hxxps://ddec1-0-en-ctp[.]trendmicro[.]com/wis/clicktime/v1/query?url=https%3a%2f%2flodgesonvashon[.]us11[.]list-manage[.]com%2ftrack%2fclick%3fu%3d7bd9671a0b3250a7fef40b908%26id%3d9037f6334e%26e%3d176d192631&umid=c3b5e576-eabb-43b1-b355-8b3314499765&auth=f59947c46ffdca8529044338828c8694fe545b0c-470863c8cfe4c44d03e20bf02e2ceab308b9cbff

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2flodgesonvashon.us11.list-manage.com%2ftrack%2fclick%3fu%3d7bd9671a0b3250a7fef40b908%26id%3d9037f6334e%26e%3d176d192631&umid=c3b5e576-eabb-43b1-b355-8b3314499765&auth=f59947c46ffdca8529044338828c8694fe545b0c-470863c8cfe4c44d03e20bf02e2ceab308b9cbff

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{F55F8DD4-63F1-4E42-89BD-A0AEC69C2ABA}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
1184	msedge.exe
1184	msedge.exe
224	msedge.exe
224	msedge.exe
5100	identity_helper.exe
5100	identity_helper.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 4344	1184	msedge.exe	80
PID 1184 wrote to memory of 4344	1184	msedge.exe	80
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3284	1184	msedge.exe	81
PID 1184 wrote to memory of 3260	1184	msedge.exe	82
PID 1184 wrote to memory of 3260	1184	msedge.exe	82
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83
PID 1184 wrote to memory of 5024	1184	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2flodgesonvashon.us11.list-manage.com%2ftrack%2fclick%3fu%3d7bd9671a0b3250a7fef40b908%26id%3d9037f6334e%26e%3d176d192631&umid=c3b5e576-eabb-43b1-b355-8b3314499765&auth=f59947c46ffdca8529044338828c8694fe545b0c-470863c8cfe4c44d03e20bf02e2ceab308b9cbff
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe811746f8,0x7ffe81174708,0x7ffe81174718
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1272 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14577439587858011000,6818566115867965621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3588

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0 0x48c
1⤵
PID:5720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
027629dcc9f7f2e97a99cb387b9338e6

SHA1
05b517a8e7367bf963ddb2efa3e7ca4fad5a8083

SHA256
d3c70185f9f72abcc6c5e6b0b3ddab82e728ecad4ba4dde8ebeed300e470bfcf

SHA512
5a4b845705ef6dc052de2e38ec9579fc4567d54207e4c07f61732f2740342dddca0905ee5c3bdb716519e22cbde5df0141bfb0300247e76c147959a71f0a804b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d7e6191e7e681177ad73b8d2dc64feb7

SHA1
d3634730cc5efab585280a9f50a845560df0bcbb

SHA256
8d9ee3f510dd562c4cfec87cbbf7b021077ff7ba8005271feef9fa897b260db7

SHA512
06c434cc7f671885b5ec30aaba87ffbdede37cc442138891ca44fb947ca61d2454498f78aebe70ae41c6e8da81db43975c6d0eebe6980690e4f97559c3529248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1523dac8afd3269ee0b11e57c96b7742

SHA1
8dae9ee5e9c732e338bccb6006bea30f0eeef3bf

SHA256
4768b8762ed9f697881250ec18c29fed392412158fbe9428e92090da6c652ca5

SHA512
09e221b15cb05a97c021d3232567121bb0e376c91ec9bef03cbfa740e6e209765c934e585be0b65ee3d15e2e4626a6d28e6656eddb5ce63a2c44143d4d5b67ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
fbfcf3b943e712fde9f4720f4f2394cc

SHA1
01a6ec937cf50d5070a83cb0fa44a26ea91b5d5a

SHA256
7e162e6187ac00006c6739dab5f87a4e33b3cd5565aa005c6e13156bf2f894bd

SHA512
53cd6818f82b9812d814b12e9c66ce1005c77a876dcb5271f368b4c78c81bd40f55167456dd2a9635173b2744222291b61848de8b50135d7a1d45f143cc13d82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
100cde8280e0ba00c103f9b332187172

SHA1
aec93af776829cc9a40757f50335bf60a3d8d221

SHA256
5beee9c7ca099807d4c4a7cc391885d0d11343084a0f17b7af0261a3cf03111d

SHA512
51073d1141265e498594e1197bd5de52c1637fb4f46a98880b35368f13a00e45c93f2334ece974c3e7d7c65d7736536c2b39141d1c799ecb80f253d3450128f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b948ab8fa26a79c936d736864662a7ba

SHA1
28dc7f53a7787389c2bfdeafcdf2519b2cc885e6

SHA256
247cd9892fd5a767f60c02755c9196013250a859ed4804c3bb59efddf9cea80a

SHA512
c08397b8eb2b05058a713bce8f81357d894987d3a87966cbf1e7d1e90d94332cdaccf83f5f96e0f710b2a3e9d8eb300b53027e0be44208760e2098cf90fadf73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f647b04b51b2505d20f49f2b1a9e9fbc

SHA1
ba38ff5261a9dfe49bf1e61082efe9fcf4d55258

SHA256
a6cf5703b16c4cd26c39303b159ca6e90f79dedc18703905ab17742b6105af5a

SHA512
d6b45641e760f580bae934d07714f8d4479b0cb158718dc18bae68c9c66ad60bf1ad87cdc58d0dbd721a3c4b24cf6903f8d631b1085390bedc60775a3e623f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6a48b55ba496caabcaab45aaf8dfb9c1

SHA1
8d516b15616eb7a0e2638a436bc30faf221e7235

SHA256
26862552fd0b6b61d37e0d3b1b17894f7eb8bf54018afb4f7f59c093f53eda27

SHA512
8acc65e4ee429b5255f9447eec67826a83435b3e1cbe446464cd4a1bc97807c5a1b36ec4b7c675616111a0b93a336c365e7c84051e750cc0dd7181da588ddd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
74aba9b1abe855d7e8d12cd557843929

SHA1
2312b97cbd17a8fc8c509aad5ff638071c826101

SHA256
2d73b8e85950f9a834bc699952768a7d16a10606036c9dd7784b545fbfd1c3cd

SHA512
8a5ded52b5e574ac8e2f292157a68e913b2528016a58f90f94c7ec39b5236fa93cad135abf3270967be27ba8dd57ebbada40db1a44e7057a4c4a1e0ffcfcee89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
d7a5bd80ea71a3048db0e743aec05552

SHA1
b232f788be7dd56a43dd8528a11087858e088914

SHA256
740871ed3637cc3af684bf22b8218133323961b6d7d763178545f238fe187a5e

SHA512
e5e6f654e42b63b0d1ffface2b4b557cc13364bd9c1b8e61728c4e27b5d9f5b0e2943b40c0efa2c0863f22d3ee83f745198f02e8031996a1df514ef3554e53dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0c37a383e97ce63438b71bce41d86583

SHA1
47e747070a941bdd086e889e728d44383ea9c194

SHA256
72204fb87c84c2e52b9193a4e2407e668f1c80f664c6a019fa0686243b8dc83d

SHA512
3041ef73e7ad88873032fb21f440515623cc897ab991480c9aae5319d9bf8deeb9048cbb267ea9ad132b2f70529548609904d5a1596a29e9359e45947010407c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b3f88491e00771271390574c5cf69a81

SHA1
49d4289d3a60a59e2f8e1eed5a2361bd7677be70

SHA256
35bb75ce60599e45750ffbc6d7e033f6d3444bc53d408e13dff233d875c09100

SHA512
75c575a1d54dda002a175b283bbed98696c0fac712de8c7ca93f1987e24ede34a18af8b8f7f82f9dc82140ef030041b2035f8ce92503fdb0b3954745b955d013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c0bd7588723fddf8a7ddb4db0db64458

SHA1
bb73b8f312fc68e7dc1705d1a277ff80bc982cdc

SHA256
c2d957a2d622fb5b22c305d33b4e614a74173bbce8cd57b896d291959bd3ede5

SHA512
285cc4bf50d38b045d72ad42847ac9279d9b01e578775f2a2b5b7ce93bbf865193ccee3834c6583100aef03ff96662e5ab8a3c002abcb8217146a8e04b20178a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bd16.TMP

Filesize
1KB

MD5
9d328944f27da2f8ea635713532dd5a8

SHA1
f2bd224440ba6360633f85c8130467e594a7e862

SHA256
03e38047bf53d82f8e90f78ee8dc074d7dbb908c004cab4e7b7fbc3db5a2e70b

SHA512
cc02a489c8eae1b435527d6d59f72fece783df4344f1f92b1022432566b21062de7f3695aeda747d097aac7e13bb6c76ec345011b81811f35911e9263b8ec4d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c2fc46f9-66bb-4ce3-9686-2218c22a3e55.tmp

Filesize
11KB

MD5
bd01ae5ead18906f898722cc37329207

SHA1
37d937ccfafa2f5ed44abeeb1d42af1dc40a4737

SHA256
03314c15a792a2fef8a633a5d7dbb4b02a79c8cf8c7e1e03c9da1a3ba725b9db

SHA512
644f251b830f3a86aa9b06cdb95524421ac1f865b975046e1fb4b94787cf1e2e32ab70013ca7b66e499ecaad86fcef8f0cbca7a7be5c7975f811ac2f07952f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5049d4c98275409fe23f4d4b9b42f019

SHA1
4731120a38a1f47d3beaa0b99f5aec0e24ea0d35

SHA256
50e462ab8f895ef6de3aebd65ce8483f977e101df708cd3f45ce01f82b66ea97

SHA512
82bb3cdf91d9df8dd2c24d1e381976e3e399dca7ca7b47368637013a3660d40e5ea9906920fe322b88f0ca69ab8c8c2e47e04cb9f66b163c18636df7c4b03ef5

Download Submit