Resubmissions

20-06-2024 10:12

240620-l8tmcswdpk 5

20-06-2024 10:10

240620-l7fn4swdjm 4

20-06-2024 10:05

240620-l4nwbawbrn 4

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 10:12

General

  • Target

    https://azure.microsoft.com/en-us

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://azure.microsoft.com/en-us
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd90b646f8,0x7ffd90b64708,0x7ffd90b64718
      2⤵
        PID:4384
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
        2⤵
          PID:2660
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4248
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
          2⤵
            PID:2248
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
            2⤵
              PID:5056
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
              2⤵
                PID:516
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
                2⤵
                  PID:1928
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                  2⤵
                    PID:2508
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
                    2⤵
                      PID:4164
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:544
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
                      2⤵
                        PID:3748
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
                        2⤵
                          PID:3708
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
                          2⤵
                            PID:4680
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
                            2⤵
                              PID:2408
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
                              2⤵
                                PID:4624
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
                                2⤵
                                  PID:2000
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
                                  2⤵
                                    PID:676
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
                                    2⤵
                                      PID:4436
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
                                      2⤵
                                        PID:2564
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
                                        2⤵
                                          PID:4252
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6188 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:3480
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6336 /prefetch:8
                                          2⤵
                                            PID:744
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6348 /prefetch:8
                                            2⤵
                                            • Modifies registry class
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:3516
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
                                            2⤵
                                              PID:5228
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
                                              2⤵
                                                PID:4740
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
                                                2⤵
                                                  PID:5380
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
                                                  2⤵
                                                    PID:5436
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
                                                    2⤵
                                                      PID:5460
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
                                                      2⤵
                                                        PID:1412
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6264 /prefetch:2
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:4068
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:868
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:3688
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:2820

                                                          Network

                                                          MITRE ATT&CK Matrix ATT&CK v13

                                                          Discovery

                                                          Query Registry

                                                          1
                                                          T1012

                                                          System Information Discovery

                                                          1
                                                          T1082

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                            Filesize

                                                            152B

                                                            MD5

                                                            db9081c34e133c32d02f593df88f047a

                                                            SHA1

                                                            a0da007c14fd0591091924edc44bee90456700c6

                                                            SHA256

                                                            c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

                                                            SHA512

                                                            12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                            Filesize

                                                            152B

                                                            MD5

                                                            3a09f853479af373691d131247040276

                                                            SHA1

                                                            1b6f098e04da87e9cf2d3284943ec2144f36ac04

                                                            SHA256

                                                            a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

                                                            SHA512

                                                            341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043
                                                            Filesize

                                                            16KB

                                                            MD5

                                                            12e3dac858061d088023b2bd48e2fa96

                                                            SHA1

                                                            e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

                                                            SHA256

                                                            90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

                                                            SHA512

                                                            c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046
                                                            Filesize

                                                            261KB

                                                            MD5

                                                            112f8f03c4affe4b3ac72fccffde1c7e

                                                            SHA1

                                                            131dc9c9b212806e559cf451e52a8ee4b518e208

                                                            SHA256

                                                            a0de4bbc84b76cbd1e9aab00e96f55c21c805aeac2b43ee399c29f279e997a1a

                                                            SHA512

                                                            5db5f04336613f697cf1064865eb90406efa6d9650658d7aa465ec8f9aafb8885d15e5bee8c4053d44d837a2d0c96951f734146d4387483a8a444180364d24ad

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057
                                                            Filesize

                                                            39KB

                                                            MD5

                                                            02826c1939a448a3adf4618059f1c9b0

                                                            SHA1

                                                            5b826e6c56338e152d2361de65059528ab01a7f7

                                                            SHA256

                                                            aa6e360de2cfcffa71eca5cef40b8c2259370d0926e6ef9baabd3c22224bab53

                                                            SHA512

                                                            dfa8f6c54ff9b62a26d577470c9228c82d5c1b73b962008111a62b81c7823ca444f784a997777ecd9acfe1f3d7b023a733cfc181ba7d6b8b2068de6959c21977

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059
                                                            Filesize

                                                            61KB

                                                            MD5

                                                            136449cd8d019215ad3902c3d0afd955

                                                            SHA1

                                                            01a3fb11c20ec1b5bf3cbe3020aa3319bf5f2300

                                                            SHA256

                                                            a1498544b1c84ca6025c0f6f8ae95add55df8b9d2cb45e39ea6169a540ea6bbc

                                                            SHA512

                                                            c8f78aab144c0863b53de2278e719297105843edb58f31db973c65c51aba994d676882c5d24598004747689b69752289480a055321cc8059b6d432f784f5f858

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            184f378ab1fa58e87a5f78d48fe58b0f

                                                            SHA1

                                                            9fa8c1e110f1de0ba4cd92d3a4313cd0e9e5a110

                                                            SHA256

                                                            bdce83a5dfcf16402180d7b50dfd4bfa5890e72d5cdf052ff4588d807eba2b7d

                                                            SHA512

                                                            48c3848e5d3be8028ec589eb78ae78a2d367c7e2cc74f65cdc92648f36ca02c2122d0bf5120412b83f382d4017d7fda84c9afabc7bc575f2a3dbc15d267856b1

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            5de3eda99edd5637d1f0f646a49e1fbb

                                                            SHA1

                                                            bcbc1b60642c7c4cf2f76a378fe9797ce1efdd0a

                                                            SHA256

                                                            aea3205a918e3e9ff22b28f4399a4344fcb8d550110e65e505dfa1ba5ae06791

                                                            SHA512

                                                            25550231bf54fd7c60a73774a99b185003ec3e00ddd262b7ff4dbe87a693a1db6ef7699dc0a7c8daca88b4aa51bce29db535bd19e8687b51c62961ea12b1409b

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                            Filesize

                                                            111B

                                                            MD5

                                                            285252a2f6327d41eab203dc2f402c67

                                                            SHA1

                                                            acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                            SHA256

                                                            5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                            SHA512

                                                            11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            3c7b64bb44c66d1dfefd55aa8705869f

                                                            SHA1

                                                            d05dc665c26d43122ca6b6d9f4dd4b30356e8f10

                                                            SHA256

                                                            5ebd9e30a565efe9f805919227d3c275292b0e2945c535de9e2694c37fae5b55

                                                            SHA512

                                                            b4239e048075a2a7439af49156b7315cf6aeb34b3f6dfe162010db26eac0528451a1dc32b440dbcb0db83b29a1b1fc909662f9565db5bfa1740c788a2bd5af5b

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            fcb9a4b0571bf9edb28e846d3e554a7e

                                                            SHA1

                                                            e286f06d36cea8214ed0d2cba9e8d4b7aaf91724

                                                            SHA256

                                                            5f6fb023ca718a36ada288bc236b2204e9194ed29cb85bea4a093343d5e711c2

                                                            SHA512

                                                            26ac4f266636dd2bee6abe5c02969d018e5884db4e4059c7d225576bf34ef0b4b96ad3e2a6b52f63801cacfe4062ede101a23b99c226dc2e91c60fbee98e6751

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            5KB

                                                            MD5

                                                            f12c94fb9c63285a5b3b9c1a2e944d99

                                                            SHA1

                                                            65fb6affe24b6e6959d09086172796e00c4bc0c5

                                                            SHA256

                                                            b70705baaf61ff272062cd03b200268622287859635a6a9b6d05eff6b8cc2b91

                                                            SHA512

                                                            c59e0c83a8ca09112122465daa06442f0b3bb842a1453155b138f4837cd49c526372014004bdb33ed4b955b042eed8ef553fb5bd832fa6d67b55a345c1b49062

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            7KB

                                                            MD5

                                                            9f3f89a23a1f089482e1a0d99f354944

                                                            SHA1

                                                            6d88273b16dbc3c9fa4d0c3b03f807138a7ee8bf

                                                            SHA256

                                                            ea36e6945e1b2cdc4b2fe69b4a22c318e4ed2286e7a6a95c078027eae442860c

                                                            SHA512

                                                            dfff710bb62ee080190b0efe7f6b18d9ae99d012e004df991ed5e99da04a6735615c664d6d5015cd455e97e41b16ba65ce3bcd6679100c65b2b8ee8d86e75d62

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            7KB

                                                            MD5

                                                            20b6097f86944debbda5001bf334e108

                                                            SHA1

                                                            fcf29a1f572f55b2056b5bc840a39693797cf647

                                                            SHA256

                                                            be87e8f6c473bcb2d5e25c812a9d39c390cb31af63b5e9f78d42103e302c989f

                                                            SHA512

                                                            0571b21525e257617bd88acd41e9404c9a759f8b36328ff4752e83bea79759a507b9d36fa87be2a937f54b13fcaa56c3ac49b6477b8775d4c37d60c94d1b3963

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            6KB

                                                            MD5

                                                            584a4281c976a59bf42260e647bea4a9

                                                            SHA1

                                                            00795f3235fb089fc2261d88df71789174ca49c7

                                                            SHA256

                                                            48279c57c02edcdcbc427edddc3f0ba9e31c9ce3e85a8d5e427d0cb1a4836de1

                                                            SHA512

                                                            dededdb9c324c9a146af019a111ebdb6e3d94de277391108a2d31ce4c3613445f96aed0168397edb0ea8d3faec55433db85e3bbf342d4d0193378a03c3a89b41

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            7KB

                                                            MD5

                                                            4d8233b1c43f530e75d7988dc9028fe6

                                                            SHA1

                                                            65ed4575a25bd46109d169604b34526f90a1a8a9

                                                            SHA256

                                                            b1f7745f223847038ded87aa032033d102df50ef5c3fee994ce8bd49429ce39f

                                                            SHA512

                                                            b60111451e795df9441275abf520f3e7b6b670a5e3b20bdc69d65d19af365979ed266761c27c81b8bb1f4973f870e3c077050346b7914885b05f264b0cc8e5fd

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            8KB

                                                            MD5

                                                            6af4349ab711c96f6016c64deaa7cae8

                                                            SHA1

                                                            63ed8a954e83ba14b3457aeb43785fb49bbb60cd

                                                            SHA256

                                                            4bad42eb161a3b78b3146f875bd4cbb059337f96dfe1159f43bfa122ffe50748

                                                            SHA512

                                                            4348f4e68fa30062a6c5b240ecca9162c74215e85e3bb63c06bf0bf9cdd5c6a1127e4dbd09f214a7874c9f1d49eb197190531f5871b36f444fadd24e9e49f746

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            159bbe98fb64ffc9025c5df03ac82297

                                                            SHA1

                                                            737ac7548b7e3427231ea050ca012d8b1deee0eb

                                                            SHA256

                                                            edb230f5613b212f78165a380faed32d7605b1584da3289b3f951564406474a3

                                                            SHA512

                                                            3348e1fbc43f27f688950a3d965b575b5b22cb7d98a97b8320a1c670268c8d6348ea33befddcea333c73eeff1359a489e27047fed65a24b471d65c0867e44d88

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            d3cbbc5c6cf130c6a51683a98d5f6e28

                                                            SHA1

                                                            97f10dd1e5c5e501244249d6cc421adb5315b592

                                                            SHA256

                                                            32426b26b1de0fd4dd3ae40521a02377eef3a150b2740e5fa4dffc83331235b6

                                                            SHA512

                                                            d41e58c2d0c9ccfeb3ad82cb09d320b46ba2c5ca65d1c70ab45577aaf9f846e3dfe25470d1247f99dff94dfc386b2722f311d7279ce2c321e68d4ff5d11d8184

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            9b24499b6c247da683fcbaed7a72bbe6

                                                            SHA1

                                                            bb1e31119c270877a2d6e90aafcb72e0be5c98cb

                                                            SHA256

                                                            7f0554bcdb2dc898b8542067e2e8c9c3ccbf2f2fb47994b7e694566ea43d0a95

                                                            SHA512

                                                            47cbaefbe6cfce44e6c281bb704588ddab1876e21710d5f501f1fe0cacc045c8e177d22fd2dcb322ccdeb2f506a37137a256880f2e68ee39dbd78ad029d54c51

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            97684099af37d736608e5ad4b7000029

                                                            SHA1

                                                            765d1a60da5a149300d123b31322db386321880d

                                                            SHA256

                                                            88e13b730b5e83b60b3eca9af2d029a5ee1c4ca8791bd968c882d6623e3ed61f

                                                            SHA512

                                                            15a4f72271d652a9cf960eec57f7883176f0afcef466e0c94bdf76ba767b11398e71d703d4b1d83496fc6fdcd6688ed2dcc5b35a727a86bc40bcfbf54031bb3b

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            beb76e00b394416878ebd3f32cab78ba

                                                            SHA1

                                                            8b7ba9e9372ae999e1c6bbbc78f6ff25e0a46163

                                                            SHA256

                                                            77ea1b8700f39cff3a7f7c566ca23450977424086131c42da94449882c4cbcba

                                                            SHA512

                                                            d16ba90104e1af32d9874ef849997c06a3bde15b71ab8883f422b05095bd3e421bef700c9d4288921dafb5122de3ddb55ebb18c145a9d81d8189f9f875d9d6ea

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            819df9cce0feef88d402dabd3d9ec696

                                                            SHA1

                                                            59d4c575cf5e10d5883c41fe3e192cc000ed35a7

                                                            SHA256

                                                            9be3640bafa9a5387ddfbbc4b34a64686cd3d04f2258cff7303f646fabf37264

                                                            SHA512

                                                            c37a6b198a19d3d179939efa08b09cfacc80fce44fe2ca9d05525c1fc80073dfc4f26dfe1c5a84804e080ad88f5a38ed3e55f92d2b60a46299551e4cc6fa885a

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            e6f136747d78d8c68236ede39c47e0ce

                                                            SHA1

                                                            180e10931d9d7348156a89183fad001775258f50

                                                            SHA256

                                                            62b518a68c06b7f2864d5af5931ff435665d983932e89ec479da9369f6fc6062

                                                            SHA512

                                                            ad72bba7c8cb1332d68a47e40e378188d16b2efa21004fc50b6fdb6b4bf333f5c91df34838dafcc565ecbc088e88e517769f59a7ee02900efdca226a8435da67

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            89404a999324c173b1bc8d3fd67e57c9

                                                            SHA1

                                                            0bf2f345ec69bc7e6f697e6772958909ff371d93

                                                            SHA256

                                                            8042b9ee33218b8619e96df5086161edbac747cf0022f7d7b85339c007a990a7

                                                            SHA512

                                                            c775e7d4179c32d9e53804778eb468afe5f364ab1099507e8bb2340bca7a6b861c5ae019bb0af56dbf58a0d781790449c8bc952d933be3849d030bea1b69c9ce

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            05a3a895db9d3afc68c91b7e6e631792

                                                            SHA1

                                                            eee2ac8ec5c3c5df5120154e8c9678a776985832

                                                            SHA256

                                                            bf055e8176f378c8b712a32f7198c629001ca49d4bbde35bfaf26a305ff0c115

                                                            SHA512

                                                            3d1bc816312f5b8666186b118cb7c804c24d8bde057d7a2732798edcb017daecd0a6ab0d3faef3e63dc5b1e1249a76ffb2175002fffd7f90663f782fa319d80b

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            2c04b4f03661a34d0457efd97bd99d7a

                                                            SHA1

                                                            936c3a0afa879c27f1fb7659a5dd4e72bf11681c

                                                            SHA256

                                                            a4a1dfd611750ab97f8342122b1a17373df4ca16d80362e781a474710cb072cc

                                                            SHA512

                                                            95886db79dde7bcd9433cfbc8505e2ee8326cfd8c55f28469ce401f9c4fc2e330652f122eb5d73f00957bcf0371ac86b8b65bdd1e3d5092f8d2d15d23448ad9e

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            855aa19c7a3fc3bb38e5e1798b8d1069

                                                            SHA1

                                                            81f46701293b81eb839184ec7517cadbe7183fb2

                                                            SHA256

                                                            266ad0aa503f4b7f7c63eab05e20244b1d9bca3853d00952ba90909543d1fdaf

                                                            SHA512

                                                            0e5a521b22199f480595c81534c1dd3c3569bbb0b4ae292f7fccf41cc458218ca491f867feb0bd29a64b8d3e4eed3756ccd11f6afa51fd36148b5ba55beea2dd

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            2d8b1008d9dff7e5d91a5aa6f0a66ccc

                                                            SHA1

                                                            c176220413adee1357848715e1bd464c929d8824

                                                            SHA256

                                                            1ef261c69827fede0611031aa906937dacbae35e9e3e9d57be1b5bbecec17de6

                                                            SHA512

                                                            b7027fef1dabb752af3038d759f0403e00c739ffc7c0c720709f3fca464f12a26fe92f9352df9cdb98c885e4a0169e7b2005c575ee7bfb20c44115a8ae8e6d9f

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579c11.TMP
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            3c26058f51097b93b2ba0b08736c85bf

                                                            SHA1

                                                            e4fd82e580611740d758482bddeccc78a4495dcd

                                                            SHA256

                                                            d57233ebfb87db5be73fcd62b93cc90fee38f4c86a52e50c87210b716ead6b22

                                                            SHA512

                                                            4c01474484d4e5f8595c93c74227f33b281f1f447ee852252d0160e1cd2905eafd471cbaf75a6352a0496a5706168ef83194c4ad20384b7e32ff338fb4ab84e1

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                            Filesize

                                                            16B

                                                            MD5

                                                            6752a1d65b201c13b62ea44016eb221f

                                                            SHA1

                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                            SHA256

                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                            SHA512

                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                            Filesize

                                                            11KB

                                                            MD5

                                                            926074ebb3b3ea58010e8f4842289d73

                                                            SHA1

                                                            ea36273bb7821a72bd2c0d3634e711021b050d4d

                                                            SHA256

                                                            5cdb287d04493c3acdaf88469418355a848355cb56341bb67813f994b147e5d8

                                                            SHA512

                                                            56933396c9b2649fda84c7dc2804ae7c86c6af91e80fa57f00f38cd3fc17288ff7af0f25125dcc2db40e9580dbbc000bdc43d12943af8bf60ae7585ea5c23ec5

                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                            Filesize

                                                            2B

                                                            MD5

                                                            f3b25701fe362ec84616a93a45ce9998

                                                            SHA1

                                                            d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                            SHA256

                                                            b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                            SHA512

                                                            98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84