hxxps://addsyndicate[.]com/?Y3wyMzQzMzN8d19jb3JzMzN8fHwNCnx8ZnJhbmsuaC5jcmljaHRvbkBzYWljLmNvbQ==

Analysis

max time kernel
297s
max time network
285s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://addsyndicate.com/?Y3wyMzQzMzN8d19jb3JzMzN8fHwNCnx8ZnJhbmsuaC5jcmljaHRvbkBzYWljLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3608	msedge.exe
3608	msedge.exe
2760	msedge.exe
2760	msedge.exe
4456	identity_helper.exe
4456	identity_helper.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 3544	2760	msedge.exe	83
PID 2760 wrote to memory of 3544	2760	msedge.exe	83
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 980	2760	msedge.exe	84
PID 2760 wrote to memory of 3608	2760	msedge.exe	85
PID 2760 wrote to memory of 3608	2760	msedge.exe	85
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86
PID 2760 wrote to memory of 1184	2760	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://addsyndicate.com/?Y3wyMzQzMzN8d19jb3JzMzN8fHwNCnx8ZnJhbmsuaC5jcmljaHRvbkBzYWljLmNvbQ==
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88a7846f8,0x7ff88a784708,0x7ff88a784718
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13443660863211415528,16405526932420329273,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13443660863211415528,16405526932420329273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,13443660863211415528,16405526932420329273,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13443660863211415528,16405526932420329273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13443660863211415528,16405526932420329273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13443660863211415528,16405526932420329273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13443660863211415528,16405526932420329273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13443660863211415528,16405526932420329273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13443660863211415528,16405526932420329273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13443660863211415528,16405526932420329273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13443660863211415528,16405526932420329273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13443660863211415528,16405526932420329273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13443660863211415528,16405526932420329273,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2640 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3403de8c-33ff-4f0c-aeea-38c10b2e7b21.tmp

Filesize
7KB

MD5
15dc48b6eecf37b938035edd534fb629

SHA1
617f5b4ee7989f1b4cc76264367a079d94a86434

SHA256
398850ab880559b587cce5c83927c160faf8a1740ba8b3aaf80ac5a97686ceb5

SHA512
66fec97e44c304c87db0aab52b07540611fc2526ccc1d1be7c16caee8944870cce11dfab5a5f7e1e6537b0c9f06541a23396b721a8d63f7f55c1daeee5f72eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\65932ef0-60ae-445d-829a-e43c69706c93.tmp

Filesize
7KB

MD5
15f3682667c59f9ea64a798dffc4938b

SHA1
abb2d170bd13a7345cc8fb411dcb53d2394c23bb

SHA256
d6fb3aada647c5ccad91684913a5ac1a05b1af9e8028e52de23f2b829498a55a

SHA512
72b125b664f032238dfe9176f19c1045912086c9740be9a7d2059eea8e715b74e9a6378cb548cc200651250e9feebcc91f2ff0ebc780866f5b384e3ea565d528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
28KB

MD5
7eca83e9b763300e5711b387b103b0fd

SHA1
53e8a3fdff54f33a0255fb1185c53a0683ef70fd

SHA256
d18607a9a3cd546ec402752d4fbf2bfdd15cefcb11eaf7917e3301315aec08a1

SHA512
5f284e695e92fd0c31f08e4425efebb17eec04b107b478bec4d3fb1056d96b481668a2a3b11b3a9dd5eee65437b7574f144438e564856b7722b15ca4014d1ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
109KB

MD5
619ba6efbaeaf3631363eddfc143f3ba

SHA1
0c354fefd6730261b846d2d257eaaa601cca983a

SHA256
1944bfda07b2f8d1a99265aa6a747ff991e6c89d032ca679b919b9fcc3ae0512

SHA512
43340ff89f1ebcf71b2e9d88462fa1c6680dd9ac14f5737c7eb7e2718d151801ab04204376b9439d3dae90da5e72587c21f01d789198c6254aa8cc6ce498803a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
108KB

MD5
b12ccfea1ec61935954acce8396fcea1

SHA1
497bd93881d12309a71c40fd52bec2b6c64965de

SHA256
f4e35e9cc17baab26c94389fc8703f555084afe8b19a15b8c12f5997f98b931e

SHA512
6cbe28627ff84f95ac76a064020bb515b70223db67512839f7af38f7486fc325dcb88bcbe6b9c99cfe8efc8af7319465f0150ee5a75093634d7db17aa79676f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
39KB

MD5
d7a683c3b7564401949b5e3f93c63e3d

SHA1
55fe1c3238305253e57dda1e8b2eb222b01970b0

SHA256
e6b73b51c5a1314beff39ceb2a0efedd7313c0c1a74e9e0751b962cc59ecc866

SHA512
f9d66d34b2247cc63c23564a0bac2ab71bd0a9f809d74171878b156a69a53bc9cd10598a480ff85284802ff20f7e066892b891e72edce12e5b06aed368a301fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
c81aa8fae2b7ccc42b5cf0efb1a745f5

SHA1
f2b3a5321a15f7a5dbd55f2ff4b0d4deb699af91

SHA256
24f87ce93d67a4fe713ca92325d2701d2f8b22c043602bab9867148dd9245b1f

SHA512
afb4f47960bcaa0272ddf9b908f53aedefbdba9dccbcbeb4335ce387b5571d6a90ddb6a70164ab475c7758a6b9d83e910a17e242e51211b21623901da370f560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
bec70fb5e3ed97bbbd88e2c0be6cde03

SHA1
c24fc675b4dd28010dc7e9f9139f320eff4eb727

SHA256
2a50ad1a79f1101a87e8deb99f53431aa290ebb778fd713a96ec0c8fcd187d74

SHA512
6eccf165fa1d77ba0c1fa421ed8b57ea30eb73ec22ac573f11c1f8ac86c00ebdbf7c4e14d8de093758bf9b123cc6926dbcbcc0bd038e3cbc2c3c3f4d7fff3fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
22fdd2a21f72f6ad728cc0f85076610a

SHA1
7d00d575a0d22a206ede95dffe166af0050025e3

SHA256
f15b6c6d920a3bcfe9378eca38a33d3be1b47a9767b67d9bd7320880305ffe90

SHA512
a8472f249a3b8ae533708106910b13ff603d5888cd927dbd6179c2c68b581898fef6f3ac060944098d3d1b76074141b8538d9f8b995d39e77a427517ed7c850d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
36fb556ec0afd625c6841f1eeb01ffa9

SHA1
ac69c36835c1feee2c25ceecdb4cda9f2adde279

SHA256
ada1c8045aa6bf61759cec71829c51cc8743e95443de2ccda04da623f8a1b02f

SHA512
e397e948cc197b754a0b631c7ed346f4bb394967bd5a3eedafe91ea8501f8fa2a9b6d3f0db5b94280b2deac4506af0a6498e8677bc9a61bb8b14b8c250a38cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
264235b68cf88c1b011f03c95d207029

SHA1
968321f5f10a68ed9082b648ecdc752d62465fba

SHA256
0851416962414ae909a92c0c5a53bab814884adb2a573a2462369b104d12e4ca

SHA512
f284dd0d26ccc7ed5a558637b84a2fce808a2f10715c7fe26e46fc3275cc9a072370faa5619484acb6a61cb8ad7979a361acc014edf243c12de9111d63a39cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bd3f1368428d152bd8a03bcb84c6a0c7

SHA1
8ca9e3412300b318189365da894e64955e9028f0

SHA256
cf4a18f9617248c7f11b452f472b502d336d6709eba817ec827a0a49f7d20d46

SHA512
d07953340363ee1a4bdf6f335de2907f15367c4bfb39099f93b163833172b3bb0251f1dbf5cbd06761426013ba5faddcf2e39d5d7c07c3573dc5b7429d7ba6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
759e76e1fb7317057f03c24b1b7cc0f4

SHA1
f8dafbfe6b324d17ea7ec3f9264d9f688a79e372

SHA256
ecd138ac8011bfa817d2e22ff584c76c713145a3efb57593eaba98abe999bf35

SHA512
d2c60bc215b3ed9c5c545890aa641c2730c7b4c94b32cf5e95991fe416173af6754a2e240900d28b478ab127c92e7c7e52ea69bd50efddf87a0b7a0e65a12e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5349739d8afe692cc32ec09596854ddd

SHA1
0af099e48976c3e587c6004ee456f8e1337e9c36

SHA256
527c7999f6c5be1b5e22e3ab223337ac1050cf70c0bcb28d2436245960dd709a

SHA512
6b760f073ef58fd5b4a6b110bdf3f3fb8f583b0dc0f30a8da79ee59c99ed25100ea32778d6be83043653fb12072e583e21d4b2b47807cf42c0349f187ca0ee63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bc18d56e738488188b2238eeccab550b

SHA1
0657ed389babde3f2958f7211b7de450d43bf5cc

SHA256
29d5f03ef038917fd5905c62340359daf17d3ca09f68fff45de7395bec35ff61

SHA512
231f4cb1557ae9fa5bb1b86ca7f056202f2e4c617b5576e6ff2f118d8206bf84b59f1018f2d5afbc1fdd0d6700795d104c583aff51e7848aa691c66df637210f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9bfcd6c41379e06c0477326b9ac0565e

SHA1
bcebe85d7f0b97cf92537885f3431c2b3fa0d7ec

SHA256
facba6badc14f1486d8faf2a48938433cc2bc2e059c3554faef2906397799fd3

SHA512
59308ce22dbfdf761a34578aa6c58013562dd02238952a5b0b81c622e5b7d48aa8d246f302fb225bde71c1c445c09349bded4b3f75c3a867d71937a7365257bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc6f163fa00e7a869d654245581d1730

SHA1
8e8820830cc312fd599dd6eda832bf11e1a8fb0c

SHA256
25fde2a3b72cf01c6e2472cb6677662d7e00a976d1953dcafb0e3752c8673087

SHA512
3426c63dff1700c9e2f111d78e95d6d4e3d38dd9480112b34e469ccdf23ded7fd02bb29d02a1eb4d03dfbf609a40f365d28c8288eba0531f5e9d1661b2323d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c8134491c8023ddafa337f3f21db43a

SHA1
fd91b9238c1a2b21a9045d92d3f868010e32c272

SHA256
d3fe1d4f9dce4b22b6b55fd092b68f52a01f4e16f509413488da3e3c8a4ed344

SHA512
c0c60ecf93e28c2e241d26cb6372d9245a96f35e001961fbe0c6ea2a92bc24de743a964d7914737365929366807c60ea754ef6cf7b3f301feb39831e3f7d41cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7776ddaeba589ce5bcf19e1c6d9100fa

SHA1
5b6e564ebf12947bbfcb329a270d77ae46aeac77

SHA256
b5b465eb890f824dbf8af99a38470946849fce7b26cc9779bae9dea9f6898419

SHA512
e43813997d59493f48cc2fadb66103209e03f874cd1f4ea4d93e568b01573f7f88e68fd17111f97fa2578987f912708b5aa20ebf7db814fcc430773462d11cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b305d46044d4cddb729afc2ccccadf30

SHA1
c5b37d2d553af374be184033b91a1fa0ea1f6e6c

SHA256
7c2a1c1ed49987dda1da7423138b578ed59ba2bf2a1c2a7b3ddb9f075e5d3b40

SHA512
40e79654c0d5719210d40d1433dad7f8b5edb1783e18d5c28042010d4fde2dcda51466c8642eff6e3a20b6866291f924017c7da4ad984f22ce3f25f86d84c18a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1309aed3c01893dd2799035d9095b4b7

SHA1
1ab4361b4aefede79b4bfe8f364ca56ff48d8e6d

SHA256
8ec82d711278dc4ded099e303d48369cd483183f46054e9e682412dc1ca8ceac

SHA512
0f3556fc3e2a67722e5cc1079c41270bb1640f979f8cb9df2265462ceca639ba1666f8e7e529451d11e3a9ebacde2880e0e1504d7458beacffcb65642be99399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5a9f7c2605493f97815a83a971351657

SHA1
33c63fb26c46385198e264188966c7c464e458dd

SHA256
d7a5523533b678db9b16af802b3e5539318bdcac0a72b86385c70859f6567737

SHA512
9fadfad183a9923348ad18ab55266cf9f385d092cb34c76bd90e7767d7d896ab2631c521c52bcda8d8da6e6069e7c3b0908fb623508758fffa61ab4dc321fe3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a9147431885dcfd7664f322a6d0708f0

SHA1
37f3cbd610aa17507368d2bba4950b446c5be4ea

SHA256
ad124df69248053e8cf54e90de4c1c43f39353505946b34827c1e4532d624616

SHA512
5d27e8726dd0f411819ba0098683239f1ab87c43fffc5d63f4b6657fd9d2d00bccce5f22d7d42d521a938eafed5d790e7a94a611cd143356dcbae7c24a900eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0dd052578907ad38a0450c944fa14d5a

SHA1
e56032988f01596433fc122dcf9af7410eec77a0

SHA256
061980367a58ce18e993d23519b42148046d833ccf23d2761f7e8488a160571c

SHA512
a0a918687ba66c6f08358fb0a76e37226d312198a5920c63570a35251c4bfe27a92c048ab795905e6b532dc182cb75e441b0139209ced0e27c2cbd949ccfb631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cf68bd88755150af924ba170cdf1fe51

SHA1
c5e9d1d9cf0d37c06ed5b8299602b6d65fee63c7

SHA256
b87b990d148a9581709f0cf86f8ea0d2135f815558adca3ef64755bd5f9444c2

SHA512
8eeca9f5f105233adb1cb02e34b30bd7619bd2a5f44c1239814939b01ac7349063e84a27d9527ceffdcbd921934375d9b89efc75f068e8e554357accc70250c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa06057a8a65b8afd0ea97a8129f1e52

SHA1
de11ff627b65d4aca158ea2bc4ec53890fc98de3

SHA256
e6db2f023d8b9a32035c196e9cc70aa335c755ab3715d09ca4c7ccb547b02756

SHA512
fd05b900156d910c3aa68db372131a186a85e6d1f99c2b886eed559cf0eaf454b765551bde110e8933b9176644c019993e5ac0af4ec9f4af7f3cf26a48c92d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3aeaa44f66fe7cf224b72c5e80de6cb1

SHA1
9402480928aa30b2474330f64ba20cc6c2ee484f

SHA256
e28829725c0b8afd86ae73913304cc587acb2a98337ad4c55ade87ab8a0178b7

SHA512
5b2d75da21f50bbddc8bd6391e46ddbd6a9e0908a423f7292870b1ef944173004c8b76ed63fc34ceb24019bb394d720fc3a3c992dfffdfe43a0ff3f0f41ec949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
367178078cadead0cbfebbf770d28359

SHA1
9f6283909e3333a9dc22ba2ad90c4ca4a03e709d

SHA256
4cae0f0a5daf4ddd3842d397e7cd30e51cac816f51b94d6a9d5e992df32d1853

SHA512
a56ea40b808f83f5ba3f3d455893e25f72c136ab6af958ec3a06856cd03147ce2868434493778c040aa605ea9d652b699adf43437cbb367e88fd38e5ce5882e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
04d09cb14c6457dccadfe917a63ae772

SHA1
5c5449f5928eeb57c010b95c01a91f8206df1b6c

SHA256
bc3dc5017f85cd55b51beeb2ce73b35680d7603b1ef6b922634d3297c7d448ac

SHA512
05844d3050cbabcebd84cb7e60a22c0455256e4869dc1ae6e9a1678ce5f7e5f3dd1d2a1de0f2806c8e1bed41221737f5597ce2d09322d4177202d3baa9a2e14f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
115e62862082267e71d1ae9ad57c950c

SHA1
6a4ffa15bd6ecf4e5e4ee88ed298210b8e77ac73

SHA256
b1aef8760e6619ea12afc5dba323e0d3a96321da8758157e27b5ddf414f867b8

SHA512
50556f6ced0cb8a8cfe6459f72740359e2865b38bf3e99ea2dcdfaef477b781ad56956aa6fe1ac8b5955228023d152f615083afd3c253c531c4b1f196842e267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5831aa.TMP

Filesize
1KB

MD5
04e0615782f4f3628b17d00788160d2a

SHA1
34abc559bfbb17c4a2f6fb2a7fd45e00a62cbb17

SHA256
52681582ba79344b4396ed7c815cffa31da2a222185f65934a039a2862973d88

SHA512
319298bc4c9d4bebffe2b53879ee45c278c98236b1dde25a65b3dd58072147547e6308709ec5cd457eff1fabb97c7d41c4828b4748744598167c6d0a5ef4b56a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a77f93ec6e5f86fca27ff384dadcabee

SHA1
0bf908865060d5f863c865e5774a2d882a161e05

SHA256
f85414d05083e9c982c5c66c798932e94381a408544aeb918bd0234c6bdaf779

SHA512
45efb7ffa97a0a31c8e3c8d49f3bc9cfa9aa98a9d29915766d69dce8caa99d1143114c8237b68787b07a86029beec3937b76aa8d341a2a42b6b4384eb15ac82b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit