hxxp://bing[.]com

Resubmissions

05/08/2024, 02:59

240805-dgqgmavenp 10

05/08/2024, 02:53

05/08/2024, 02:51

05/08/2024, 02:48

05/08/2024, 02:44

05/08/2024, 02:40

Analysis

max time kernel
199s
max time network
192s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/08/2024, 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bing.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4072 wrote to memory of 2776	4072	msedge.exe	81
PID 4072 wrote to memory of 2776	4072	msedge.exe	81
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1544	4072	msedge.exe	82
PID 4072 wrote to memory of 1984	4072	msedge.exe	83
PID 4072 wrote to memory of 1984	4072	msedge.exe	83
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84
PID 4072 wrote to memory of 1516	4072	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bing.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe9d2c3cb8,0x7ffe9d2c3cc8,0x7ffe9d2c3cd8
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1648 /prefetch:2
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286973877357218914,11898948116966457578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1248 /prefetch:1
  2⤵
  PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7530d7af-29a0-478a-8d24-30a07852b1b5.tmp

Filesize
1KB

MD5
10b55061690aca6ce5a8ef3775cb2f62

SHA1
12a603dd85cdfc942e202727e82756ca15896256

SHA256
a0c62c7dedd2a5158863c711277df4a94b5660f204340694de3dd32632aef929

SHA512
5af7e9e53efd30c476420ec1c9a30f03ae52b4e693920eb8f176ae7b0d4e539ffa398ae20490050ce7dead96bab102b6e793bba3c3a96aa1b1eedd8f9a7bcc3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
27KB

MD5
903acff81aec95fb624ad47960f14af1

SHA1
de8d7f3ae08621987d76e176118e1da6a7c2475f

SHA256
05d439f7aa4807ebfe90919429e6c6d352ea3816ce6a9592f4df42c2b22871d8

SHA512
c25bcf91200f1ddd174f17f2f95e3292cc8702884c3c0d79803a55effbddf66f43b7c243644c12e788cc1367d2f335ca67e07ec0053b066820719301693db767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6a3e0b76e44d439bdb7307ddef750c49

SHA1
d60fb76ec09157c83f45d3302b76667cccd8d378

SHA256
91ecd393a5719c3f433eb03bd0cfb28dd07adb958fc24039763d6cc5c2b2abad

SHA512
af68e35095a56e3bca0b2f8a721b67dcb935d812161a0410bb9074aedfe0f3022d7efbc142e21c3ca97dfabbbcd82149b4033160282564e32654d789437c789a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b5e49e3ff2668b1c52f8b21d0e4fd7a4

SHA1
c157b8498576c5ad5a357389e59f67d07e8254b9

SHA256
1ac5996b314ee671064520466d4bdd7ea09758f18fe277c46c9defb65fdc3b72

SHA512
b36545845b082fc19466ba21b4375c307e8ff8aa65ed0d7eac44055dfc11f8d4ec6f8e4d0daa1781f9759bd4dc5a4c33cbef8a328866577d828e7c1a34612421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
17b6239538ceeed49722fe5f942505d5

SHA1
55d80afd037172273dc28b109e67b3082eb388da

SHA256
a6647bb6614e22357296dc25b02468a8584dabc9b140531bb09c73565d9ec1c1

SHA512
7d278243f099d05dd743d70d34c3366367c0d823990883d74e1590e7e04ba8f1470d487a03fbd363e65a17a15ce4840eb10f0749ebca32d7418a94766bb75f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
74a73dd54723cb422478b0233dd18eb9

SHA1
9208aa5f03a5bc1d69b03d1cb953fd8bb380e657

SHA256
249cf937dbd74da5fdd038649b96391dc94006d9288eecda089e8451c48d6c92

SHA512
e4e6296a0330e1e60b5c331defa1d0cff4dc3117d9f0e08c9d600c8e70e61e7982c0b9415d0ec259d03cad0f3884198b25457cfed375f84d58bac94662071930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a520e362c7f4aba49a5cf4d4198f09de

SHA1
7896b1821fcec5858e31746274475ede66b88c66

SHA256
f419c4f22c3d9179e7d9fb3f398f670f275412afe38660ff7c0977884e755550

SHA512
d3e53e5333ad6fba0b23c4c7052d84689c63174c2f596e85c410b57c7b01db9f9bddc23ff6a0f51db53eee4d35e66500760e561dc86758f9c2810439f7a75203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06de39f0de9194fe3ed6627bec03a13a

SHA1
f012756cb556d3f3a3bb8f0a062ff5f9f9a8087a

SHA256
ec973c0e29491452b5b03ba18278e8f0986bbfed356d37c1d41d4fd9e724dab2

SHA512
d34b07c9f8ce7dd81eef4845356e5c95eb7593fd17e395087dcdf7df9c5b75bfe04c7431bf15c00380537844adbeccd85cef8fdf986ac50248e129d498ac788f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac0330ce31323e154a0a0d935435d9ab

SHA1
69434fb110d68539638b05cad9df9f9b5f53618f

SHA256
54f36af1992016c1537dc599342c075d8544aee8e21d5afa891746eb494ff89b

SHA512
4212918b0c9cf45d1542416b4d05208f4e7953e9bc323e64cc82ae1c96ac6f6f485ba9f1c14fa2d93dca188459b5946869f7600d3303fca4ee1511f659bf24d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58500e58a70edc3aa85cf143495c6d0f

SHA1
791245d0f954769d04656a608c230dd703ee1a8c

SHA256
c040b67d212a217768ef01b5f42ed693fc8f265b42e6b56aa46b28fe002478da

SHA512
21b1cca3f2391a3fd68af455ef8f0b3c6c9937f601ab772e6cfa97d6772ecda5d680fe34e0d16007c1c89dbdc5443fd8c39ef9aca1afe8357ecd4787b6129110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e5978bf02304b3b49ce8178aded331a3

SHA1
8d0a43db382efa6096e47e5673ea4a18c9497ea8

SHA256
491bf9ff6579a2d4a08a803b98f19f269cabec89cbc02dbc0125a72603b66f08

SHA512
f1f248f09b2724c857c62b4742cba1071eeeefdefdb00f2f04eb2d2b1a7913cdbe105216f3178b4c32ab1f9ae9f34c4fa90ce2792f63fd56e7b7829a618f3bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
5c8a1f58298094ba318e5ee00ad30469

SHA1
936920b5308a86ffc54fc1ffcd8115a19d09ffb2

SHA256
53c29852111a38654e494bd6a8bbf677f2013ac7463c0f5cc92d134cb99fbec7

SHA512
71c1a5777a560966f1008e803fc6491394b513a060e8b01d5867ee4f906751c5e52035656fd0a282f0509072950e70e75da425a3c68dac5563d95116fb8ea7b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
d0149ef879efc020056a5ad1ff1e983c

SHA1
624964b527e4741afd582c26ae16ad8996c77646

SHA256
66b9863d90068528c6492b8246241a2e59adfc15406bd1ef257e0c5eb2a68391

SHA512
7548b191cd0ce00619fb2b3d239a4cc2e221694a26faff31e610c14481c8d7251b75511bd3e3b89f7867f9215ad6d90b713699a08778eb8394b07fb58e639341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
3f6a497c48fd9cb0b7715a8a3095ce48

SHA1
ec655b6413c719a2dac33578d3e8654e0163ca47

SHA256
eb137a798012e5784248cb762cc0ad5269d9d17519b252781b29dfc04bfb153a

SHA512
60d173686b68661f374504984b6e044bc10ce89d0653554953f4046b27e2723aaec380b0969ea436e9cb69315c81599b5d930e9bfa55c42534e67af6258e4fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
289bd1c48fd9cffc92d1bed4ee8d0e56

SHA1
33b22e542396456bccbbadda7246b99988334d68

SHA256
e010f5e2c7f336503ac707e5f3d4c4882c69b2b8b67fd81dc2e5959774ea67d2

SHA512
d621c783e5029011af8ead9bfdf37339b0aea04cc7b88f2b73ea831ce169542fb97b2852fee418833e5388db954b3506b55ac13f5a258f299583ff01c4bfbd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
63a389ea2cded585d713398f29303080

SHA1
278857ad916ac0a409ac4798a8e874cf4cb72eec

SHA256
cb1e178b5aca851acddf9b7c79eb2b245696245324839662f6acf306b48dde89

SHA512
85ec8c69f9f55e8574a9d13a789a6c31dc0d8fbbdd741437605658cf51c02a49abef5b071fe17abc7e7e46ac3d369b2e431c322f9db08128b0eaef9a5b71a0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e261.TMP

Filesize
538B

MD5
7daa21cebdd9f6aa1d3302e21d7e84f4

SHA1
d28888a33ba18ca8f841683661867e847e3d4d70

SHA256
98515f7eb032b6f3158eeb0f7b0a374a4c7ea81dabdaa39774cd5d7a92eccfd1

SHA512
c8f7ee1fe38277ee7151893b3d9d6e04ba936f24158c571a56ba236e89e50a38a3c2253845aeb760a2c1f991c6ad9f149fe0ebf7771015d5ab11b164d7acd76e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
91d6b9426dc31f746bc44186e1050635

SHA1
016f2d7f80ba8c18cc824cfd55f2d736a94045c4

SHA256
646811febaa986d0885b7a56cd26a0c27369ef46f9d7067e5a2936a7a9e4fe7c

SHA512
512dd7d9e1198f9eb844726fd23b98288ca78447dfdcbf2685fc3d1a25f8cef7d4f068d867a348a1ba6fd95b09e7fed9ce3661be6bef78dc0e8de26d3277aeec

Download Submit