hxxp://gunsongs[.]com

Analysis

max time kernel
106s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 21:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://gunsongs.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1750093773-264148664-1320403265-1000\{C3AB2DE7-3F77-4F07-8C51-5B3240117C1C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1372	msedge.exe
1372	msedge.exe
928	msedge.exe
928	msedge.exe
1880	identity_helper.exe
1880	identity_helper.exe
3028	msedge.exe
3028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 3068	928	msedge.exe	84
PID 928 wrote to memory of 3068	928	msedge.exe	84
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 2600	928	msedge.exe	86
PID 928 wrote to memory of 1372	928	msedge.exe	87
PID 928 wrote to memory of 1372	928	msedge.exe	87
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88
PID 928 wrote to memory of 3200	928	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://gunsongs.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd29cf46f8,0x7ffd29cf4708,0x7ffd29cf4718
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1400 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9469917628858929522,7822350900961368509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
  2⤵
  PID:5944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x310
1⤵
PID:3104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
7641a80b3ca2bec272955ead35145995

SHA1
8e3d61381786090bb85e45d156938bbabb17aa0f

SHA256
8b712d8018f2c97283d0264ace2a982a627e050d0b428597a6d31abf78db7d79

SHA512
c96df8fb697d229be04d06569c2dd0212b2bca6d1e4656000433175969afd0bd05e667a61328ee47b1fc4f359a2aaaa9c31c930e8ce52f1f8f958aee25e9f0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
d20f500f9e4e8bc3fbf885d3e9036b32

SHA1
8eff61e7789c5bb7564be8cc3225ff10393a30b1

SHA256
088c9b305f64ae73af52bec73101e6bb1914b8e0931cd1d3aee8944a3abd18bf

SHA512
4d85a1aa21fb92d51bfd01a104c847f79e4c14d4f2202b6c14e6275f05ca699ecdbe56bdb7c556f8a651832440201bda80a7f1e3c11778fb22c201c9aa032642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
27KB

MD5
b86186078a4c5c2ab341c117468b03a6

SHA1
695c262fbf3c1a793b5cf52935c14d3445cf48d0

SHA256
e358ee31fba1f12e71f98c38fe63d7e0a78d56e234469e3cada7232e59884bbc

SHA512
79e4d939c2d378a33638c2064c711613c97cb55d9689f2111bdd9ecf3f8ea3b2a28df5686f039e1381f9799d8c145cf85afa381fe1785ab4cf7d54b63d0447e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7124169d89b08aa3990ac40ed2e6f345

SHA1
614764428621a6666fbe6213f6343bd4e1488815

SHA256
dddd2339ec044b15f1b6b0cd88b964bed80c1c102022453d2057ea28575737ef

SHA512
018f2d6c2711b9798176d87792cbd193774f13fc02f2aabcf49b882e9a7708ca8f4785b781e49d2226d7276e44a708a31e92625552e514dadb2ae56f6c5b1da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
619B

MD5
9119200fc2341c37c49c1902ba7e2acc

SHA1
95cd2dbdc992d6bdefe7a79ffef1148869f74495

SHA256
a3d2fb034aadac10caba90577e31c31cbb830bd8695726c2e091093708c1615b

SHA512
67500cf653b91f404f6c454b826f4450597117118cc09227f2afdde9de7021778008fc676fceb44118d3a61746e12178cdfc34a3dfb617b0c581d214bc4d2f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb07cbcf2cab131f95b7c53a18b366ca

SHA1
d04775bfc5236830006b202580665a8cc552128d

SHA256
9dfe019af98e910c232d253bee5a9ec726891b9cf2a5b27a77e0c11fc346a1dc

SHA512
bda0e1d6fbeace16fe270d4a9b1d42db9d85d0fff5361b694acf3d85c8fa234dfcf6d531b3a22b4e2c9c0c304f857a6f7e79f7d49a7e0820d5b306a4591a3888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99effd71d6c1ed36611ab50b158d9e8e

SHA1
a202ad660bdec51bdba907f1360f86cd4bffdc96

SHA256
528c1cc7910fc8553430114daba36a4081f50ccb20c3443cd80ab1b758ce7104

SHA512
61fd97fc68e5ae34a4478300140632518c3ee1ea168ac5a030efc730cbc03cf5b3186e5f54e111be7dec58622180a2d6b0a60bc94b4cf4afdfb58ded34a4fb2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b58b388a0bf401c07b0634f0061983f5

SHA1
092a596785582be8697727faf2f912b604193302

SHA256
62d75eb642c6ef00ada7190bf0dba30edf53f92f83c2679cb7a1899b6ac1f762

SHA512
feb7a4cea366c8c39a43dc4b46280ea00e21286fc632ee73deb6821719e3ca466e1dcfa729ad45fd1d5fb01870940d7bce3ba900a69f19ecf4849baf81c11596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c28bf2d13edb6db65b8927955be8afda

SHA1
032743bad3cd69cd89aa448f72da5c87725ec022

SHA256
448e3bd54ebde522efd92a3956f4cc75fb5c37e5cab36852d1698b90f24fd3c1

SHA512
71182933098574e79be32eae5ce60c337915e7d552f99483261283ba13f814d81d4491543da3f1456d57f41b4650fe94c27b68c13f6263f1f3b3c89d37b2aff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac5dc84cb48b5aded110ed251574442e

SHA1
bcd46acbed0a1e62d6c5e82aa5cdadededa6ee5a

SHA256
a5b388ed4ea47c14ee81944da59f443199a97e401586d4f29eba7df2d43711df

SHA512
5443a45fd7abe3843e5c995ba75ec4e3ef3daeb9e6dbed7d425767b0380f464322c8b0c2d6d947a0d31af970c53018e064f1a5d37d5312e0de27ce9ad59bcd1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
26c98f198d447e5fc4371e473214b9b6

SHA1
851cfd36452c91a51c8abcb0b6fcbbe090f9eb23

SHA256
e91e509edaacf461c6d1ab488ea3a85c89837adf8f2c4d49a210c583c34b0b86

SHA512
a7089d3d376171edfad8c13cf379616a51db75ca76fb33f4a53110ab2a9e02cb8982b0fb49322dfe4646bf573929779feea476c94071002f7ba39ca776cce19b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
34b67c58b457a71e305e3ede63913bd7

SHA1
990b9ce19e9a2c2d888a22a53b0f5bb6c352cc7e

SHA256
a3700a994c3671f3ed88a857823f3669afd5d2487d23476498bd4cb88b2af977

SHA512
bb408779d3470b679a4bd55fcecbc0027a3aaf3dc818d6f2578ea83a69c45cd5abed173d173d87f9fab0e9f3620a8858fbebcc86a2db371f4a2edcf9981227c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b353c11b51522d5814ed4de36d3aa15b

SHA1
414301ee05c997285e98fed9f6a0ef8d2132c045

SHA256
87094dd741c88dea5d9f343f6761fbf2246f145e2c83fbd650133dda7318c516

SHA512
4421f87544ddc2fbec5a2253b12a0cc81f062fdcd1f5895e74ebbde89fefb83ab6c4a44559c56721d46943cc78e5d06cd789ca82fc09b1fbe6c1bb2b73f3bd00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
9f45b20effd81c86360a06d706d690c3

SHA1
b43f7ef468e446aa81bee5ca793995a55ce09b8f

SHA256
10dc8bccb3cb1e8253dafc85234c45f0d5b50bc9910fb7fd523a6549647142ed

SHA512
01faeae39cba4a794a152782437b4990abd65e1c5120a3ae84b39f668d574bdd5ea43f64688c982cd7d7dc62895561b5361e85d8276fda629d2fd7322408f8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fed2.TMP

Filesize
538B

MD5
43962b081274f3635775bc29ecd23fbe

SHA1
d030fd72c2b919280a3eccf488eaef6a0954a849

SHA256
dcbbe16f8ec9c5ace9a9e9396503e8f5f4c641da1a4fcc4b1fae5990ef565014

SHA512
cc416dbc6a729a7d6ff2e08268648c8f9f26b65cc3f484c8d011530c889c972db6ebd7d24d25b7c586adeaa317c3301845a1b3c7b086aa09047cede49a7a9c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
82df1f93a68788f400968889de9ccb97

SHA1
de77fb0d95636b4f6ae64f198d6e3e540ae6c737

SHA256
39f750a8c84c1bb7505dfc602e1e04583d70755ca8ca685a92359c6be08178ad

SHA512
a2da86b7e6d9a70b328077faf332f3a7162e60b76e8f6a9cc387e987a876a55ace02fc9a5490fa6f283f7b658cec66e9d0a2789e5227e97fee64590998b0436d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4b6e0395c6b93f9b53b479d2f4617c98

SHA1
8c86492b7d7e1ca49538af81620fd8b11b26cfa9

SHA256
bb8274c004becd10d2d7ecb4098f0bab91c972848a09120f9c6e4a5a7d85b38f

SHA512
db25659f6607dfd53ae5c0e7c6d533fe5265804cc9002e47f0d37b1d1a828376ca05db48fb8ae8b1a4cdbc2a160261a9845145527182c0d11c888302099fd793

Download Submit