hxxps://www[.]reddit[.]com/r/Freaksh0w/comments/13e3qs3/bonbon_chuchu/

Analysis

max time kernel
960s
max time network
966s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-08-2024 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.reddit.com/r/Freaksh0w/comments/13e3qs3/bonbon_chuchu/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
5592	msedge.exe
5592	msedge.exe
1348	msedge.exe
1348	msedge.exe
2832	identity_helper.exe
2832	identity_helper.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4544	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4544	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5592 wrote to memory of 2608	5592	msedge.exe	81
PID 5592 wrote to memory of 2608	5592	msedge.exe	81
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 2640	5592	msedge.exe	82
PID 5592 wrote to memory of 4784	5592	msedge.exe	83
PID 5592 wrote to memory of 4784	5592	msedge.exe	83
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84
PID 5592 wrote to memory of 5956	5592	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.reddit.com/r/Freaksh0w/comments/13e3qs3/bonbon_chuchu/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa90d3cb8,0x7ffaa90d3cc8,0x7ffaa90d3cd8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,10327998951465824316,18029343693100115130,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2112

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
334KB

MD5
ec6ea05ea4937a7e4f71cb889af68a2e

SHA1
c894a7efed7dc11fcc893205cf3fee82d42fa34e

SHA256
712d2c8dc2326adf2697bd0d75fbd3c7d73b427594145863692e68cb799bf9db

SHA512
7622714585fd813dfee24872161a9406d0f3583ec1ce13d77ddba45f172f9d22021eccc4f7b09c88825eb730b934210ae8a8cb15e676185f72bafa155df97328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
1024KB

MD5
ada707a0ce62db31bf83166dc76f2a00

SHA1
df92dc9ffcaf9ee5f3b68da8c8dad92705c63552

SHA256
7d11946593ce75d0a34efd4a54c6382cee9c7c6366c8c420d6c924a4a0fd8530

SHA512
08a677e74583d63735ba96699c38cd70e09099406cf3fa1c7b0494cfb840ca1b04360f7f5f1443ecbb0ea05ecb2cc17988a02c09f87956fea0cf192f2eaf85cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
1024KB

MD5
e0b795742e9d69f7e24a317a528a934b

SHA1
79fa43e0c5790808ef97cab8aa7a11212eb410fc

SHA256
3b08db934c13c55f11a3d939164359b09a84ca69a6107fa667863c2130edd7a8

SHA512
84a95e593397f5f59fbfbda97d3a737dc7939d2867e32a680622c66377a980a461bf91e2f98869619e87d771f5c765f0b3dd7b35d7e2739ca6f4dfebc170be3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
1024KB

MD5
a9436dabd58c98d294972c8a9e33a3ce

SHA1
dd5cdf86a54f1b71feb75c074899d58f6a3c2e6a

SHA256
854d0b594cf81a9b2056a8483eb543bdd365cf37c072d2da04c1639bb95b0d4a

SHA512
ce2608c372c7fc70735018bcf7e88a6d6b39d5e0cc8b91b80dd5d5430a2dd783140da3da0f1b6276d5d4e7b3f88f8c127ed758eb3580fee7e658806de458f01a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
1024KB

MD5
adad6eacec4f609e471bc85804e15246

SHA1
27f751af03b27a4519ef9a08afc669b528bf1220

SHA256
c4bd77ae1463b835c7ac3b196a93cd5e669e16278965bd8cb96299ec7aedf684

SHA512
8d9bca8ce49167747b201ed8b5872d517772f499e59453384dd62446fc95a49e64d2a8bba69bbddc49e28daf6c5f0f1cb6d5d2d7fc22c7a81145df3198229c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
342KB

MD5
06a79898a94b8c752b459f4cc14126cb

SHA1
91ca0f3cf34b380778c0449434cd5f7ae3bcb924

SHA256
4c334233906af512ea9c0702e5804a878d541ebf7fd29945a3d0ebe8570012c3

SHA512
6b1f02fa2f6ad49480806393c4bfe4498ceeaa35b876e86b793827dd9ea325e5da4b47e441a2327e5a8ddcefd6e6cf4eafc5f143c20b1023308e839758145c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
1024KB

MD5
ae7cbe87efb5474e583e16ff853f3da6

SHA1
7d6a03fc686aa597a2c06aca0a6022ea5efd3ff2

SHA256
6e5a10645b043a7f2da765110bc7cda63383b1ed6b378959e11903e6405f70b3

SHA512
966893bb06f7a7f7528d2ed1f49c26d22a12525546a871950b5c2193aef18d730da8e7ab0f5f987864e3eb072a527d065be833a2f0b821728ca2c3e4cfd6c7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
1024KB

MD5
53444d966ca0fe43fd3bb29988d6e68b

SHA1
b91406ca6b6592e413f970678f4b6c956c9c355b

SHA256
0166e7b767159236550d66da24157807e8c4d10b951729c922a7d8d0c26f522c

SHA512
e042170b08dee60e23d2b73bc5ecccb102dd194f4af378f78ae07a3aa532d7c8b024bd3368753761c87a2ab2896c90e009a432430f8b823f75fdb259deaa89d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
1024KB

MD5
bc1b64454945b641cd056ddb4a3ac0ef

SHA1
c4a60432bd790768f9899e16e12d83b8cf99a0e8

SHA256
832e8252f6e3c225f467a1d0ae359f5908eeaf72005bad23e36544569858eb68

SHA512
8296ff504a1d3e9f3b130a69569f283233a03b20319c043f28e3ee00b9b7ae5f56394132ecadb962a1c542079113313ec2d368dd340735c707af0c0110c6f57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
294KB

MD5
cd8ca28177ac39b6c63ce6600a336630

SHA1
91e9e4e8cb44691cea2e0c15ba447dc0a30d9f89

SHA256
eab1054d57c5dcc3f8094bdba7386047399115375ea0445f69092468c8f5be17

SHA512
ca15051a5ba8023a99ab53126982addb062dd1927546159ff6364d39f9689f510f1e92943681abc0463674cac9a03058a368f2e9489086ee8ec07dce4cc505ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
1024KB

MD5
5d12e155b81cbbdd73b3b55f450c1ccc

SHA1
fee14518ec092774ccaba4c74deebe57aa0ae835

SHA256
afb2c64f0c8c735c178132404fbcc30fd02f80c13121ccc56b69f5f03df4861e

SHA512
2bc96940f3d8f71b12255a8a6598ac4ffdadc5ed22f4d5a70a02193e7f196c3709d522e95c2cb6fb995aca4eda218ad8ea99db463bd9f31e72699925385569b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
1024KB

MD5
ff44402fd479b9774df7f02749331d7d

SHA1
171694a4a7c53e2d34881734718d628043c47594

SHA256
3c97d97c59dca478406cced99a1a0733477e3cc0aacb3cc1fb40dec517be48c8

SHA512
b34837b82a165296200403fd612f0b652ec4580f91b469ddaf9032274aa729602e1724087893493643d00feac8c5a13425f6e511488ffd5c9216ff50f9224b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
468KB

MD5
6cb6eaa531e1f3bbc7f04471819714a5

SHA1
8e55bc496d199c6220a454170798989e45b02616

SHA256
c5499f8ac6c93a044e971f248e5ad882938b38d25d0a62c858c5d492291e3da1

SHA512
592ef9ea95fdd9311ed26c4d41a96095aab6699741377ab0c6bfbfb30e7b4a5accb1f37bd09fa64789fa682dce26d018ad21197c7b14bdbe9843bd76747e11dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2e50a2d165459fee9f6d1690ff88a08e

SHA1
ac103fc167d685526dba2441519ccbddcad6dd48

SHA256
131503f142cde4c965614a0306c4359de238ae6f53debc89557e6b4b61bce824

SHA512
cc6d96169399567899a7b14a9405a9bbc7ea358b9365ad19b51b8cbf56e4e83a359bf3d2de837d2ede64c429a91962f100fe462885e5d22779b7481484e6cbda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
45d42f7110b13fc7d813a8be5537e496

SHA1
3e9d26573df7ad1c24225cdddc7d442224d04ea5

SHA256
f5bcfeaa869525b40e987e4997106b938d0152e95e796de0341e4efc798b8d6a

SHA512
2a0ff6baaf7549ca76fed03bfa7b0cc77cc865acac3f02ee60e3cb0acb4dce091e67dc38e35172ce2876b228a0e62aff58f01a98e4f2872cd52d754c8ef43586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fc8683139ef19d478b59e0de57ff86b5

SHA1
fa93c1fbecaac9ae670e8d041e931a5b8e6078aa

SHA256
575fd10cd01dd4fa424765c1c6858453a47290ea43a570f5e0806bdc0d45ae98

SHA512
4194f3d67fb26750bd6828356dff623819d05ea0e932e82c5be42b09ca82dc99b4011aa2a9ac13748c37916b6ba5bf51b08012a0fea6ca82f2dcb8b70b4ce867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c112b1f84399980e25f24141b0b0670f

SHA1
3791294c06bb1934c82e8d0c7cda7e3417f0527b

SHA256
19d009b31ea123bc6a70b1025b18687953fd1cef9184984424b527f5b5407a7c

SHA512
5bab0cef574a8fee5a6533e33b6abae33493f01113868e0674aca5258c707404e705d388a62393d415d4bfac0c65b6752a6efe0fa2f9e285caa152b87c1680c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
587564e31dabb9f50b42f6e3745b5616

SHA1
8c82c7070e08271e7de000aeae4c9378bf32d001

SHA256
96419e8eda0118c4c692822ab1fad56d3620d090cc443a217f80cb5636281cae

SHA512
957088919eabccd94b06ebb59a8af7be531868a5e69323cc1c43f50eb08befb291eb00b3449fb79185ee6eff5c5181cc1809ed1380a13b4127cc5abc4f0a9a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
1978a0a4e0f12ce354031edb7d9b056d

SHA1
909d02f492eaf7eec6786e0d8bbb766f6dcc9048

SHA256
4da96a95410123e8ce90b49dadbb42c0b390ce00ad587c250d17087c839b84e1

SHA512
a542863dbc4ec978b4efc02905b9da741de349d5a45864dbe9dcba545e5303eddcc930da77adbced137411b014c031fe046ccb825a7f8134ea1fdfdd932abfef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
89796f16baa49e2b377708cfd43acb7b

SHA1
3e8ff25a036969e04fcf2f1e817dc7a8adafa9cd

SHA256
c47fd59bb074846f0a3b78a6798464eec88a114a5972c00c61bff2425562874a

SHA512
c2012fb89c63905baa692e3e2a765f08475080d74d1f55a9174d57e4508f56c8d1c0385579590e89178c04a67eb537a1e23c4459c827b03c043650464316a20e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
b6863e7b3a94c179d2e008d20f76955c

SHA1
55ea14693bf594264fd3efe94d0a31eb5b15024b

SHA256
8dd055be8771d890d6597b35a536f23bb4644c0bf33d59de4ab868b6cb1a6e29

SHA512
e55b5ac1ab470549537a0b6171e36e6e08bb85ae17956dfbff2bb394d74f16e28d8480a75a7fa5288826fb4b070169ac4f504da472e8bb2d9799c012cb0e8df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
2191a6bb3411143d6494ed170c0cdb1e

SHA1
95df032a7004f2fbb1dba989614b156c2b1b51df

SHA256
899ceb71d1b7e65ef787996112077d25f4f2d5a109bb29f39b3af87975503879

SHA512
796dda8a00a595f93c1aa647f30ce8e6f59d9f0cdda8a7fa6a0fcfd8f40167c7503605279db2bc1a0926e9bafc055f04b29ec5a2fc596b2157d84354886c1c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
fd72a249ac3a1e6b87af86eb60f76359

SHA1
ec398cd37a19bca34667906225099b46c9afec53

SHA256
10ae4770b749cdcee354eb867c303e3243ccc39bc1b3cccde8dfed55afe5441b

SHA512
d6ccf0129fa212b704d44bf0845b0be2f1c4f81eedcaf967fef4c05a254ae918b58ba837663ffca29d1437e5088678876557f84ac90a4349bb820ee73265d2c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
bff0077d7f90a01f76c5b753e54a8820

SHA1
a714e3f7e6c740c3499b281236196ccd23cb2ba6

SHA256
bc11e0387e78cefb1f779529dbe6a9d4640744485f7578a9f3682883c79a12fb

SHA512
da648b2c1f4a6517294576bf047bfe157111449347125207c3a0d2a252c34b08689b58c0dd160f54e23aa06743702b8e297c9753600bcc92ec777fb3164018bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
c4718970ab54040046cb6cc5b20fd6ef

SHA1
f4ac1c053a6bb7c8ba011485e6212d3ce6bb23df

SHA256
4ce7a0a8ac408e259105a6941b22400b67bad0bb9f17007f6d36c7f1bae03c4d

SHA512
cb5f757d72bdb3c81be4322c3eecaa306c7c3bce3469e853514bc14201cb9e5720aa724090c50e3e2404fb8025726e710054219f133b59e114ea12733164f17c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
0a9a043970f62c26e41d357d27ef20e8

SHA1
ec1c363ffc4aa9a383eea4aa712d6b1b171216ed

SHA256
ea0c2fb6fbe1b93713f637e7c2b0744d099645b8acbbb1adc2fdc6165980c259

SHA512
920f96079438958d04f5a0960253b01a417dcb3a7a3aa459bca318353f0e2f8594821fc2ca2c4a272330e15061297d99ede9ae00a9c8dd240beaa1984776671c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
2f6fc262bf7038520791596b4c3856c0

SHA1
cb84ad257dfabfda07602f689aa5f59b2a8ea250

SHA256
831368c9d7243011c52c259ba35628a862f8a2bd76fccfa0a949e23a1b4de25d

SHA512
918f182374bdcf336eccc54994f8699320373b20631ff3f260c222b5d1642d4075d8a67f1a412a6ff89c8f786cf318b6131e03705ca204c35476e8dc94d6ebfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
95692dac7a8a77703c998d51e0a7b6cb

SHA1
ff4b441c1d300062f88dbb9fddaee19db7ccf966

SHA256
c4ae3207e38532f9c9e0b2d9653d74420f104e8ae75c2c5a225c2d0d81f41288

SHA512
2afad05493d691528208ae0232f65a00faf8a3504b255a78f3f13fb459b5c58ce90a0cfd1b8fa749a494417d1d88db4f8260fd35317795d8f5a9a84534c9c3e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
aa5833cde1fc80eb19e3358c5f1f173d

SHA1
c4b1e814173312d884acf4f7b099b1b4c0e4c719

SHA256
f5beb1b8b3a2c58023e8f481dd5fb66eb466eba245834bb5a7f9bb99fe43659f

SHA512
d4f8d5bb4d2413b2c25021f0d705d42b6a1d42bb4060ed9ec25685bbdb4e0277fa19ffcb8531e5e3cdd0a20923a27135505a3463bf5e44809b5db73f4d091dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
cd6410011ce2b193dbb858055446803c

SHA1
874aa8e7983e95d1fb8861cf726c28c6404178f1

SHA256
7ebb8b3d47edce30e8b39ee2ffddf9e123a1f9ae478c145c18941938d31ae7ac

SHA512
692562cfede61f8ff2fcc333da63719da2fa53fc7940d32c7e6150b362977e7fcf6984ecfccd931e3646b258755042415547b9218469dc4ba0b13d5d3cc86e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57deb7.TMP

Filesize
704B

MD5
6d7e0cd86e714c4dc981d98b094607d1

SHA1
546d598afdc2eef2ee0376dadd2d0e4c8e39c651

SHA256
740d6f4512c4330924b84d253883a94d2b97092856a0c969855ca41c3093614c

SHA512
82114fafe6e1a4f392fbab494dae5ea10b4d9d1c7dd3f391c55342d1135c39098de17bebdb2157282aa38cdd5ca379d4b5e482b860de0f33125fafd72b75aabc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4620a9b470afb9ab1795542cfe9432d8

SHA1
6dbed68263bc78086a1a5aed21a6bcf84ccf52b4

SHA256
a6eda59267cdc69b3f6052c7b6a8e3898e4352f601a1aad7ac8e3befb5ed38b0

SHA512
246450a6f92fab4a2ed4efef1c3c3014a012d313c3d81061bfc93503dae2770cecfbc04f4eb02693fcb96b75b8c9f004cf8374a2e882e444578de7e5d4e85f32

Download Submit