hxxps://mxm[.]mxmfb[.]com/rsps/m/XmUWdIMwdI5gDUvz4W5k3soguXKG2kDYHhwBGhQArSc

Analysis

max time kernel
75s
max time network
79s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mxm.mxmfb.com/rsps/m/XmUWdIMwdI5gDUvz4W5k3soguXKG2kDYHhwBGhQArSc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1064	msedge.exe
1064	msedge.exe
548	msedge.exe
548	msedge.exe
404	identity_helper.exe
404	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 4416	548	msedge.exe	84
PID 548 wrote to memory of 4416	548	msedge.exe	84
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 4948	548	msedge.exe	85
PID 548 wrote to memory of 1064	548	msedge.exe	86
PID 548 wrote to memory of 1064	548	msedge.exe	86
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87
PID 548 wrote to memory of 4712	548	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mxm.mxmfb.com/rsps/m/XmUWdIMwdI5gDUvz4W5k3soguXKG2kDYHhwBGhQArSc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92c3746f8,0x7ff92c374708,0x7ff92c374718
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12161246932358907786,7765568519203891088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1
  2⤵
  PID:4292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
34KB

MD5
5e76ca995645a2b531db6fc3f11c97f7

SHA1
775822d9aa57536ada71d3922cdc69789373b3d0

SHA256
f223165da6014b7c0edcf73c32d84932855a0b437abf0f7ccb92baf47c9c0583

SHA512
cbc2a52252735d097d007517ddc7182ab6a2b1d25ad3fae7c378753c431e33b341b503356b4d9313f88f0ad7939eb16c377b99bf6c8d7bb1022de91c41950938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
24KB

MD5
49db085e7cc07f6b2a90dcd82d714a08

SHA1
bafac4e42ea0f7f0880f66166bcd485b061e1dbb

SHA256
790956db2931a7ceca28884b50047688274d0d1690fc5271da61e2be746bdc95

SHA512
1807a8d627474fa2e176596a2d5235fc194d2f956fb7cde5db3dfdbe8ec3ae0c6db0dd23fa1c57e07cba454f29dbf0aacc1bf01c7146014b8330fc6ef2b202e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
22KB

MD5
b5e45b975ec458e5cf46d046b972b608

SHA1
0b40206ed006cb6063905d3eb31f8e2bbdc41bce

SHA256
1d26efd5e0ee7d80a42c1dd56cfe7fb83a48c620979b934a9be9f549833be2b2

SHA512
b07dc398b0fe3f975be6d28c7728ebd53457f0dab95f3de79ba19bf7f4f7ca88c1db9ab38a89ea801ec459fc6f5e4594b632154070a3bccd9624b01179e8a8fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
44KB

MD5
2e17d3ad284a3d40d8e9d9d25349a33f

SHA1
0dd4652042fa7494612e78f055b139cc3d51f38e

SHA256
8bbfe1ca51b633db04bf4a5ac702e18468a16c71551e696a35403a2f94fc8cd2

SHA512
4d8744107a6d6224236fc57ef656afdbc8b2c6a5ca80e5e4ed8586f1ba17faa37e32e67f1ce297e7f00f4557724720842949f54a4203c8116bbd2363c303eaca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
69KB

MD5
39139acaf8eca0580cbe9b75447f8815

SHA1
8293dd0615c01e74d6325eaee18cd4db73be8df2

SHA256
fb19e664d1f02cf2ef8654ea18ff5c24ded5ac3b0ed77e7e460ef5ebc200d35b

SHA512
2eb5d8ebc321424c1897876114326fdf96d856d0f64b6bfe9ace7496550df333c18a5fb9bb3cad1dd4270059d2ff7afac1238674ea2e8b4259a67bb99b027917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
89KB

MD5
8dea37ddd2b1bc5518224eb808fa2af0

SHA1
59be9705203f4549cb8c2f87938dc6f6c949b483

SHA256
7649cb72dde6b839b6ed1ae91e97eb16c1c43b148a07575f73d49e2899fce735

SHA512
be853ac8a02c0dd2ba83e7634a5c77c6e830b3ffdfb48ca260d4cb8f73b9e28986140e181cc034ffa60a21f60ee0100174dff4a1d3dadb9200fb8e8bd3f2b270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
32KB

MD5
d2b37a3e9da6d0e280425d15dc9e55ba

SHA1
f772d4f94f8b66a65f8c4d1710a5f15f23e740c4

SHA256
c76187a6d238e03181ab92f6189221a0c6fb15b689e23ceb16a58844e1e38b02

SHA512
6b5b52a69b294e94d3ce72f6222eeacc10b80ae07db04b2e64711527d7d023cd3e164948ae6807da43bb88fc310b3c7a54e32773a0d19f53d047b2c000b5b395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
24KB

MD5
d89398fb40b70a1e818966ca529e641e

SHA1
4d85fbd63b09521bad3185083629cf8e5d12821b

SHA256
4b4da013649a95bffc9ca7826d0ef6606620dd8afbe159a8cdeedac73ca67bfa

SHA512
4ed886406aaefd6849c2c842819530f82f04888eb7b899523a137f5289ce9b02f0729548ec823ffd9ded492871047db96e7d7f810f597c739f1a3bf0c0f6d24c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
102KB

MD5
89fc167c773c6cb4fb778b129d366750

SHA1
8844deec06c7e388b578626d0e4c37b72b437034

SHA256
41dd456494a7e2b08ea29b611c178c8cbfb54ff54b8c6298c09638bb1d2db5ba

SHA512
9dee6e42baa07deee70b43160e1eb0c9c34971611e282e96aabdda74a1d0f32132771bef52f000dc7fb076f64a26fb3df9ee86ba25a4a5d155395248bc5601ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
103KB

MD5
2e7ca4a951f72fdfd364f750a1851350

SHA1
857a1ca901d580b9731dd40cb58b51cf43451f41

SHA256
6b8add1a3c295cfeb208eead4744a9aba618b1613038d151f83da9c04937b741

SHA512
67c0d2b18487ecd045a2d34a3f5b2b9fd41d3859ec2642ff66faefc4d34648bd8e83963b4a7ecf495d3444d1bb7b98e3cb85d50872e6f3e90e29fbd82d25bfe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
22KB

MD5
1d8ba024621a64dd0797cee3766a889f

SHA1
5c0e78ace2222d35d186fdd63ecdb42d98cba2e7

SHA256
96299c2fbfa869ae64c72bc48026d04a99970722b8618b1c329a27cac28b6695

SHA512
974b1d06efcc411e1bc3f22d4b1fc96fdd38109f4ea5dce20472a408d32b021d169843c5a98464977cd8012fd754b7d05f177d8b49d6b3335dab14b3bd59cc56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
19KB

MD5
3f96e2ccb10201e6f5086c8df4460a61

SHA1
15cc6f0d5e059d6e16273b2e3fcb4fcde6ed95dc

SHA256
243cb683ec625c8a47f126134f622396d04da99dd725f9ab2f226add8146f520

SHA512
831249ea5101ebd3a8e78764f7d2c9abf249f8f76600da6db24eb3bb6a7e0864df9756136fc0cafd6846d69c6f508dc1fe22641872b525be3c3c645bb62bfce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
23KB

MD5
ce56c142aea25e4647b437ab1ff9182e

SHA1
bd226bb2d8b1724971887cbd64cb4cf1e2a6ea86

SHA256
d48022c27fea7af115293a0560adb7705e6ee412ba6873f437c32fdefb02410c

SHA512
b27ca4d0e463083977424526a9d28391532e0a8f2b2f0db1e04662ab08cf57f69d410db90483b13e5d8cc5e9195fcc0421892a1e4322c282e0a08c498c3215c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
55KB

MD5
360e3fd29b5d2d1eec4e421286b69299

SHA1
0c1f47cdb62b7097b9e111d0fdd0d8177bdbdcc1

SHA256
ec404df027f3b43b341e5a234b1071127202c228f16b073e642c487bfba19b5c

SHA512
44fe300246379e0d49340c4527d41269da13b29207fa546f39913e3e364f7fa488a76e85171b278be722aecb5e1a746ce10b5edd73e4c2a52028e5951ee7c957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
47KB

MD5
83a4a8a77cd42bf3a43367571968ebc8

SHA1
2e045314cb3464a59e575100fe771090d878f4d6

SHA256
d4492939bedd374084a9d3473843c3b59cebec39113a01fa05f00f90105afd74

SHA512
8e25026f25212518c726d09be2b8a41c4bce28c4188168ad2f3250c5c3e80ad734a1e002cd85e2007a50f324391f5d398522c4f1faf266f9829afea2771e8cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
32KB

MD5
b9400658387efb96b4f53ef18bafd18e

SHA1
03e9ddc38a17e4da4a4ec04d869cdadffaf81860

SHA256
029ec346019b538d20e2b2420c384b3a6c91a31f8e9c3ce386f7b111675a2e44

SHA512
1f094defa20a97eaaf696d7c9138bca987da80875901d25ae05994618b624e1df5a4a8dceb9331f122ace807187452d3d050bc4045049425f681000c100a2c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
efad8ef9cae5e85c244bd063eefaaf2c

SHA1
616e6bf0c974e75abdb74c19990f54d3982992f7

SHA256
c63a3a8a2cd981ac8e999047dc84d8cb40d474632025d6ebfc9c55202782f482

SHA512
0626a6fd79e7f820e1b8308999e957a7417ff8e55cffa27adf1d8bdc5e8bd180c059a6bca658d5bdc4fc0144e4b91ad1e57e33250a8eedaf45ccbc1b4a6e9732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d90c5e28214288daff3af2f82a1c03eb

SHA1
2e069296daef8f550444844d0ef079d357059476

SHA256
0e694d5c3287bd9b03276f52c5df9a419e0aa1dcbf84363c211627386b92900c

SHA512
91501d63cb334ede6959b741c371e7d272eb31661fdbab179bdb8b9e45f159b1b4436200b1fa76af47b0a3a4503cf8a791c52b7618e7107c429ad41f148bbed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5ed07e2b59e8bdee484cdaf36cbca341

SHA1
da6b6b9a35d54242cef697f9f6e152c06280e8c7

SHA256
15f0e7ff0f7eca24355928ea7c9a72b5f8812bf2488adf5452b41cd26cb6f5a3

SHA512
df70ae3ab5c3f8e3f05d9936803aa257705fbce024d33c4ae92eb161afc97c7bb614f98c8283e9d2388dc28b090436ff02c6281812abd6daa74cbadceaaae374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6853fe596a9c3407d94e924ac4714419

SHA1
1fc499fd2e4b434cf7a4ab1c9b6d1cf23419b415

SHA256
03e5ac8e484770e1904ef104e61287941414e6c5845f14eb55c174552fd12e3b

SHA512
8c4567da08c6701feef40761363a4083b23b2c1e199587275e331bf66ae4945a96ef4dfe582e204a1f7c44ef7faa98229cb734a99d01e8d99d6ea5b997d4d393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b7745e04ee6e9aef9f2d07fcd9114507

SHA1
1cdbf01cb9f626aeee943b5a56f024002d0a6c3f

SHA256
e5ceb3a3be8aa590bf312b5668dc1f7cb14c82334c221bdfb1f770e27fcb084c

SHA512
0ac97940d0c37a52d89165a5b032fa6717681bcdc39d1e0314aa717db63312e35f6aba12ffdf9c7c6a6bce1e607de93f284ad0b0b23a1e5616754cdcd7520abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53d6ea279a6dfe2b70e413a25e0ca094

SHA1
d41a853219fd874563d0a566a33070727879f01b

SHA256
ab275a071f29642808884e34edf2b70c3d2a131ec20942a543b110252682af06

SHA512
325afe92ecc8d596dab98cdf82978d54dbe9588e7f528353546a807e23810047ecc65856fd32babc7c1ae81c3188d65745c075d117e3293e2c814ca178a68cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
85504753d1045561fdc840075d202b30

SHA1
4a3fcff5e4af4805d04c8430f90912063b43c0cf

SHA256
72e4326f6f7b29a95b5caec705fc9225b05ae2f626da91087a6fbbd46ce8fd8b

SHA512
b4d23c31297fb30fc31ce3b9c6568a65fa8984edca1133eb73db0d2b41bdf21ac75179f3c2fdf4e83abb1f97cdbf95f09207990e7a76ba978ba82e22a1285567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e49ba1f21786132647bcd97d8c105e9a

SHA1
c3facbdc94d732c70566b8523339544eb7f571cb

SHA256
e02891402d1a143d3d06c4804471163f4d57378e4a6b43b0e557bdaf31d32227

SHA512
9c9e6d7108da4a006382dd115a36c7ec5faa89b486173408284356801e1c96024d4b6a08d886b44c036303a23d1660b94a18de937e593069bc58ec38914b9ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a85b865c938649c6d1e5bf6f5731e7dd

SHA1
d06f3e95e467c7a1872f872a659d53b2d045d41b

SHA256
1406455312f6b85a27e36cb4d69f62e093f1871e5be9ca07cabf4add10ce066a

SHA512
5be94a0e83ccb2b3e954229cd5de84cca555cb63489e43b5a537fc4385b0827b1a90b0b31a9f6d49bfc922e36514d01e4afbfe14d6d54bb9865e6babbe8d6f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585530.TMP

Filesize
871B

MD5
cff9eafe5592f7ce77bda70a2a269271

SHA1
f86e0fe59a56c1504dbade24cd0a18004bbe98ce

SHA256
b1ca894fa976234278461666d33b027a6aaf3a3d98e1cca2c19cd6370c8214ff

SHA512
975a9ca6f5b7f8d10a23b16a3411d7b526596f2ea3fc17e57e1075140745595da66379c80d8c97a9bfdc8c89c181d0b7182ca4b6909031ed9f1cca97258f0f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cf0cbb92da5f072577375b95debafe4f

SHA1
7193668c861235deb9040d6c7f9037cb0cfb3481

SHA256
289f66204fcd46ad2a089dc496d899a46bc1507cc76959fdc0509d4fa35886cc

SHA512
a167063611734958d01a9ff035ac746e5f850c9712fdb2c395f350b4007924ef43a8141c21b475f1c75d602c2ba12355e84637e470114cbc5d77537842fbaff5

Download Submit