hxxp://imdb[.]com

Analysis

max time kernel
446s
max time network
448s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://imdb.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
620	msedge.exe
620	msedge.exe
1168	msedge.exe
1168	msedge.exe
1556	identity_helper.exe
1556	identity_helper.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 1764	1168	msedge.exe	80
PID 1168 wrote to memory of 1764	1168	msedge.exe	80
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 436	1168	msedge.exe	81
PID 1168 wrote to memory of 620	1168	msedge.exe	82
PID 1168 wrote to memory of 620	1168	msedge.exe	82
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83
PID 1168 wrote to memory of 4240	1168	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://imdb.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe811746f8,0x7ffe81174708,0x7ffe81174718
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15356710551348524828,5844525239971954556,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3160 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\19517537-838c-4c5b-88c6-2c0fb12387a1.tmp

Filesize
5KB

MD5
1af96c506feb8e4fc0a1137a6ec406df

SHA1
cede82e889c429d64da6bf6e998899b885c4ac3d

SHA256
31c19ba1a84e7a29bd5bf2b76f89d8fe5e7988cccab7aebcbc544600eb6cf9b3

SHA512
e16eb97e6c4ba3c1901cc5b1064a5bd662e6ec6d29a87040a71ad204bcc8fe88f75d5d04e62d2921d47c7381358a7430e3d0c0449a623f7d90b933904405b04e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
26KB

MD5
fd48c13cda42015801a917c23fbd681f

SHA1
618b071a50754d13416580095503e21278eb1f04

SHA256
f17f0379ad1ebb3d3e3920012feba9d848edb9778015aedf5b080b02f5cb48fd

SHA512
3f2262731dda3b5298eba20725fd54e096f00249e798cd1252fc3f1c9e7e09ad763410e24588b4db0e7df37c236442a37c2be6796f9298ea7cabc49e9a63a618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
182KB

MD5
7bb83e013cdfefa0befd53740684aac6

SHA1
94303abd11d73ada6d1b60e03976cfefdb07766e

SHA256
6249120daa6ed07f2f56ea1bc73a6a9a3756d398a17219d07b266353eddcd27f

SHA512
8c2b7381da429e8642d0c92f0076108eab8a2fa8917a9694ad54992814ab1237854946856555077c10fde5b5df8eeda672ffdff0941227df76aede8eb8460d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
16KB

MD5
744d03d3b8d15f0f88ffcf6c2f245faf

SHA1
7102292e9b089e348c5f406640fa2ba190e6df4b

SHA256
fe49227a042c3b3a382663b5481e451aa6343bb552fed1ec2cc057dd847bab71

SHA512
c0037d3afde3617c18c38fde754d80a61c6b590b3a910aac3b41d6ff1f768bab9ed91fba8dafd2cc19f549951c83acb751b1a097d705ffd8b1e0bfaf4dfaa3b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
16KB

MD5
15e17f26c664ee0518f82972282e6ff3

SHA1
46b91bda68161c14e554a779643ef4957431987b

SHA256
4065b43ba3db8da5390ba0708555889f78e86483fe0226ef79ea22d07c306b89

SHA512
54eadb53589c5386a724c8eea2603481ebb23e7062fd7bfab0eafe55c9e1344f96320259412fb0dc7a6f5b6e09b32f6907f9aaa66bca5812d45157e3771c902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
16KB

MD5
4afcd3b79b78d33386f497877a29c518

SHA1
cc7ebaa05a2cd3b02c0929ac0475a44ab30b7efa

SHA256
cded49f94fc16dc0a14923975e159fbf4b14844593e612c1342c9e34e2f96821

SHA512
2dc9fff1d57d5529c9c7bff26fa9f3f94adc47e9cef51d782e55ecf93045200140706ab5816dfd4a0b49b8db2263320fa2f0fa31a04e12d0c91fea79b127255d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f0ccb436cb9b2fde9e86f42afc4a7f70

SHA1
23649b31a257021288186ae6e5cd1e11f2e26c92

SHA256
4694be5ac82074f85eb76c5b2fdef1d36d96718f167897d87a6e6463add6a081

SHA512
f10490f78fdec1ff25de236b8fc76d5a667297b6145ec274a1c085780d2a641cb44d1ac2163fbb8d9743e3c3d78a3d024f1c5bab28ae761af3d31f65c602e163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
914B

MD5
48f63457f3969394f3f52c7d9a8dbaa6

SHA1
cf2d95086d547d3ca5ab344eb0ee649297e6aec5

SHA256
6de73adc0149fc4956c6ed638ab8393597087cfacd32d9dafdac7f3a695c3833

SHA512
4f289ee2c13e5d10db266164273ee53caea3ffa2a39396343ee5bc440079c73e72fa95b302b3156949e8757237d25d06ce8c757a4cd32019e4b6f10c0da4e39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
914B

MD5
c7d3072392da2c3ac1a515fe5d39ce66

SHA1
477cc7b123fd33e6732fe30db05bbbe2eeaa5678

SHA256
7a52463a0c9549663ef5425d4ac92c0677622cffbd30d14a31c0bc7284822b1e

SHA512
47db3a1207634952e2164a8bb37544b746666d62a7ef43f36df020d3e7b1573bcafc70e6890a0d21e46f97c514972683b8bd9be8f30882858964885919eb8376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
381e70f5eaa0841acb34952b683ce2ef

SHA1
1a9612c407caa31f60674bab100b001891c48932

SHA256
128acb9c26bf64eb91ba09348887458a30b937a352695c3c37478c1813df51e5

SHA512
633a6c2312ae49e88ea482c6e05361ee33e1a780954f7bef8f58c3de6a59c46db1eae1ed2a8a334ba923e126709a2b7d94503d7be4e30eb46a73254fbc536d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8096cc60d7e60fcf8b11481a760d84f7

SHA1
97bda37ee882d6ea6732bfcbb158618cfbbd4533

SHA256
e15b1e3281b182fc8b68252f23df7509730568b6176f5d42d66045fabd90c808

SHA512
505eaae9f199e52770af89fb174c018161b54d9648d64e432102aa7e6a247317a6dcf13238e1e201d37f3996a6d5330fa16556d0c39318e1d30e6de31d58b11d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7950781e205d2a15f433b5a6f3b358a

SHA1
d2a71f0e551b230a641695e9c9799b22146f7270

SHA256
95c9fc6d6d37f07e0540f55bd5aece3009f5bdbe10ce1cb46c0cca47216b710a

SHA512
2328ea51674a5193b1743060bae8971cc7716bec34b6dd107decbb84d15b7277f75cc87e8a88b66ea81479ff6fbcbf27c09b152fa607c5bf1e1d2448a16bfac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
237e04102ec20983f6a28641034cb258

SHA1
8c866243959a9625d0d6b8f3fcad6f25f31ffdaf

SHA256
b2c7a3bbc7cd6feb4dbe8ee3d163d5351d9e1b7911e5a27d6486bd25eed4b04c

SHA512
2c54cddeb2b7a8fb2d3750e7292102dfcd41ec6b26c7d7cdbdac46114f48d393cc64eaa02e6e69eb536253ae91a78ba88147145be843c3d6bc36354ff02d0aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
27807d2d09f2e31cfa4f42b309415a9e

SHA1
986280abf7e34c88a5d726b93a57c56a3d3e62d1

SHA256
c94d076f6e227c745eee03a0ed5278825433aa17ace373aeed688aade1a7fce6

SHA512
d85bc1aeb5578a19a325e465a71d47e5fc28626c0d9baf172d0debf5f78bfd79783ff779bc4516cbf2d4c17431947373c531294090ed6b819f6a88635f63fef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e221195d4e8ed00cef8b305bba4904bc

SHA1
269c0e568a8dc837c24f476afc4edcf54ae351f0

SHA256
d1e986f811c630b23e1bfd74332f9d9054f952024844027f269fe98bfc5500d4

SHA512
eb209500d2ee2b19d54363948e520e05ac629b72bfb02613c1bc40a5c6e98cf967a5708a64f1bc2633098ad156280958ea727af7febf9c884fc77e3efbdebb3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1312c38ae6972985d06b9971eb384769

SHA1
a3c36d2401246ae778709cd9eb7c0a0545b4fde3

SHA256
4a967d7cee72bbe9a66e35a56cbde93d9b9bb9d19e3c0a9ee0acd4e41b731c93

SHA512
58af877b7c2e5b98d259f29eff536aa31e1eb9680c0efe221837dddc251daec7e8fb26a75a542651d17ee7950c17e4802c1ae1ec09dfdaa7750450876d787d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
230e5058db9c1ada566778f979610336

SHA1
deb7ee6a9f9c88b3abcb6aa73d932672e153d980

SHA256
f3be8dcbbd5350d76fb1babdad2c7b534aa204a41eda341d00eb03884a58f51f

SHA512
fa9b6d2ed73111f0e5968fd4e4422d670a9df786debbd8a3f2acf5cc7e597671782ada03b9cf6217dcb82f29241eb66a25d2399ebe38e65960c521f85b1eabc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ff74f03f98e7f17c7a7183c1500e3b17

SHA1
cbecdeeee3865556d0d79b3d06dea85d9ac7707a

SHA256
b69cea8f7fed037862e7c337b38cd5628efd16dbeff219d06ee76bc28c0259e1

SHA512
709fee930ab1d98981789ef38e1f65aa53af8db41a3db9d43f1b99c6305d2e77f5ec429960684894c1e42ec0164cc218ce6bd15a78dca89855afb74a08936085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a5cd7ba7a04bcc0c1a1a70b73f781304

SHA1
526031355fe1adc8b7a00f129d369ec930266ea6

SHA256
73205229d2fafcd181340066bbcf366a155fac85baf1974894889d05a643bed8

SHA512
028f972cca696a461e2696909ef2fd49604bfc962fbe259e00d13ae9b6ce832467c19934b8c56b1dc8547ed931cabf450700997f2172d5c39b5e629cfc4073d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44d1709bbd4e177f0972202cd6cf11c7

SHA1
e23f19968b339d109ada9f5382638a56024e0179

SHA256
1136b3508c82f9d2c40da89d5f32ad8fb8e9453f2e1b8d299456c3d00d9be34b

SHA512
2de68129bb8975e6b46304c68fea76dd426b30a91c923afe2262a337697005226d25e1ed230090116a037b30565202adbe9d89d3d34c2823842fae854369c9d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d7b0a0babe0fb5888560d527e5a6f21

SHA1
fdf873ed221a45bdcd44f78f6409f33e5738b98a

SHA256
17b78c1525d66f9d98c0e05ce9323fc02e1751ff16ee4ce1a2a4159980a7813a

SHA512
3fdcd66b7de799fc93330b84eb1cecf68679e07164cd8f3dd07f56e09be14410429d18f1cd61e941362535b35cec93664de44e464140395c9423b894042b62af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1092874320f18a6e705cd15ab77fde7d

SHA1
6cfb555a81bc9bab910119d071412d5600a7e80a

SHA256
eb87d7a289f08b88eb10b6550e63be554c1261121e6ca8c3d9e6bb3e859bd1db

SHA512
e16b0e67b5e0c38b77a007ff0a212ff2450af970b2d771030680e92d93b6bd691de6618518f8dbd7c3a666f0b584487e841e7677f8aa1485a84d90c2eb97cc80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b8c1.TMP

Filesize
1KB

MD5
0620cd42b90fff5771e5ba4d9b2f0935

SHA1
05b1a5e46085fdbfab514f3a1cefe65788e4412e

SHA256
941b849854665f8df8bae0e154140274bcd044e45936cf6f16938bc7bee26f51

SHA512
8df2a1a1317182ce69eef41129ecdb5cf7e8d0ae0b70ddaa7901dcaedfe57097f5614239de35fb4673aec03c1f1444dbfc10eccebc94801292999073ee331ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4d56b35226fc0b0ea59694f3e8ae5444

SHA1
ae6313ede2f21df01718972f176089314575fccb

SHA256
8fd66840f8aef4cc7cf55b5ba643e7877e425c05fd9f9637d37ff60b6a9a4ba3

SHA512
b6fdac3f51a16134a50d0cd1406ff3883e93b92c244637d6595023ac59f8571df94afe7175e126438fecabbb43904363bed3231ae462a28cb9c191e1037116bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
600d8c56b875b69346ac1a2b57a2d818

SHA1
69afbf05b7c59c760d1b64801ff39d270d1ae950

SHA256
7025a0f3093f5c74022d9f21b3cbc8e6d2d7c6af6e76362cb1732ef1c36798bf

SHA512
3e11b6cb5e0a2f5dc27f6122cbe20dcc1af9cfbb58a40ccacd2c924ca62ca096962ca2a6d2752c2a9d0a13ef767a2f4696944f1fa3edafa21a001964cab80d5d

Download Submit