ee7af36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
853d3e836914a72127685c839e427136

SHA1
9c90f94869780428b1dd33e3199e16317edfa701

SHA256
614bb7b2c1a459a25fe2b185e591ebae46953b881622af90d7063f99a8ae692d

SHA512
de31331c49a858180b544a9eb72568074427cc0366a6614523547b64787a68c411881d9152362fd62e87ff8b464872bb111d6b47bf86b64b8fc6ff8342a66e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ac9924b5d94bc7be1fd9599da84d8c96

SHA1
7f06bc9fd45f3266675c7ac3efadee38896aece3

SHA256
770c75bc17e14fba21a14550cbbbb84e9f6b8e28fa06ac037e42e87ab26a6866

SHA512
87142eace1aac157e9fddecbbf1f57a6745710d9f6c42a32e1c0f13036198300d3c0c08978d32a1a6464fcb0f6cc404c8a386d07927c0cf1a9fe69f21345d75c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f3c206714851e4895d1b25165f5e7e4a

SHA1
c8f764511f188521905c87349c28bdf35aa6b788

SHA256
20da4f18098f4eedadfa3f9e3829f35113e921d378f736c42a1319ffd6711b93

SHA512
d6852020eb26ee8d8b8dfa71825ba1bacb8b1c43f83c1d4a3a9e6a882d4cdfbffab058b3836b7d56598774587734fa2f70b5728205c8e9d9f3e46e2592202bdc

Download Submit