Analysis

  • max time kernel
    497s
  • max time network
    496s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/08/2024, 02:13

General

  • Target

    http://Google.com

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 58 IoCs
  • Suspicious use of SendNotifyMessage 56 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Google.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4552
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d6646f8,0x7ff84d664708,0x7ff84d664718
      2⤵
        PID:2560
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
        2⤵
          PID:924
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3880
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
          2⤵
            PID:2940
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
            2⤵
              PID:4104
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
              2⤵
                PID:768
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
                2⤵
                  PID:384
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
                  2⤵
                    PID:1156
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4968
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
                    2⤵
                      PID:4516
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
                      2⤵
                        PID:4944
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
                        2⤵
                          PID:4480
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
                          2⤵
                            PID:1832
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                            2⤵
                              PID:2660
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
                              2⤵
                                PID:4784
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
                                2⤵
                                  PID:5044
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                                  2⤵
                                    PID:716
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
                                    2⤵
                                      PID:1716
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
                                      2⤵
                                        PID:4876
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
                                        2⤵
                                          PID:4084
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
                                          2⤵
                                            PID:3136
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3536 /prefetch:8
                                            2⤵
                                              PID:2876
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3352 /prefetch:2
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:4160
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
                                              2⤵
                                                PID:1952
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
                                                2⤵
                                                  PID:4792
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
                                                  2⤵
                                                    PID:3528
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                                                    2⤵
                                                      PID:1116
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                                                      2⤵
                                                        PID:468
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
                                                        2⤵
                                                          PID:3516
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
                                                          2⤵
                                                            PID:3188
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:3916
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:380
                                                            • C:\Windows\system32\AUDIODG.EXE
                                                              C:\Windows\system32\AUDIODG.EXE 0x478 0x4a8
                                                              1⤵
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:2188

                                                            Network

                                                                  MITRE ATT&CK Enterprise v15

                                                                  Replay Monitor

                                                                  Loading Replay Monitor...

                                                                  Downloads

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    e4f80e7950cbd3bb11257d2000cb885e

                                                                    SHA1

                                                                    10ac643904d539042d8f7aa4a312b13ec2106035

                                                                    SHA256

                                                                    1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                                                                    SHA512

                                                                    2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    2dc1a9f2f3f8c3cfe51bb29b078166c5

                                                                    SHA1

                                                                    eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                                                                    SHA256

                                                                    dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                                                                    SHA512

                                                                    682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7abd6689-50a5-4da9-bafe-6f2aa10bf27d.tmp

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    baedc6caea4e02bd2a805c71c3363130

                                                                    SHA1

                                                                    1a9d70bd0a6319dfb6a35f0e3920d1d4eb96f011

                                                                    SHA256

                                                                    eb613d3d196418418a84fff06766006e0af564e03b42cf2393f59be62a2d9ef8

                                                                    SHA512

                                                                    8d17a820e8752de8c07a985ea744b0683b43c134d60faabdbdd57f1349007fb48aa05639809f9e032dbb32742ea889e90e190f65023f01120ccd4b08c092f923

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                    Filesize

                                                                    209KB

                                                                    MD5

                                                                    3e552d017d45f8fd93b94cfc86f842f2

                                                                    SHA1

                                                                    dbeebe83854328e2575ff67259e3fb6704b17a47

                                                                    SHA256

                                                                    27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

                                                                    SHA512

                                                                    e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

                                                                    Filesize

                                                                    42KB

                                                                    MD5

                                                                    f934b8651447a6a76ca8b68ea6eb40ad

                                                                    SHA1

                                                                    5bda83811706c7595b7d15e6cecec56d7b20485b

                                                                    SHA256

                                                                    f6011a9da52adc6991e8b2d68ee56cebbf71ae04fe6945d30c1fbb087e062134

                                                                    SHA512

                                                                    1dcab4611b8d5cc4ff68fd0429f94668bf84d64da4a34200520cf6f40575a46722ade3d84039487c942096438b7eefc45bc2b4734ef055ff89ec39b1f1ac38e0

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

                                                                    Filesize

                                                                    139KB

                                                                    MD5

                                                                    cfa9f685ec440d8bbfb8848e0c5815b1

                                                                    SHA1

                                                                    f9cfc26fb29ec38cb9c163c73b2ee27d3e4806d9

                                                                    SHA256

                                                                    762843fe743d1eeba3bb3daf1c1e631f824a94c4f6c454a88ba805b59391b8bf

                                                                    SHA512

                                                                    ec836f2d647d84bcad717261a114f89144152082804ed476f581445efd316db993ab4fe3c4c2454cbc19c6fb1fa68fd1241ffdde21f7c0bbae1a19833c709457

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

                                                                    Filesize

                                                                    20KB

                                                                    MD5

                                                                    4daaccdb07866cc3fae3c4973a15b9c1

                                                                    SHA1

                                                                    65b04d541fb34f97b958d0e68e31cf33c00eebcc

                                                                    SHA256

                                                                    f03f10bf6c4d2cd8faa43766f0ccfba78dabfde5c71cfee864af6c230dac8355

                                                                    SHA512

                                                                    0d3144d273d7c84d78f29174f213864c84e8a9084994e25bca5dcd2327571a42078fbc6c050e74f8934b0e896c9ea7a71430eed5f3ebd122323280136d1183e0

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d2

                                                                    Filesize

                                                                    911KB

                                                                    MD5

                                                                    29a37a3aa77315c802d9676b2718ee06

                                                                    SHA1

                                                                    59c3a509a85454c58701a1a838a6c603870382d0

                                                                    SHA256

                                                                    17a5c9147011fb6969768d5f23aaac18d192b5abf90243877c55154889255758

                                                                    SHA512

                                                                    d8697897225c9a8535b19257a221e482c5d1d9418acc323433108edf4467057e43d8803b69a14124953a03ea8a427b7b158a44fbf5b5c77dae078943afe16a64

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e9

                                                                    Filesize

                                                                    1024KB

                                                                    MD5

                                                                    541b52f8df8a3df08f715d27c3656ff4

                                                                    SHA1

                                                                    1bd6efae9fd4d98a754b112e7125352cace45000

                                                                    SHA256

                                                                    028c7327da81c16d3a6a57aa82e54bc08404fc20c2ea660c1441dabe88c7b098

                                                                    SHA512

                                                                    be74a4e0e2d21cba10a0230fe161f3e65f97892bc904fdbe5a14db7922e4d4f9fec7e9b8c9ca3bda93d341f528ac15e5064f11bcdfccfa9211a4807486d3310b

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                    Filesize

                                                                    288B

                                                                    MD5

                                                                    5b4a6d7d656895449fc97c8dd61fbfed

                                                                    SHA1

                                                                    e5fcb98ea3d4120f7dc11370f7ee135241a450cb

                                                                    SHA256

                                                                    ea8d92ad1a9e6aecd4512a7875e655ba35b8fad9eadba419fcdac78ff194e94b

                                                                    SHA512

                                                                    20969d6b7237d80e2a73462fe6afd0836592f446ccd907fca43fe05f7c2ae904c9072306cd680bc218a35a2e1678299aca8f0f2ce38614902f7e60bbef42d833

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                    Filesize

                                                                    360B

                                                                    MD5

                                                                    8a9f6fa3c61970378a76787fa5bcc8c8

                                                                    SHA1

                                                                    fc37998561b498b91314aaebfefbadb3b7032390

                                                                    SHA256

                                                                    867df02d420f2f62d4b1999e36a151213e62643c40652cbb2641c58229d79451

                                                                    SHA512

                                                                    8e459c259667d2299145657aa810386a434f6e875b26b75d15d9394d69146cd78f562a7b0b53bdc3c8f387f4c05035246261461d01f3bc767ef4da93e7633c3e

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    a6eb68e2972cd792a87e9a9a28947db8

                                                                    SHA1

                                                                    37fe6a666b36296df3909d57982017596cae6cc4

                                                                    SHA256

                                                                    4b4b10476c8ad2c651dfc492715bdb63755167bda7c76f9fca21cb99706bd34b

                                                                    SHA512

                                                                    2e35da417d4bc082afa7ba015cdd802ef451db6e157ad22d00204e0841cc333596372fb335ee8edfc337b5ab8a7c12b7bfca20ed1a8880d3cc0423f0308c40e0

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    11a76b244608442ef577787bd84d13f9

                                                                    SHA1

                                                                    4e5d894794193089ee9caab3518e10346d43d445

                                                                    SHA256

                                                                    9f791bd79820367089c9254f50ca3cf52ff08a5901ec33344e1f2de2d61e1190

                                                                    SHA512

                                                                    cd12914455d9dfaba1176f8b57822d0324142c4a74eb05560a910bf8f677983d6c2b2aeeca3d2f6ea1054e92c088b0a39f78caf874e761e82a42a42b26ab132e

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                    Filesize

                                                                    4KB

                                                                    MD5

                                                                    bbd19ff51299b8f9ee712e0947c34986

                                                                    SHA1

                                                                    adda17422add397547b6452fe383976d849222bc

                                                                    SHA256

                                                                    dab114a690718c11831359d1ad3491366a83299aec1f065a80ccfcaa714be4b3

                                                                    SHA512

                                                                    9f125d6da98e51e81e102419a06b1eeb36512bc5dd61e67be6300b0232f246094b52dd0e28e5c9e6d085d4b63e7b0f6b33db7eba8165beed6b2d9a79b712beca

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    50ec4cbb86b9273947e649347e2ea93c

                                                                    SHA1

                                                                    e98be7f2e40cbeb3069b497ad9fcceaee5938c5b

                                                                    SHA256

                                                                    3c7924e261f813bc5cc187b214552fdfa6dc8a907783b9d53bd002548145cabf

                                                                    SHA512

                                                                    35adb5a74b2cb0dcf8f87e0de20db793a48d50ac0942233473bbaaa5147e949d3f603377d9d8d573a193281b388ea88850df59f5930ca59ecbb6fe7ac687007a

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    906a49aba2eeb8e9447ab167fb5785d5

                                                                    SHA1

                                                                    3fed9cb293a3721050b7c1697991459362fb0bff

                                                                    SHA256

                                                                    d898f9d44a82564b95ebbbd27a0e36f38fcb9f9057179760c1590739d7879560

                                                                    SHA512

                                                                    7b7e3d29ca8fb5b334c6448eabd5cd2a1e3c2d807f3d40ae8be864f01fa9ee441c6949e7848789b464e277dc9abc9f7ceae0669b66e970729cf6db3f190f3f33

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    8KB

                                                                    MD5

                                                                    43b5faba28e5d646ab73a35796f858e6

                                                                    SHA1

                                                                    159d7f0a52541f8eedd132b8be40a4d34c0d811a

                                                                    SHA256

                                                                    b76617a4ed1167d9d8e78f699354f1718df190b9d62b7942ca7283227e187de9

                                                                    SHA512

                                                                    7f0500f5382350ccc47cbf7814083b6f4cb2621fa5ea2c02cf8397495d6112d30b76be8dbe23f0831c9019cae3e1e1e20cf6a17f5c55ac83b426d1816c69fa7d

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    79e6346307a3d03798b8689368791f6c

                                                                    SHA1

                                                                    00e17cb077f8c2db95469bcc03565da2cc431a4b

                                                                    SHA256

                                                                    458e305e13a3680f46f59ed6e41906f58c586830ae8b804f999d9288ba73b83f

                                                                    SHA512

                                                                    a8f7621757e3038ac72cf49cade19f0595b0c2fe021bfe08717fb3d6d04f3aea26f97b3d16b1cdfc9709f100e0644be160be593b2b03818d09ffb30a2a16ca90

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    d971ed136e0be9674e2c41a089909eaf

                                                                    SHA1

                                                                    3938440db1be54bddaed9588bccb996953ad698b

                                                                    SHA256

                                                                    d2866715290c2b118d47cd7c88f552d4e433a97e99201019dcfea6406ae24530

                                                                    SHA512

                                                                    275bb86082546811c89223aab530c5b9678bc9422959b636d4b1eb191acd3e9b3663afc9ad4348c1b073ccd882810e0c8776ef06ad43dffc0b00faac61337349

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    3aaacb87061d4d20e59a1f48749f9366

                                                                    SHA1

                                                                    2f1200de32b5102c4fa9afa6623ce7a09531f51b

                                                                    SHA256

                                                                    1919c570424ecda365612a7daaaab0b42a38161b69a9ca64ce3c6d9a52940463

                                                                    SHA512

                                                                    5f2a8a058dde798583f1d97a562d5396fc6f7a5179158fa860d9c5a1df24028d750a7ea21865dc445dda3a645bbefc92920316ea08bc89791c302acf14ca25a1

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    8KB

                                                                    MD5

                                                                    785bab5abccd98b74e2101f2c90a3433

                                                                    SHA1

                                                                    da979c4479dbaff830f247df96da666793aa400d

                                                                    SHA256

                                                                    31db7755a5261822f4b486fbcfc1e25c4823d14cd600410a97cb60fccb456620

                                                                    SHA512

                                                                    b6eb729a2e152af7bedafeaa936b1dacc6a04b4186149f95a04bacb8504a728fd99a5fd1a53fac8d99bd29b5c4e12f3f71669ed62e391a20edf6a4c544672fb1

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    f6b0c7cd9263831ff49f18aff6fe0cb2

                                                                    SHA1

                                                                    473df96f8db4b9efd81e42370ad92f1b2b1c67d7

                                                                    SHA256

                                                                    8b0738b5ca3c34687dbd13754c573d3fc3ac5cacf4ee43b7172ea419814dcfa1

                                                                    SHA512

                                                                    d116d7320dbee9106ca8ec21ba987d1f18776a5e3c56be036176a6d7c19678d29813adf331bc0cf619161493c72cd77830bd8902f433e9b30e15abcd7440f252

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    2b1fffd881655b5a04559e46f33b4255

                                                                    SHA1

                                                                    e932cb0124751a9bf358885eb0f3166c9c939bba

                                                                    SHA256

                                                                    dc0792762e3cfe0469b4141f8f035919cf03385c1c953f3464872bdf2a17439b

                                                                    SHA512

                                                                    e6fe64ef71587c7194357945a78b357527eb8f35a5d0a69d10b323fc0a1f4eecb9c0582a2fb5c44d60f8bf49cc2451baf1ae256a22d2d716f0a53945a7a754f8

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584496.TMP

                                                                    Filesize

                                                                    538B

                                                                    MD5

                                                                    0ecd975b4913619c6210232c9b8c0cc0

                                                                    SHA1

                                                                    c0becc0c5641c04f2c9f186c182dc465c4cebd60

                                                                    SHA256

                                                                    7e7e2f45bedeb21fff78dfd8750b5c10409b9e566ee1cbaebc79b51c8c445d1e

                                                                    SHA512

                                                                    135cc69feff827ea8380d0869d4704edb7ad2cd3864b5c740982fc327d94e029d04bad1d0873d2d0e17d4a9771b4dc6d40b5dd45b626f84a76fd6e6f72865d8f

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                    Filesize

                                                                    16B

                                                                    MD5

                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                    SHA1

                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                    SHA256

                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                    SHA512

                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ff385a60-a7fd-4ada-8eff-62c7b159d457.tmp

                                                                    Filesize

                                                                    536B

                                                                    MD5

                                                                    57de5b0967b37ef2bdcabba2bdb2c9c8

                                                                    SHA1

                                                                    076389830e31f87361cb3e1bda611041585221e1

                                                                    SHA256

                                                                    3d6ca828f25101584dd573ad1cb3adc2cbb650cc1a279dcdd5d4b330c7a7e08a

                                                                    SHA512

                                                                    8ed9289530c3c0a3e12c6adfac81b2cc2e0cd369862aa4a1439a62810c5bec8be57b469c8048f7585eef30a6c8ab04135896f4955fac6172c374d02c4be3b601

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    d64cef843a1c9543bdb3c7f6287fa6b5

                                                                    SHA1

                                                                    7e7ed8b667b739dac95fd077e68ce454bfa083c1

                                                                    SHA256

                                                                    f44e84fae8eff57ac258819055b01419c887b6c81665982f40e14f6af45dda0a

                                                                    SHA512

                                                                    6cc9777aa9a728fd88f9008337fc893a30935af737bec9290b2942e9daa7a0c3dff066075047eb23a4a4695dfd569d9744eb82bf9ae6a9b24ce89ec5e90020e8

                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                                    Filesize

                                                                    2B

                                                                    MD5

                                                                    f3b25701fe362ec84616a93a45ce9998

                                                                    SHA1

                                                                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                    SHA256

                                                                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                    SHA512

                                                                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    f305bf68f4a4088a852df9529eb8065f

                                                                    SHA1

                                                                    f8f2c566a2c93746f27863f3177c16e6af8d042d

                                                                    SHA256

                                                                    5e9db81aaceb8b977a83c2ac4e180962b975b2971d7933bc35a28b151b79e1fd

                                                                    SHA512

                                                                    2fc1e0b407d553fd7372c78085901eb6a0e6dc7032b9fc2792302521c26a0b17df067795e94c9d099718ba14ed4cb77749542b5ca48a826a2df5f27556736000

                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                    Filesize

                                                                    8KB

                                                                    MD5

                                                                    5e51cf18819eabdea6494a2a536f3d38

                                                                    SHA1

                                                                    7b0108b36965ba9d9d356855421c319c07de76ee

                                                                    SHA256

                                                                    d24f137341c4c02d1def1982f284bef184f269dd7b06fdddd4c8bff99d10c545

                                                                    SHA512

                                                                    c8ae0b579d9848565e22d20da9ff792379385862d232a53a21203a537452a0c02727de45be1d906c99dea95ea2d7ff40ede56b8fd6e8ffbe5be660206e6b6101

                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    9a104a79fa2fede113929e3fa5f43929

                                                                    SHA1

                                                                    c65241e9aa4c7b081e9ad2df26f4ab79935c4bec

                                                                    SHA256

                                                                    a988294baa4ef1e2d2790fbc4548acfc18a19844f9f0b2bdde33ead5307444c8

                                                                    SHA512

                                                                    fa9136d6d067c0ff4e3bb1da4a272c6119239c3b9c4de801d3abd2d340acecd53f7519d08e68ef26d66b086ee76186fa1fbf76ef7cbafbc852b93d93c10eba8f