hxxps://www[.]maketecheasier[.]com/ultimate-ublock-origin-superusers-guide/

Analysis

max time kernel
240s
max time network
244s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 09:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.maketecheasier.com/ultimate-ublock-origin-superusers-guide/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
2952	msedge.exe
2952	msedge.exe
1980	identity_helper.exe
1980	identity_helper.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2608	2952	msedge.exe	84
PID 2952 wrote to memory of 2608	2952	msedge.exe	84
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 4368	2952	msedge.exe	85
PID 2952 wrote to memory of 3676	2952	msedge.exe	86
PID 2952 wrote to memory of 3676	2952	msedge.exe	86
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87
PID 2952 wrote to memory of 2440	2952	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.maketecheasier.com/ultimate-ublock-origin-superusers-guide/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffb692746f8,0x7ffb69274708,0x7ffb69274718
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10526100777115713281,14949703285868435128,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4cc 0x338
1⤵
PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\30831b20de619fd9_0

Filesize
158KB

MD5
7ebcdf8be5d1948a718a137fd0876169

SHA1
338f75ad3c71100a5db10b0528825e75d0fc7768

SHA256
d6b12e0504490f30f0bc3d21e6ffbc78c4ce0d0e8916c1cebffc6f97448ab5d8

SHA512
b68a39ec883c5e1eaae56c7e85ce1816949786d6875ff218259a45556fc39e8aff5e9cfd57c3e7181cdc4002cd81469531d39b868e7589b23f538b5b4aa7513f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6cd6762b456296e0_0

Filesize
273B

MD5
b9adcab3e62210278b1390f4c6ad4a82

SHA1
e757df779a9484d24d97e454dfc6139606f05a0d

SHA256
d858fb78b1e8276db4fb327f273b38d79c0729b346bed5a50489d0db16175143

SHA512
dd822d9cca1da6e6afa38b3a76b1a9c2d2b3510605ccf61d0238f19d87e9139b1cf6e71141e159d319204bf610472379c5e8019b2ad8ff4379e3b78fcc5360fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e0a88cd3dccee16_0

Filesize
283B

MD5
a4289818de1460bbb7adfb1303cf3ea0

SHA1
c09bd8e9a5ac8634e069a305ff2484f6b7ea5e4f

SHA256
35baddaa30fbacba9515f4f9dcf687a1a0db7c4525ad3820ea21e8c15773a2bb

SHA512
fb1e016a9aea138f8609355daa653fe889d95d7178d0f9012916944450356754e7c57da705fa85c4446aa3a81094196dda8737a084bc6d855960cc1b769bd819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b0ed2d4d38cf7fb1_0

Filesize
14KB

MD5
8abe319f3453597e5bb119c43d6e4455

SHA1
f795ebf57f9793ef2f0677992f572a2d07735cdf

SHA256
1ef15bf9d482c462294815a4478b8d6091fa446235c179433a18f4539fe6b6ef

SHA512
3f98a6e3bc331cb44f054b17fa2c6b08b1f62da3121a9f5503c6f61b94a656e563e498bd65df66576107f64fbaa9353ad1563bc7d67c751f1d3706825deb8110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c374c00e3e92b96d_0

Filesize
23KB

MD5
8d8716b903dc7c773262ca2abc97800f

SHA1
9056006baa1584f1be06ff7167cda8e62ef277f4

SHA256
2a0b599ddcf78082049dac406454c662f956506ba82b017fac4a9137c54069dc

SHA512
a670f36297bff389816eb9c91c95df4342f6f7f748f6df13dc171b233a16b1c1aa664460851d357aaf33cc0389aff0bd7f03a64c565fbf31c2798768a6225a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d02cd44040ed6c4f_0

Filesize
54KB

MD5
353721e2a177cbea274189baadfdab7a

SHA1
70c826b0064064785a0dbc246fec3eb73ce96b70

SHA256
f40005b7b474a6ccfad86ccdd65735390d54c14e540811ba3380a86054c522a8

SHA512
60a2016827dbc4787abf38c22703b353ebfc41851cd7b36ad4752c372b7f85878e5d30169c9f8963f3d7468edee452ede421ffdbe53a441691211d955631c2cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f38aa5e7c9b89d1b_0

Filesize
333KB

MD5
064db8f5279dbacc4a32d980914c00e4

SHA1
b9fac2290aa5eda8a89055e25c37da7449cfede2

SHA256
e560579f92537faf5d389366a026a3747f6ba8a6b40f56e41ea5b2caf3990fa7

SHA512
805870d8480318e8d9e8ecd000f0300ee538506f48816907419ce5e5180c95f615921d09a2314f2a55866c159c1259c0161744246b9660f044e796e08f9457c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
89d8e54dbe4a0f4577023f230b61dfdf

SHA1
fe10ea309eb37f3b70ff1a8344a9ac209248711e

SHA256
7bd72c9d0b9940205fab1efa16dfbc37651a6ad784fc0db3d97a861143121ad6

SHA512
645d0c4cb283c28559c36ef71117ea4da1cfd7229d326fa6db3dc5b87382bf70a355ff3d64da373b2eac039e3770cebff695ac657d8bdb19df3e60de1e76eafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fd362d6300ba3720e93cb60c170682ae

SHA1
912a47b26531e6d8bbb0a674490e4a3bcdd0ecbc

SHA256
e02fdc6093f8cf91b848e327960288b0c87ec6c497cbd87c95e1353dc3af8912

SHA512
331387ac3a242acffd38dbb3571376e9a8576dadb9a4b12d137f4be87fa5427e2a6ab7b44402c096b2f62c75a286c399fbf0914a8b4175824df913c2a8c01918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cf1b3aee5c5833efc46db679bedfa976

SHA1
f1654cb8f6cb72e3d04b22018f1061b36345e410

SHA256
269640d68871d003aa832b58d1bafd6a1e67a05b0b6e9de8a657c4cd392c941f

SHA512
de84bec618498b5cacfe782a0f3ba6cc1baf298949a0b14ee9be7b8826e7a75b73b887e4b4a1a118918ac907f3e9b77ca9c5f8e077acfc93e4ff934d0cddf1ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
05167a823faefc72ba3e295940e43a4a

SHA1
785f3289a540229739e7c4d5e829d99e1f5951ba

SHA256
9562d96568d70cc8209aeb8adeb0fb95dce6965150cab1c8e92ae59edf01e307

SHA512
d3aaae11bd18a1a6249c7041e1166f09b66db49df27c5ba7539422ade8b3f851c48682d30487ce018401a2c6f04692d22ea4c3c933a92a7d4a93d75feb2b8b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
96ad16dbde120c4495f50526bd67361c

SHA1
1c60155416612e1e1eef6ffe6d73528fe1c52a3f

SHA256
4dd99aade940cd21373c139da01e2a97df29087ae6fb5bfc2f3a82a710715040

SHA512
c5a6b180632bc074cc0a18505f1ad8c23ced9378fa3fb2ca1407fd6ede6ded865d15dbbd16574ae3620f0f128fadd0349cede554be441b020069e5efe5528219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
f087722f41cf3cd2ddabbd363ff76aa9

SHA1
1132a02f3124b5d4ac7d77be1de8eb7877516b06

SHA256
e78fc037c3a80e7e37516d3abf006210a01b2a60e234858f655b08b2af473a92

SHA512
30809766a3826bcf751ee049e4ccd2e6fb9c7446e6f0c6b3cbcc2987e6eee5a44c348958cc14a2c423184b7d8ca7632f44431bc2df736349296ee0ece435b983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2b4577c21ea09776b7a8d09fe433b466

SHA1
43d82411bc0a4dccdc4fd46fde272ee7957353e0

SHA256
abf056958fa41c9952e642329909e91fd27fa0e94953f023f5ac7b01ec2a2be3

SHA512
d2b435dc9fab128ecba6025611926d4553fc1261720e970e33ce222773a9eb4760ed84187ba1fe2e4eaeccafd1f3b27a4e55568d5d36726b1af736fdca4a5d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
665ca72c5f6375c01a7653f2d4ced6a7

SHA1
fa0b894e9ea8f534e36566409d9186e6517f5b01

SHA256
32554000a2cbfce73f52d0f8967da53ce4ae7f2ec7a1b7ea4f869f925a223647

SHA512
6c4dea62a3597ccf84b99b7a0140390d5a739084bd206421aee160de2b27a108dd5a8e8e9438bb353745a49c1195e2e6d47c7ae956f240b1679d96fe39e0c100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
04efb30dfe0437e7ac0228c88f551ba3

SHA1
20ecfc4fe741c653ccfb6cbdbcbcd294199bd941

SHA256
ad1efdaa6599068f42d4d5fad908f15b74c4227faa3fc66146fd4b4f56c5aa34

SHA512
7a582bc793f38c09ad5a5c4317e3512fa6ab8ddf9f4982cfd034a461c266536f3cf831bbf592f157e5596b9ee260c39ec81ec085f91bf0fbd398c868fbcd5074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b48a40200d6f0bdefe44c3bc244b571b429352cc\aa0efe93-ef2b-4b69-9875-2ed9bf6c4d22\index-dir\the-real-index

Filesize
120B

MD5
715f8c0c3ab3c29856774fe8afb0dc59

SHA1
a4dc99097de7fafe3c832de4c6defd091f0f3028

SHA256
7c5e96fc3a6cee9f00c2e9242bbcb5f8e0de72118a809855104cecf186163ef5

SHA512
62a54e5405eeb20b7940ee06c1bd5a11f529f202e91274f17bf0ebed463260858231b7436cc4b19e469e92462ec0e6808f600b7f02b0d495dbd7717e4f77fb8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b48a40200d6f0bdefe44c3bc244b571b429352cc\aa0efe93-ef2b-4b69-9875-2ed9bf6c4d22\index-dir\the-real-index~RFe58054a.TMP

Filesize
48B

MD5
ab8415dc343e0cd4448ceb8ff922cfcb

SHA1
09bc2e81b7a98ab0cb0c99d66fc65f314de02bf2

SHA256
70e3cf376704c77040f254ded45a166e1c487d2d30962b6a51c7902f1d4f1070

SHA512
27a915f29329e92c677d2d00449cfd8e5f2eea2dea3fb131eac3448b97743694efc45c267d6b7f121598dc23b47210b1566360372ba6c83957ce8a67f07c4ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b48a40200d6f0bdefe44c3bc244b571b429352cc\index.txt

Filesize
104B

MD5
2db27c1372852fc701e923009baaf612

SHA1
f1f35cf705bf5a368baabc0637ae3b35a675000a

SHA256
70aac85641499425b5c65a8d1e6e9548b64bf54e138b9a87ba88445ae121b28d

SHA512
cb8b467a3b50d2ac309c5d3dcb5dbcd408f4b1559b18377175ed669c654612658e088c2da4e00a327dcbb21386ccea4d4da02873d0ed9b7c084fd101b1047145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b48a40200d6f0bdefe44c3bc244b571b429352cc\index.txt

Filesize
99B

MD5
b2c090ad15ee5d1cb75c072a586b0971

SHA1
58441adecb84ba5f5332c5d4c89e8710744193ed

SHA256
e27331940fca80e190b61caa1281d93079827b472741f9991b9394933e967081

SHA512
4292255cc12a545aaa107400bf5eefb278200036bdc94744d7ae11fbc1e5382e877440df35613497d2c8daf6c12d97ec02b5f659ff694126e199d966edb87102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d7445490f5eb77e56441d86b2f14bb56

SHA1
086e689c78d84e81d6b7b932049cbcee094ac6e6

SHA256
770e27cf2f3a6c0505eb23222b169d7b26c33b6540979859c2e953b76e470528

SHA512
eb9f46ca8daed1bc6d02936abf8580361a6b52aa019f3fcfd9c44b50afeda9f83020230306dfa6f5a81d45849450d96d8355342f51d994f154f054c4a181c700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ccaad6ce00ececacdc15e2201097cac4

SHA1
92b0b782e0cd90e688baf95b0de42abbe9f51d1b

SHA256
603b89c96a3d45fa7343931972770ff61fe048bc439c606c370529374afdf85c

SHA512
5964093a62916a28ae2a7c54221e3ee26d782dd0c5c59b9dcd8516d832e23fa59986313b8422093a652daf436b4fce52668b3ea9f75523d6c3e4d61fb9a611f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c9f5f44ef687c5fa57001ce909c1aaee

SHA1
0b74660cb4ce0434bedbf4ba2d8cfb3a60ee9205

SHA256
d2474b191b0054e380fb26d5c17d428d01a21a9a2844aca9989f156249bfabe6

SHA512
130152dadd3cee9f1516cb9f4f8ddaea4d5680cd92dcf5dd1172a47b2f9969b48873c9bac256c953fc31224e9550c7f3e6426ebe56454c1027aa27157861d93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e869bbbc05a4c5e4a71491f72fd2c64

SHA1
d2d6a10b8f002081e6e435fee416e200df374da9

SHA256
eb4478aa5d4cc6f38cc7b0e2d3cb48e9eb4c5e7f26cac6bc0ae1de6d1fbe9c3d

SHA512
1616a93936eb845e6835addb8653f8221f34cb58e3a28b087890d0820f5e82f990eb6115c958634cb9dd0e60b048fd87f834239186b29c6b103b1cf62613fbc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
524c2711d7af44e8f3f503f1370e85a5

SHA1
dd4abacd28f22dd1faa17960e3a14ff93e47640f

SHA256
38a302b084bddd7c90fc64688bb2c5b5295dcf1a009e3d964db0a476e4a5ff20

SHA512
5bbdb16517ecce56d274365062d46c9e819a63888d758aa246a603990c8043d90ed395fc67a0c5c381485552a7534f06e6109a4413402a5624d2923f35185407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ed81806ceae6ac1e2876cf213d05538

SHA1
08f408233753e32c1b880760a37550ee0dc29c91

SHA256
a1141103e1a8c8fd92882a7b82d876c25b6b8a3cef6861b473449c1539ee54c6

SHA512
f25b3f5eee74b2fa1082cb32333adbb8b3d956004e3f486e76064501857dd44948b3d9dffb962862e90394c0cc8c07743a9c3ec62494fbd67171b2f3a8cbaae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
58cf614d446a2fa77afc492a87601507

SHA1
28e6dd31222579f221f081f9c2fce78d25e4a1a4

SHA256
619012c89fcbcff6ba63f4dec8337b506ce443908f644d88b07adad8ae63c7b1

SHA512
d949afd382b76cbd5ada2d9d46f34880db741f7a0a081b90cfc5b14d7106a074812f3e80ec8b9c06ad4c36b4a43a3b300e650ebc44b5971ab9bb94ff0cb2e374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1452e3bd0ca689e71df1c214e1d06f02

SHA1
a67882a6bc6c04cc5e7159bac31325aed83051fa

SHA256
a5b0182bcffda09005163110751933ead8a15d752a990c3705429847481f201f

SHA512
a3ca48fcff20ccd1be5b4c51d3e5ac63fdb8f5c335bbbf91894d264d3502077c52d55d6161342612fb1c9fcde6e80b64a65f5295d7092b9631b0273aa5970d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7ab941048c863bb05b1994300b1b775e

SHA1
d756b29ec24c237547129c8074240735f6321561

SHA256
816cca91e27e1eaae7303968bca7b8f655073b807d20db4889f0fa51528dae5d

SHA512
2047b7ad8fdf427210ba221212254832a531daa261618c691e719c5992af30f03f5ce0189abdaff9e607a6fc2a938fee9326d4eeea4e3fceb14fe91654e343a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
66c0815d77d9c393902b247c26845acd

SHA1
2910cf437eada58702d98e9beffdb02febbe6390

SHA256
142adc07c0a40a25421d904094f0e870bd8de716683adf75f2bf8747c68f99a7

SHA512
1e05ebff085d2bca46c9471d63103f1faffb6fb7010d1732e7828d504c497d09eef39f25cac1f4d6567404ab5a5d0e816ce732d05bb6576b26f8d79b8526089d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
27daf96895a5e990e902d56d20f3c889

SHA1
15338548fc348736d0af897e679e07fcabc05c5d

SHA256
d877f443ebc7e3e29a9b55fe5f61d3ea37a5800e5198f70c8b286fc60b138014

SHA512
2af3737c6f7395e17f95b1ee50045f2175b927992c98d74a00e9c7b8c24e53913b5b461b382e7e0f63a88fb3f7a8426201504cfd258d756b6d73eff851e20fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cc590877932cae0cc0d20ec131287bb8

SHA1
ad4eba374ac5ba88578d5e64ab14e314a2ebd817

SHA256
bcbbeaaf9639942948aa0882947dd003e7bd00a7497da12eaade0db148a56964

SHA512
a06e23916af03d1791f0e9550aaa3cee276857a2fd3009dc56d224c742eb55bc949324e0aea1f879a9e4243c29e7da7f9dd983f73b2e0f67cd97b9ad48036644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
340b8a74de230df25b333cca794f4941

SHA1
791023191beb8bc73beb08afb2a21a9d04031d5c

SHA256
37874787eb151f758ffc7971824dca9c22315737e3a83c67980e73ed05e1d246

SHA512
5cb51221e6236874b36a09ec80361034b809b098dccb1962c9947299c68b630c8de2630864a2a5c22d8fdfe88a3bbbb9db5f410fbdbfccb16323d11c1ca75b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
206ba0202214022aeb046a82902502eb

SHA1
37a612cb74f8ca0a6d789041d571f8de7b96fce7

SHA256
16f3eff8d2c0ef5017c317f9c398783204ec85857d67835522bc05a30446fee8

SHA512
436380898c126d728e1f7a65d046429c4df546fa34e387d3dcab20e3d1bd396160162926ec8d924c26cc2ca87c86ca7b612f32bdbd937df22a2dfb42aa7d6dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de89.TMP

Filesize
1KB

MD5
247d9e6521838fc368155a9d802126a9

SHA1
3ed76bcf63ae21fad51005d83b9d369ae5c25511

SHA256
0a8b4958eeec4d8d8fe6e309c25fffd740ce96e828cd99826d4971e82ba8466f

SHA512
b7feec18a3319a05f361385f05d050e65524d0834b18ca1dac8bf0a59b30f44a4bce6cf9cf821db9517a557e5938f9c4d59c49003f589ac9d6647cd1b78bac15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6d18b2b05fe1b138a46c8b74ba7cfcd7

SHA1
fb98ac3298a8b1dd376e31079bee6a7f1153a099

SHA256
cc0384fb78f3e7388171429c6293c283b0ef861bd1d23591dbe7b02ec54675c0

SHA512
ddbefee69e9b7bc1c92f98e779efcc89b0ab1ea30e2c01ff1918639dc78b54387745de2432827fc3ac2aa3e8a0e94cf3a974a36e94c6b642a4ed903b434585ce

Download Submit