Analysis

  • max time kernel
    90s
  • max time network
    94s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13/06/2024, 03:42

General

  • Target

    https://archivohot.com/o/res/100.html

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archivohot.com/o/res/100.html
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffecf093cb8,0x7ffecf093cc8,0x7ffecf093cd8
      2⤵
        PID:2084
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
        2⤵
          PID:3176
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3016
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
          2⤵
            PID:3680
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
            2⤵
              PID:1688
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              2⤵
                PID:2516
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
                2⤵
                  PID:1648
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
                  2⤵
                    PID:1276
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
                    2⤵
                      PID:4436
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
                      2⤵
                        PID:2020
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
                        2⤵
                          PID:4364
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5688 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1636
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5624 /prefetch:8
                          2⤵
                            PID:4948
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5288 /prefetch:8
                            2⤵
                            • Modifies registry class
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3548
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
                            2⤵
                              PID:4064
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
                              2⤵
                                PID:1128
                              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3892
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1552
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
                                2⤵
                                  PID:1300
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
                                  2⤵
                                    PID:680
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
                                    2⤵
                                      PID:760
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
                                      2⤵
                                        PID:872
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
                                        2⤵
                                          PID:2776
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
                                          2⤵
                                            PID:3936
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
                                            2⤵
                                              PID:1360
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
                                              2⤵
                                                PID:1276
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
                                                2⤵
                                                  PID:4376
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
                                                  2⤵
                                                    PID:1076
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
                                                    2⤵
                                                      PID:3360
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
                                                      2⤵
                                                        PID:3920
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:2052
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:1456
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:4312
                                                          • C:\Windows\system32\AUDIODG.EXE
                                                            C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D0
                                                            1⤵
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:4972
                                                          • C:\Windows\system32\svchost.exe
                                                            C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                            1⤵
                                                              PID:2232

                                                            Network

                                                            MITRE ATT&CK Enterprise v15

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                              Filesize

                                                              152B

                                                              MD5

                                                              f717f56b5d8e2e057c440a5a81043662

                                                              SHA1

                                                              0ad6c9bbd28dab5c9664bad04db95fd50db36b3f

                                                              SHA256

                                                              4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945

                                                              SHA512

                                                              61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                              Filesize

                                                              152B

                                                              MD5

                                                              196eaa9f7a574c29bd419f9d8c2d9349

                                                              SHA1

                                                              19982d15d1e2688903b0a3e53a8517ab537b68ed

                                                              SHA256

                                                              df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412

                                                              SHA512

                                                              e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

                                                              Filesize

                                                              28KB

                                                              MD5

                                                              bf2c9b4c340827cb10ac21e17f3db378

                                                              SHA1

                                                              2203a03b53ed7ee3ef8f7a4835694a3d313becff

                                                              SHA256

                                                              d66c19bcc3bae147b4606eb1cf98fdf16427865451b9b5f41ca685215abed254

                                                              SHA512

                                                              d2e87455aca2b99bb29fc5f4940a64a78ddc6da47703a02f8b46d51b4bdbd301b67532165af9d0afa48afbf1b4785b714e00bdd33f67a80a8d68250b0e4037c6

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

                                                              Filesize

                                                              46KB

                                                              MD5

                                                              365e6cacd993aeff945e88baceb2f327

                                                              SHA1

                                                              46b1169f2e2c61c576e72a5288233f9ff5b0ed2b

                                                              SHA256

                                                              0f82a04bbfd4a4bf5f3d302fc32f39bbc2ed655ecb7430f32828d0e4814da511

                                                              SHA512

                                                              65cf29383b299f54561f354b65cfb2e412a49d9a009dace0197962fa0d5a86eade5bc1c08789e6f4d271bcb3d97064b3cfaf540ad183baa5c462ffb8d7cf6769

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                              Filesize

                                                              480B

                                                              MD5

                                                              379094265b789fbc923f7a66fcd4ec78

                                                              SHA1

                                                              f5f5219a1716500dd103334ea3446a2a7b9826c3

                                                              SHA256

                                                              0133ffe8321616444708b5efeab4754b12ec9b000e554d1c79787c51e97426a0

                                                              SHA512

                                                              467c36a9594557d915815f84e483e5fb2311610f1d72fb0ec77de7d8462f91d51fb4e2c35afc13bef4895cefd7efcf4429669c41cd46957df0ce814cff9d15d0

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_archivohot.com_0.indexeddb.leveldb\CURRENT

                                                              Filesize

                                                              16B

                                                              MD5

                                                              46295cac801e5d4857d09837238a6394

                                                              SHA1

                                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                              SHA256

                                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                              SHA512

                                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

                                                              Filesize

                                                              23B

                                                              MD5

                                                              3fd11ff447c1ee23538dc4d9724427a3

                                                              SHA1

                                                              1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                              SHA256

                                                              720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                              SHA512

                                                              10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                              Filesize

                                                              3KB

                                                              MD5

                                                              2e2bdb43903a2d8dfeb26a7ee147f59c

                                                              SHA1

                                                              45295c5cb31099de20bd06203a18a9ccacf460ee

                                                              SHA256

                                                              7f33fa40edc91cece219e3ea1037417e28b8f76c123d9a3403d5ba117847de92

                                                              SHA512

                                                              d5d6d019fa745fadb4605bf19b445f7c3d92c125051ba78e42c73925f0268a97d010f15a0f0814bc492d04fdaa45910979d8d53feff5121985d6fee78effee62

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              5KB

                                                              MD5

                                                              f8b91422a638e0721bd74efbac75f82f

                                                              SHA1

                                                              b8baf8d66957996a2924de397abdce0135deab44

                                                              SHA256

                                                              5bcf89da9e7e5338087de0da9b1d294df205af15a6de08846db849b1205beb31

                                                              SHA512

                                                              5565b0429da4a8e4c09a84755ff0a537acbe83463c63bfa547a7ca6b81a3c50951da06976b346dd1841a2261858097b2b7f94a0aa2c03a1a3d294758ee710899

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              4b6e140772d15cca22381bb01dbcf87e

                                                              SHA1

                                                              e960d686b8932c973206bfeb3e7619c02275f246

                                                              SHA256

                                                              e2836fb80b8e50f7ade446b4056b48ab88dce6213ff69609f8eb198842788317

                                                              SHA512

                                                              ba5a233ca6c4157127b4c2be1338db408bfb0bad8e199b03af1521b2a588e2eb7973c868ad3d643715db0d47da82f3508d165c9082c4744e9ada70168062e409

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              802e33ccba4dcad2b1c4afed3b3a4754

                                                              SHA1

                                                              e58925fd8eb045b6834da39724f47f4a7bda71c4

                                                              SHA256

                                                              80535b5636cf11ffbbea2520bcf904b38c14787967fe2a3703d6d3c45e5cd353

                                                              SHA512

                                                              3392f53a92bf339b545cee19fcf6a34d8a0f922e3b66cf17db4f8b61fea3beef2834e2062e1d1e4a9ea5971c188f4dd2502c2caeeb828e58c2e3a56aa2f879fb

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              e314000bdad6b5ff84f979802af39884

                                                              SHA1

                                                              6237fe2e8fea383ed8e21aca2901c8fc8e1f6f32

                                                              SHA256

                                                              a217cfdadb88277bdc04e58738f340d7aab17da58e0c953bfd7958cdf7f31dee

                                                              SHA512

                                                              a93ddb2081aaaf02f100c959347c45e1ec29bde1cf5276e5386701ae9a0b98cb85b515260e59cd39b25bdf47c0b8184f4903abcc2cab24a06a2f5beda3ad7035

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                              Filesize

                                                              146B

                                                              MD5

                                                              b98ad5fa0385dd377fc500983e4122a8

                                                              SHA1

                                                              3f9372c60262458a1ca1dc80e14bb3c04f3f26f8

                                                              SHA256

                                                              ae2eb34d1ca267956cad8b07d11d301165963d6d8b90d5da1ee2f565375fd6d5

                                                              SHA512

                                                              c5c8f3a092c53913f6f2318952f790a0104b0ae2bef9bb2c8cdc5c0f9b4feb3a5d01400698a43f2e237218cd7a5d352249be9520c60d4bca78347e8954e123d5

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                              Filesize

                                                              155B

                                                              MD5

                                                              105ad54104af43591dbc9e846ce6300c

                                                              SHA1

                                                              6ba23ed3d5d960929993b172f77a7c4fa1eecca5

                                                              SHA256

                                                              1e3428967efe0d69826ea794d1ffbe451591e901ab80044197712c78e77b7249

                                                              SHA512

                                                              f729c4b0976177d8849dbca00fa33130c535676693b3ce0279c00d29c63f8c678bd7743c1d23759a7e4bf17b46ff7b1aa5365ee4709c7e076fb85cf74b24582e

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                              Filesize

                                                              82B

                                                              MD5

                                                              e76880e3826c42fb15f7f5f4313fd7e5

                                                              SHA1

                                                              eb8b506ce8af88417e77256ba3ea9ec471e0814c

                                                              SHA256

                                                              87f62f79bd0ef12adfeb70c190c5c737e321c18f17f119eac73389415f135716

                                                              SHA512

                                                              635bc616957973fa362e70d1bdb02f281128416782af44f603b93bba77085e511ced4fd609e6cb8b06fb03f14f045621ebf812b708b456581901a7147f7ccb2f

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe588b05.TMP

                                                              Filesize

                                                              89B

                                                              MD5

                                                              77582b58ca5a00bc6f467b26368d8b24

                                                              SHA1

                                                              4c35d6a733a02e4da6da72afcbbde18fa949695b

                                                              SHA256

                                                              4794b81a5d7137aea64abb60e7c5b1838c98c237a511a874315068558265d5fd

                                                              SHA512

                                                              7f1bae786beef30490eb47714bf407dd12dad33fcb5fa1186ac53958e7c3b45a864037d243701a89f94b45d3f32ab499ad1a3e26397d6041e7beedeccd218405

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                              Filesize

                                                              41B

                                                              MD5

                                                              5af87dfd673ba2115e2fcf5cfdb727ab

                                                              SHA1

                                                              d5b5bbf396dc291274584ef71f444f420b6056f1

                                                              SHA256

                                                              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                              SHA512

                                                              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                              Filesize

                                                              2KB

                                                              MD5

                                                              6d23e146e712d9e018231757bde5f4dd

                                                              SHA1

                                                              b035ccd80e2ea59d3723ec4b01f94a524e841821

                                                              SHA256

                                                              6c94115ec4d3744f52909a14a43800bf84cbbe22dd1d64d4821f14d892812801

                                                              SHA512

                                                              085baaae86e5a7b367e7c3cfa5a663c4cc88a42d6ea8f3de6bee9d72969bea062fd88b60f256b3f8c3dc127e291efb5a478642a0f7551be5b7425f190eeb5b44

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                              Filesize

                                                              2KB

                                                              MD5

                                                              c1b1e819116216d969f059332c353b83

                                                              SHA1

                                                              facd97be4392e80f90f843a7bf29d3761b9abe33

                                                              SHA256

                                                              99d9c9e12910a3baf2f0c7a8a9a04ab834f38137f537caaa05571a3807dc3569

                                                              SHA512

                                                              0c560d2949defe39205ddfc708ee3613ad131f9c958c8f64cd6087665cf37cc675d5d49d86c41e54a8a38a826b0f0b814cfd15ec9b82bed63e20773e88ea0045

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              4a499f072983a718fff70e5ed13b806a

                                                              SHA1

                                                              83755c1c166b7b438c47dcba12f249aaa2a2b110

                                                              SHA256

                                                              eb6175c77d2ab1c86538ba6fba9989b5a8805b43e024409a62e0f8ac05978d79

                                                              SHA512

                                                              adaabb56c3e59f01a340b7cdf48275db79366feaf2f9a08e5bcbd6dccfe66963f6d7b3efdfb8626a4db0d8debc973088a560ca1ae9091dfd1d843a1b4627167d

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dbc9.TMP

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              6254b040257a1b0448be27a8ada19495

                                                              SHA1

                                                              1745dbc1bdb672df4a271e051d8cb4bea37ea05b

                                                              SHA256

                                                              65f235d2f6327d0766df5bbcc4cc46dd44807cdbef4f0e3c3e336991039b168f

                                                              SHA512

                                                              ad129a603ec3ed7c89e045726e21fc9f1a3640409c4e41861e13967a1cca6cc0944f0a1f352b9a4778e7a28e46364daa6ed62d56dcdb78a14a3e425e47a90500

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                              Filesize

                                                              16B

                                                              MD5

                                                              206702161f94c5cd39fadd03f4014d98

                                                              SHA1

                                                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                              SHA256

                                                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                              SHA512

                                                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                              Filesize

                                                              11KB

                                                              MD5

                                                              fa268081a7e7d75c322ebcabc8ced4be

                                                              SHA1

                                                              65edb2c105e44ac171800af3404e2f054a5ed3eb

                                                              SHA256

                                                              94e9fc9afa5db8eb3c201306d9a25ba075730d3074ed5c60ec884fac643ce87e

                                                              SHA512

                                                              000ba535f43d868cb95758eae9aaf0877524e5b3a763b96d9e3810e6e3ec9c72dcd5dad6c81474ed99344fbebf8e9b6245adfef371e82727d1912c9c51540a1a

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                              Filesize

                                                              11KB

                                                              MD5

                                                              16afad5c2842dfde9fe2eee93447c80a

                                                              SHA1

                                                              4d0935b5eee8d7acb2671e4ef36856c20bedaf7c

                                                              SHA256

                                                              d5ed7c0b54a1d7e21a71ee5dc99b7755a2a5f656fc5553c7864135dac7b95e3a

                                                              SHA512

                                                              0dbabaecce50a6b2e37c319f03683ff7a5f54b33f4ca5689fb9a402cf35d017d7e251c07b6cf0dddb1a0683444ff226a886fe27d758fe00610d62d7d2067daae