hxxps://avio[.]bio/rJx9_gVm

Analysis

max time kernel
79s
max time network
84s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
11/07/2024, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://avio.bio/rJx9_gVm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
540	msedge.exe
540	msedge.exe
2748	msedge.exe
2748	msedge.exe
4700	msedge.exe
4700	msedge.exe
4160	identity_helper.exe
4160	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2292	2748	msedge.exe	79
PID 2748 wrote to memory of 2292	2748	msedge.exe	79
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 4868	2748	msedge.exe	80
PID 2748 wrote to memory of 540	2748	msedge.exe	81
PID 2748 wrote to memory of 540	2748	msedge.exe	81
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82
PID 2748 wrote to memory of 1332	2748	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://avio.bio/rJx9_gVm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffb2a73cb8,0x7fffb2a73cc8,0x7fffb2a73cd8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3316 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15547391331621895494,4677635361552989305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1608

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004D4
1⤵
PID:5064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc52695a78aa4e8734d73b7446ba59d1

SHA1
15dfb5759ff566206ebd6b8a864e9e43182d7f44

SHA256
fc18d4b0cbcbb89e7f9cbe630c18c94ddecf8b59e74718cc5ad1f66fe638cf9e

SHA512
dbddeb1e9678141910933db917260164cfd07d5f2fcf3c7e82fc2c6db486be7dc47fb193a676e7a23d4ad6936c946ede8def1c555332e41a829d94c207cbfd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce971e4ab1f7a51b5b9def5887018d15

SHA1
2f280b61a4c3297a3129d59b84ae971e90fdf9d9

SHA256
12e7606eaa7e67b697c8b098266fcb8cb066cd9f8f60ce43ba8405102a63af1b

SHA512
5358fb373e7ef29ac278c33161fbd06b4ac59b24be16e4c34f37ae88383655a182e30fa71cb7881cffc3af5ab055aad25d57f53f3114e6d79b946dbfaa228594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
44KB

MD5
f606177c742008362e0412ebf5995cb6

SHA1
aa1ab760c2c37dd81362a8d72c1d3f6c66f4697a

SHA256
865a4bfdf5bf8290ea8de1dc3ff687e8d7d9a099e2b99ecac22b2d6dd86ff478

SHA512
20618f7c009c9174a709afcd7716e548648f21ed16125aae0a4cfa913052b4545efc2a7bb2c9cea1aa6e0e1b2ca8b7996575126c9c05c8afbadeebf457851887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
37KB

MD5
25cf31398f1889e7b76d073154a5610a

SHA1
19aa54b237485290a2e6ebb803a5e29b8e75effa

SHA256
a3d42f8e0b3537694a2eb5b3d1512911e7f15d70e734c0fc0c663b9a79ce4028

SHA512
204cade850986b4debe1e4a92123115f3451495b6f4a18b044675fc70262f0734fc404aaf1cc779bfa5fa72355e13f9565124e623726be3a355ef87fa574a989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
23c0254f0b28dc39df764341a1465375

SHA1
e163a621a98fcec5219f39d29a1f27a207f2e150

SHA256
ddaad16aeec6839be5e877249cd8b12ab6b21e1bb49935cec2264efe50d78c18

SHA512
f630f0bd886ce234ee6757fcf5c9ad6e13a8da0319916d9f4e53ab116fbdb324b0d68cd8936528951c91a46e7b0b39481320a3d2a31a717889793a1683d86ad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
73936ee22b75412cf8991bbab3f07c74

SHA1
e7f64a1f697bfab8ac9f0faf5a5c33f439ccdce6

SHA256
ebc56b1375f0a01f4756d68790d0b9a08d9a9e079eb63d26fc2d3d548154f40b

SHA512
497782f1212bcf0407a21db75a16cc855511e1256cbcf8672682dd3defb2154b3ce733e0844a0e3ba85599c1745c983ec3dd275857a210de73841874b5189415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
209KB

MD5
a46028dd9e5258f80430d56bded21904

SHA1
4270dc25a0d242f11563ca2c623c09ea7519b72e

SHA256
f7d80b8dc82deac2d3a61f75dd238527599a116111284df07f3761c618260330

SHA512
aecff2faa95ee08dc02325f5b609b039756f6319a4e455588f1dacfa278547cb4cf13938a664aadf68871f062d96af22c9a7525444ca152d2b5880c213fc0270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
332KB

MD5
eff24a5e46ed585d942417fcb566a54f

SHA1
79130b351b9e332081d77d368ca58ab4546e618b

SHA256
97ad1131c960f0a00aed3b4979123a2158c960a6940611374737b6cef518e8ac

SHA512
c689013abcf9af833ec192ce05f76f238ef90c15116503a21f280b6a1ab258101e7a788cabbfd3b5a1ee97e8475359fb5272c0a5dc8a156434600424cdef60a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
30KB

MD5
808786eacba2c1858f0c56e0ce295490

SHA1
a838452c96d02de79471e7ef7107c946cf5be3f7

SHA256
ddbdfe7040d492f275899895913b776fdfed00691399414588589724449e6f5d

SHA512
4cc0311d288c6c95c232edbb1d320b42b1a738bb0a46e7a5c425a89f2d6bfb198328ddad14e1cd6fcd1a8bf7e2b24968f61a04d6408ad1ee71e18a5e42766dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
115KB

MD5
d5aef4ab3288fddcd0fa194890969b71

SHA1
b2c8b3441a667f1395eaf4b1e693b46d9b7fb449

SHA256
08626e52a695469ccc2fae072647d52bab3264fb54b7566931005a1809c2ad76

SHA512
598554df1f18486cebe14cfe27c3a59bbdd967f3d862b949377a06813a0b92e2df2489b7557593b00fd2c2097295f7f7978448fab85d4c04e602f9f9a9668a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
52KB

MD5
40888a4c130c3e9c2af64a2c57b70bf5

SHA1
adb9ae9c41a1febab6817843b7addf508599c22c

SHA256
356b047b71ee81f3ecbde8c630dba971e9ba12f9d9116ce406b5ae9fec4026bd

SHA512
548d410fa90ff42a4fe56256d64983d3f47f0b00a1c0d87221925279a98d5a0dcc62a086fe5f1c80f916cb8022033566770352fcc785ba68e2088cfdafa31d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
143KB

MD5
c0df3bab7f43183b9e1684587e529cc9

SHA1
e0d75438540d9cfeace74555ccef8f96ab729e4a

SHA256
d8fc94f81ff8ce700df4e8ee7cad230b12838e30adf63354c71dbd7176a39c5f

SHA512
b20e21659dfbd0b88933db8629059ea82474a66eb126f49674953c5b85d7c46b66f70f9c0075f64b63f8ebb3137c8be748f5a8c7523763168a13b541a1db2fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
63KB

MD5
16f6f8ae2aa57162237d4eb44a7886b4

SHA1
04d5f8f5f611bb22044b49286ca1b26275f5a7cf

SHA256
2a2e88199811f550151ecc39b0a9eb3a218ee99b64e1af23696fa120afe6ab1f

SHA512
9f53942cc3976bf5a11a5502bf688809923a7f82276089fbfd0f96fbc998998be4f424b9cdd4c9a214588f80eabb37840622cab48d8e96313eabbb395747721e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
baa80a18dd87df5735d95654441feed0

SHA1
e600bd34f9822eacbe76dccac24d70178a839d2c

SHA256
cd12b1ca0960d19a282b891a804a3c21729d00ef26ea23b674e908465d4a691a

SHA512
ba381c34f3be056d6d44debc209d97921c2bdd8e3af66a8a899e4ba2b67d163395789e32aae31ee80c7d0d0c35685c01d1e734ebcb7645ffa54a72f0729adab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
75f4d34b443e0a3a8cb49c8db9db1975

SHA1
c62a665af984f19e83923c55e68ecd08c0f65ed7

SHA256
0a1ae61c5fbee61b2c1fb67a5a16ba6e006c818e07686a41075c7839fd5cb60f

SHA512
5466922989f347ce37b89401df1c72d690d9ab2d13e67aa55e3b3162d7fafb4b55bfcb2768501fe8d08af5fe576c4a4b423be2a06313efe0fda72c7135f50d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
51a56a38fd554786775c0f1eb20538b8

SHA1
e7db48380ecd7bfbc0da77b4295ed71af2045a59

SHA256
45bc89a2c496de667d34337cc5caf320afbaf78abe372342d06bdb8ed0982656

SHA512
a90c8f5548107968dd998895041c7c655dff2a5b99e8aa8058dbba97258cb918a1f783b64f11222dc42803e1ea8409fb286d36f1ce11ec48eb6a2ab494293285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e404ecf35ab671f50d2622958a1d92fe

SHA1
5996f01db580353197ee64d542d2ba8651810e85

SHA256
40128cb373f04d6823c4f088cacbd6d9f31d58647a911939409f3ad944e45244

SHA512
cc719689a3b79e2b77dffcc83bde5ec589676a7b081062763ab5fc3eed815ab6bd8f0d1292be20c224c3ec194754a46b8f0dc344d4e0ce7f800a7b046fc5c37e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
846c2a7d977d7cf8a056d71927983577

SHA1
3c3049f8c219fa219ec108178e132037d98dbc26

SHA256
6900864a28e19ab493334ff145dc792d237e922d95a2100b5add8a41e63f0e88

SHA512
e1a4726594a17e965ca772fde5c3e849f65fecb7d2d1d0223e8b27101ed9a2e501c5a87a33cd6a3ded996a16044d1a9ea3a909117864b54749107e7b1e58ee09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
09e29e1aa197d102110241e77362fba7

SHA1
d0019d4baa5e83c39400a58ae54bea1ad527ff6a

SHA256
fb8c87178052f6dbc1a4774ad0d98d0c9731975335d61fd7daa5cd677201c672

SHA512
7c7bc7632bcdd27a389c4e3b46ddbac7338ed6497ca1b33d3281398d9ae6864ef763089a103dd02553047336039efa50e1267c84d3a17cff2fca3b0611225b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2333212183903f001a52fbfc2c4078f9

SHA1
c2edbd117995b47723ad05b6fc77af579807c440

SHA256
669c529df8615c7fcacc39b0ae31535b8b133879f06f18c6ba9b40b411699fa8

SHA512
57280ff9f75ce034447e8a1a39d081bf67033f507521cc05e45d74829776745543038495da307673fcc9200731be5d5e85b357f7d51e2abf6d25654640a87b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8918390798291bb366be8f68636d20b1

SHA1
4de097df22cc63b4a046d42155d90b4994f7d573

SHA256
3280c07d660517a5dd531b312d7b093a0cf1a35eb553c2550af54b432173eb08

SHA512
0d1f6f965ccaec27aef1602c2a3b8870864ed21f5585aef246dd0869fd2f12d564272478f6c61870d5f449cbff0c30dff1eb725f9f908765fdbb132920e90100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
b115b78b144d663a489d9dc1e8d7b1cf

SHA1
ce2fc80a491760ce547f4037d22b17b292416894

SHA256
2cb92748af3c4df3d08d70b085a5fdddea60767c666cc63b30aa848be8060271

SHA512
7943c27ba4ce5a063191a233abc6cace6221375473874f198215c113ab216552bb68215dc8dddecf69148d761638e32058ddabf90fa34f2fb3e26525703cbd11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
5f467d00b9596932dd2f572754766e13

SHA1
3eeb9d5460952053b7adb543c74dba5cdcd0d36d

SHA256
6e2e392ddf40a1a1ae4378b6198055e3f437ce63c978d0163dc8fb0a08d634d7

SHA512
0cd90ca70de8304031e9eb3b134621f87c78eb5ddf94775bc080f2ec8cf4751ab4ef8e2b2dfb76abfe950722e990478f62e2c5376f887071c542d53f2530c7f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583eaa.TMP

Filesize
204B

MD5
78883f2d1a4277fbdd17f536ab71bb91

SHA1
95c43d00212f9d7fb41efc53db23670a2ed9fe16

SHA256
d6cf660af486e3f926803434696d267c0e199263a3c9ed90ebd81f0b835c4f6e

SHA512
488d76ed0c720294173c63b53d78c5de4ca63a77aa86f46ef5313bfda2133e0aefd058fff03884133191718b7f74316fba670eebd49aaedf817ebd057637f5e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2a3ff56fb71345b4775c1276a1bf91a1

SHA1
621fbbd8a719affd72603507255b41021c9dec56

SHA256
bfc6742753d3a88083ae9c3f29547c06f49e3c2fdf3cb7ea104bf5860a26e60c

SHA512
dad6378cad68b614b65359d629e8e727a0617ded552dedcc82abefdbe3060debf314e65ffe0071e6283716395d0c68e0c736d3729a2f13ca38664cdc57b42c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c3c534ec576c9443eb9e7e2d66eeb35b

SHA1
6cb10b0dbdd6180444aaedd51cafa206cdc87d00

SHA256
0f8f48298f67ed359e16f508d262d39498d11d8995e687881b2c44f649d65eee

SHA512
210f789f06ec139ad2e084d1d9d96463629cdadf5062f1c9aec388515c6288f73c4285b94cbb5ccab8fcc4fdc3d062eb14e30168aa4b25f3c0827289e6b6b0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
29b42b7de63fb6f34c9a892ad4fe80fa

SHA1
4f71d0489281dd21c413f1b31699e4f3c4e32edc

SHA256
00307bfbb49e1c265361da0c2fdf55b8138079ff53c3b990efdcee359f9a73b9

SHA512
ed3c7a56f219132d2a6ffc373ec6d27f9c8b6b8985410058b4efd12adb8195355610280b0f8ea21a337b2c684e26412fc2ac8f6af26fae3fcebc703dd906e2fe

Download Submit