hxxp://is[.]gd/hXkd9r

Resubmissions

17/07/2024, 08:17

240717-j61xjsvhjh 1

17/07/2024, 06:25

17/07/2024, 05:35

14/07/2024, 14:36

14/07/2024, 14:35

14/07/2024, 14:32

14/07/2024, 14:27

Analysis

max time kernel
239s
max time network
240s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
17/07/2024, 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://is.gd/hXkd9r

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
4448	msedge.exe
4448	msedge.exe
2992	identity_helper.exe
2992	identity_helper.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1632	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1632	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 3224	4448	msedge.exe	86
PID 4448 wrote to memory of 3224	4448	msedge.exe	86
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 1596	4448	msedge.exe	87
PID 4448 wrote to memory of 5016	4448	msedge.exe	88
PID 4448 wrote to memory of 5016	4448	msedge.exe	88
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89
PID 4448 wrote to memory of 4428	4448	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://is.gd/hXkd9r
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff807c246f8,0x7ff807c24708,0x7ff807c24718
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9137403179258822743,4143873396049917124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:912

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x308
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
96KB

MD5
2d8d27dfa342ac59c785b04017705688

SHA1
0c52b10fcca8c2b23527cf64309d3caf24475e96

SHA256
53c6aeaaad739efd615657f93b633dff9a7142b4a8dfcb2f35bb324a9f222ad6

SHA512
436d268217b55abccf5c0d54c6b044ae161fce0fe616d329166e82e9492db22e216f1caf6642395d66806f8d4c87ceab4c94ba1647608381c659150da955fa32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
101KB

MD5
738ded3eb2d13c467740ea960879948a

SHA1
1467fcec3cd16a78e033e8b5f58505da3d20574b

SHA256
94fa24c974d78829d0f825e77b1944aeaedaa5504b5a17bb8c5a15d93b90b65a

SHA512
1f81def552866764cca148cc1d769ef2b00823308ff3b8b5860bdcbcd5e134baab50ad50d6ea991d987bb91dd2960f81a63e973ddeb31df8e84e5e7858081f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

Filesize
102KB

MD5
0697abf674c764f44a4dc2da63bd70e3

SHA1
4776ab2dac73c912894f83e9bc605beadecd1ba7

SHA256
aa15a03b970b7d16667a8a0d9aea7d66e5329f89c927151fe3bc5d530a1c274e

SHA512
4cd1a5f6d0001ae45a50fbdc15c8ba7010fe28ccc2693b582af83f8a8e463e37005260355cd0b31119ccc4109c24d11c6fdc830baef3c4375962fc1fea8d1642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

Filesize
92KB

MD5
3408df96b3f97f39228f145ae94fcb2d

SHA1
32be69dda965429dc105d27d69d38e3064bbe574

SHA256
aedc854146d912f75600dbc028accfcac95cc2c2dbc3a49253eeddb81e1fc74b

SHA512
470298c226232e8dcfd5a81197490257297843ff30e98e9577ee45c478b913f1e03f063ec0c885b367ffb22edeab7c137a1c92c9fe3996d969f20de2c99f216d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
93da62f17b2a7fdb1985ebd53b6672d9

SHA1
b5f58c77c1a03629973c9f59ca2d2a5d19557dee

SHA256
0c3590bfb764bd99f470975910f9498dfbb7ac4e8c4614d0e56f0276b521eccc

SHA512
e8d89269212c1873552a49822ec82452e6bee6b7e2b4ef4e3a92771d210cf308b32d62e3217d051e95edde99aa447f9f261e02a7610bf2b61cdaed240a173512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fe7bbb1c50208957eaf995d8b6585611

SHA1
71a76f1949b5b173a05ca5ec8dbd0fb80ed4cda0

SHA256
b1bd98a2ca6edacf3f1e03c3cf1bea78f0a81b58557f4b9b444819453d5d7905

SHA512
dfe579ccf9a7c556bff1ce06a3cbc7edfed5954466f697ea5af734e0146d61fe1145207749e8519b62c1d89a1cb39a6942ff3bafe6dc5b39b89ae5fa8f0e438b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3b8aeaa1d4deae90b8aa00029c735d14

SHA1
9253518daab37ece4fb687b77ed7dfde87ecd9ea

SHA256
fd996cb02585b47c1860e8d15979091350e512d41df3e675b54607c433d1102f

SHA512
7fbf03c6eb0884d993e6ec4d30d1d96cb7a225e20fd6ebd667267ee3808e658b578b985307a1d05a161a19a2d129daa479ea28550d2c58af9ed21da52e993f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b9334ec56b51ae0c65f5afc56c2d347

SHA1
12025cae2376ea7b06361134a39747e7d46c29ee

SHA256
18e3b8934488c333cbf49876375833285c91090efddeddc0c5f98cd3f72e6dd1

SHA512
2b520d4556b41ce1f92dd6309d53c127940708e563d96f302cb1f3a57d8c422a11d2eafbdb7bdecd2af51fd35cd4c366cae1f7f3a4389de8dcf2a4d6161b4944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c8d7135a20a50e78eef9df6e30686176

SHA1
a0ae234f959d013fc59bea8cc146cad55b1dfd30

SHA256
077f73d5522394f499edd3de842446a260bf161d61ed54b061136101158ed2af

SHA512
224b91b8de13e570873c463359ceb17eafe875123a779f683d0dec2d61ed93ce8e5d33aab4cfdb5fb0950faaffbbbcb70cd8021a7edb1eae449fb7cbaf5626be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
867d296e909fc2a38f1261ae331439d3

SHA1
1ee82ab4f25989b8a345b45511670c51f06e7c5a

SHA256
c8bde92ce84ef75a2c77fca82646d5c408737f1e0e6d7af97685f51853e714f7

SHA512
4ee7e96994ee23e4fa606b1c2318fdb40d137b039213ce0ae7dd328d2a47ce3429afecf9492f2bb910e29f623d7a7e538aba4b49f2418c92091c83c358f0bda0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2146c8ca2afa7ef4263acfee93a2f819

SHA1
7813efe165d3d6d2ca951088f84d868b3d72a248

SHA256
7b564e804d1442ad30c3cc7732268dafeee4bc10982e6df971d7300ed96eecd5

SHA512
98608ea5cae0178b438b021d4449e5904eed86560270a28b35e3f5f9e1de77c23f7c7d55f92f457db3bea38b7a92212a40e5abb9599d0a4ed2b3393e62504a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d088750957aaf3eba522252a67d486e8

SHA1
391538ba28a646b49f7b9830617f1c40eb28f01a

SHA256
57d97aeb09c47df0f3a69af1037935002c278528d616439bc27778789dee5e54

SHA512
447f11ba39d91ae94ca66a78c0a149b71992e6e37d6de09b6605e891047f067a64d9e57bb81a21ad775d7a6110a0f24dc0c4e4e21621662ea3fa02e55dece4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
32ad987ea55e334f1cae612105c1d156

SHA1
6434144a19a6c22cdf5850c6a662da4dff8a883a

SHA256
fc683940f392427d24f670db747055d6971c4ab89527aeacdf253bcd05585a9a

SHA512
7b68ea0359166e261b0594c28b321094ffe7002f9b02a3cf3d9abbfd87ddb047c6a5dc39bd3af22fc59a7455fd27c01a7bea464950e610251e50f02e6ae345d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ae7cf43dff6333042cf2ed313a87542e

SHA1
2345637b7cf4affb72c026ff7b0f7b2c0f136879

SHA256
447e233e8fe7d39b2adc948a4a154c4f64991c72f8cbb953b736252af7277120

SHA512
89276c393f2d8538ad7fa5fd78e9e7a63c965c8156d4eaccc3e69452c46080c1e5e3b832a029d541fd2ef4346cf4eb899f35f5ef9312014f0ee2bae871d19723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584551.TMP

Filesize
48B

MD5
9e7289371f461539ad3883ca065457c0

SHA1
ef5e7355c158d0fd60f92d84f9b1610979774b34

SHA256
924ef7a0a653952ec77755520b00f9a791eacbde6b418a00d29e0845e3298b20

SHA512
38752fa794901107cf26664dcafc2422af70eee8484a89db1ddac585840c14fd00b2d40e12fed296e1527728bfbeeaeff242c481514ebaad6340dcc6f438eea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20f8dc2b11e19cf844027d88edc59a14

SHA1
01f77e389e2607e79f759e81e235c3d1b0ec6dd8

SHA256
6fedd80886f851e39d4e279a6ca9a73f3a23883728f05f1f1f12007138aca3d5

SHA512
2ef91508ab179e1a96cb8af145eaaf324f1641365b53a99b3bcb0a3c4a39eefc238e5010649d7222de667f576821558137231304a7191926ada49f3a1b99018e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a146bdc2d32d0640b56326617dca1d7e

SHA1
2a77bb5aa7ea575a78afb4047f940df963b10be9

SHA256
3f7f76caecf788e2dff6ab978c9467256490e2aaa7c621149bf5552335b7101d

SHA512
9fe03511dc1a10a6b38285ee931be83a4a002dce614bb673fabb3263c767f6c988e78299eb4e16681142ba837b32d020cc672d9fe420932d1b60a9583287d6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ef8fe0e21eb5573d08327312ee5f27e

SHA1
943de024570beb1a786d6b5cbb7ddada23b09cd8

SHA256
b8b2e2c7f532ed33e05d2e62bafedce8e4fd193fb7e8aee0e98a569bcfb72a2a

SHA512
bc40832847eef4b2df1bf6f82abd78ac42860f6aab7b30c605f4f560023ffa6348e15fc2ed1a1091dab230ef9c54fff95e8418375639e68191317e6e7414bc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b9e5.TMP

Filesize
537B

MD5
10332c1a9e9647512593eccf0eebf8ec

SHA1
bf63756b732e5affe65c3dbd9236a28d2ac243ad

SHA256
305e8e99e3ea30e89afa34253cc52404fd61d76e64f7f682aa1ab458bc982350

SHA512
534417683ee1475827cd7fc0ef16dea7e61d40ae6b43f5744c6593779c03b94e5b77f761fafa9bda3a508c573fd94482cd2d90ce590b0eb9aca07af6e5cdc2a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\da7939b9-cf76-4397-9b44-e358df1fc545.tmp

Filesize
3KB

MD5
e0a942dc72399b3d530ed2546f4aeb9b

SHA1
89e34350d8672f5c11bff4719c35f73a27508388

SHA256
4ed6a7cc073554fffae1836719fff7e122bd416be3ec91f3612da4ceaea50060

SHA512
edb89f1d222106f8b0c94996fea3b084748de5643f1785124881ed8f27f1e460e7be12226ff963b4065830a23357af1d567f0630a8cee17ed2aa9df580067919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9e1387d98436122777a86400e1ab5323

SHA1
a09df84f309f39ad3dd0d6c1bda846ab4a76b30a

SHA256
6fc5ebc3ba5d86a3e2d8c1d799bb027b01107e43932a885cd607ecf60d30acfb

SHA512
4ee99ce4525a56e2e367b1901e9a3e063238c10018286db9cd8efe2686bc7c73a6787288cc2bb20d1ca1e3d2957ae6212d7430673e9bd6225428147a63053326

Download Submit