hxxp://win10-20240611-uk

Analysis

max time kernel
1799s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://win10-20240611-uk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1705699165-553239100-4129523827-1000\{B42C3035-BE4D-43E5-A5E8-45DAC645D044}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
3508	msedge.exe
3508	msedge.exe
3340	identity_helper.exe
3340	identity_helper.exe
1036	msedge.exe
1036	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5740	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5740	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 4408	3508	msedge.exe	84
PID 3508 wrote to memory of 4408	3508	msedge.exe	84
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 3636	3508	msedge.exe	85
PID 3508 wrote to memory of 4580	3508	msedge.exe	86
PID 3508 wrote to memory of 4580	3508	msedge.exe	86
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87
PID 3508 wrote to memory of 3816	3508	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://win10-20240611-uk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0x100,0x104,0xb4,0x108,0x7ff9eb0b46f8,0x7ff9eb0b4708,0x7ff9eb0b4718
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,10230961059509724864,15701735890936430557,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6348 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5236

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x358 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\834ba3fc-f37c-465b-a103-a72e4f22db63.tmp

Filesize
11KB

MD5
7ce537d06e0e82234016b879e30929e6

SHA1
1dcd924c084fcf75812cec2ec17b92ff281a5832

SHA256
5acc9c4ba1bfae914757068aa19e326e90804c17151aac4cfa5656689a0ce8b7

SHA512
c79eb22d3edbdf069fdca40c5f4bb799507394f86437169e36a9655b10f95f729c0290edebc20bc3d77dcf04cf4da9b0d41befa3c98db48c83d2ed4a3e2d434b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bafce9e4c53a0cb85310891b6b21791b

SHA1
5d70027cc137a7cbb38f5801b15fd97b05e89ee2

SHA256
71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

SHA512
c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a499254d6b5d91f97eb7a86e5f8ca573

SHA1
03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

SHA256
fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

SHA512
d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5a146179d7be3d94bbbc3bf786ea8c36

SHA1
6d815af6e4456f58b4c311b64ee6f0883e576c15

SHA256
8bab590325dbc8c3ffd70a572afa78497725628db3b734ad71f6305a9bf92cf0

SHA512
6a33206919d2abd7307d54604ae313be4af93c09fb2d63f5d06dc189276333bccce9004a0ec4eb487badc732bbfaad9716995df196339c06fd5a43cdc1a15055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
697d5d1ed741370ddab88e5ce92bd815

SHA1
fb57f5772b7beae6ced3fd36e5798ebff1b61527

SHA256
cdef527ab3fed2a6e24a8642e3d3844d739feaa240fcc73e122973c27e94af61

SHA512
f411c88358abfff6c52d4503110fc9a1da484d36068a1c95e9eb0502cbda877cb992fd1e85256980d685d3613f74af753ad92c0ce28793f32c7d7d20ff37ed70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
6a94c66930e89e8efd08721de2ba3918

SHA1
34d0138b3bb7d00f09865ac40a9ef9bd01c69e2e

SHA256
0219b983d2d74668d4210fc95d9b4bd682167e1f01db8e14688cb046f17cf7d3

SHA512
282175574689b420761ada1526727e6b401e12dff32271eef5d0f31a9dee9ab95009b4a9c45ec9d6373358dd05378a9a8714537a909d2976250bc32633c276e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.twitch.tv_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0b83716d8547a379c8e19e8dc9e3629e

SHA1
1a1eb996ca2ddcfa1c5c37822e3368fc72480d8d

SHA256
96e315b9c35011e29e118d0556ab7db92d2724cdd05c36abaca79501b25d5f2e

SHA512
510f410e8e8cf6edc0c8f155a9efa0159abfc323c526deac76d0ed76aefb159eeaa9867b0857f5bcd3a372abe8c4043a4fc91b805d50853104a8ed57e0e257c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
472abf8cc09f6d08b1234ab473c96727

SHA1
45d242a23ba6ea31f2bd264c118f88c5b4db52c1

SHA256
17e21c641f5e3369988a64d638c2c7591bafdccf215bd94ab1168f3ac7fa971f

SHA512
9be78b83d4577457a19786c1d721c395c228e98cc6db6dd72be9a96539846ea6c7f055baa1915e5fb841145e13c130355a0c3b27c122d155f16d2655a2d785cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
73185c73fb5f5d956236a67eb1f51453

SHA1
8dc4a4dd086340e2b1b524e8df63f24615785fd4

SHA256
3eaffd2c6176ba9880d398be1a16067b965018d158d881b7d94fec81d01d94c2

SHA512
d475bf48f5f8fe62a90b2896e85039ce8f4423a60e1472b3e3293781db6ebce68b2b38d9342a823969784e342a006e54da5115654d007fc765dd093d6a540680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8c467916357ed7ac2689d7e2ad5bc23f

SHA1
ff5ea4251f2adbef63b240728e59e05d5ad2e14b

SHA256
3c921e956874d37391f076dac75802d6b56b097b103b5f6e95723c3e3e86dbc0

SHA512
30360348df7b638f66193e026c0420917af85f494ab1b860da55152a8f555b12a276558517fb24920193e38e55b9907266b4dec334c3843ae067563fb540b0b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98b247529a914dd576be647b1c31e713

SHA1
2700d96dce60dc83e8e042d0553e433d33bbc900

SHA256
8bbcb463072d406bb7c22865d3bdfb339665247e2053f363312a768e9e690858

SHA512
246e28fc48f900894df8d1bb37b4a8580552ec7b6de06e47b8525b434bd92e8efbc7e5dbeefb4a6be478e7a7a4506f0e1755b5f094eda6436b08634485626d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2fa72125db7424c0b558dd7363fdb34

SHA1
ffefc7a4f20bbb3a5d69e60170592b3b1b0a44f5

SHA256
93f69146841cfc42a998ed2a0fe787315850d5aa126bbdfeec58c832357fb4ea

SHA512
b311e736eec4e697b041dd69c2e549213a45fac5a82880ec68568790289bdc8180d6feac660c9155296977181862aa089341213eab440e9198227dec2294ee6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7cc43ed5dc2ca9649c525c887ce06f36

SHA1
c10a3bd7570ca7acdca4fd30198e4797d9f523ed

SHA256
fd069be4fb7160079a82a8ac05129c3828091dce8e045f4830d4ca6bde8e0e52

SHA512
0b5f5d6db261c42ce396b9b8afe4b3b2361b52a840f3dcad0f95652266dc8f1fc4786ffde1f143d35e2927193978a141f882892fde4ebc8694d9baa593f5e2a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582650.TMP

Filesize
48B

MD5
eb6f825c7f444f7b7c04fe09ff881f42

SHA1
f3d1f572e50aa9cb762939a89fc39fdd4c04c450

SHA256
ed464fdb571e5d5043459860332d04812270424e124a2b5cb3bb045aa3cf8d7e

SHA512
c90cb054e8d0a1786ce0cbdd4a45f308c5a178ef42cc65e18e210b5a33b567043ae060c6abcad8e02c2b01b8533b9a643cabcf8f6e1158466a8cb6f9d01c824d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c94c9e3ddc8196498a91779da921a516

SHA1
a404a86833db961b32d817c4208237d90d7ece3e

SHA256
c441f5e9bb248128cc4b3291410b9ad3e673173f0dc89bcfa184eb3fdb0d1e4f

SHA512
c4076e54c78f89e97defc3debc877eaf7e4635f722b7fd38da59dcb2959c2030e18cb67d9115557e0ad4190eb31d43386b4ccf8de55412020d3d7328f15a496d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2333f62ebf9a5330fea94b2855ffdd28

SHA1
0598af1345147f1156690c89da30439455dc682b

SHA256
52c9a674c949cc8c45a4e5a0108b8c3065e724808505160d34991505b776464b

SHA512
ab89210d6cba64fa630492788300007d2642cbaf963f68d123354bfa157cb04cb24460f8d531fe3e14939238d4c127d5c886642a9d4b230171e2184dbdd9a466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3a1161dad03bf5d56d56290ef2fad42d

SHA1
d78809ac2679003923b5c8f28e577125ad32c8b0

SHA256
3db169bb93166101ed6763c60f3ce6eb63460c6d545eb2c6fc4d48b6d7cba69d

SHA512
51f0b10718da3d70e1944d5d60d5ebae47ea0908dfca1e3843b642fe48be57ef09e9e3e1fe568cf959105a493c91b95bc5fd566f2149668ff3b1cde6fb3b2e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c7c983f96d72238c620f44e53da7d68

SHA1
3a260502631805f9e887413d9c8151b0ebefb01a

SHA256
ddd3401471be6d5382736d3ef6b0bc330612d2e557c0f0daf28414024227b211

SHA512
bf3e479a0120cc6102793119bfa0b45cf68ad781d1a88badfab7dd5cbe47ff9850c509061d69f8e1f47318ae7e47d31e2c941dc383cee606812fec47a55ef5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5814ac.TMP

Filesize
1KB

MD5
34ccbbd063d43b5f404c02a95d06a4ad

SHA1
d46afe5638c116bb093923afee7f24a789fb3ae8

SHA256
8c71321e5e9baaff8e6f24d3912f48c3031c6c7edfdef134ea463d29e65a5bf3

SHA512
cb1d2d37f8b1eeebcdc710bb82c2388bfb3e600aa6a2dac0a6529a50e5a0074c792ac58553342fdf2efbfb64b22e1bd2665e8e478b15bd612e0233d6a5a4ab67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit