hxxps://chromewebstore[.]google[.]com/detail/fortnite-free-vbux/nohcngapdkhdknlekkchkmhcnkkbpdmk?hl=en-US

Resubmissions

10/08/2024, 02:08

240810-ckjyksvepa 3

10/08/2024, 02:04

240810-chsspsvdre 3

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chromewebstore.google.com/detail/fortnite-free-vbux/nohcngapdkhdknlekkchkmhcnkkbpdmk?hl=en-US

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
4496	msedge.exe
4496	msedge.exe
2768	identity_helper.exe
2768	identity_helper.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	6132	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6132	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 632	4496	msedge.exe	85
PID 4496 wrote to memory of 632	4496	msedge.exe	85
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 4148	4496	msedge.exe	87
PID 4496 wrote to memory of 224	4496	msedge.exe	88
PID 4496 wrote to memory of 224	4496	msedge.exe	88
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89
PID 4496 wrote to memory of 3120	4496	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://chromewebstore.google.com/detail/fortnite-free-vbux/nohcngapdkhdknlekkchkmhcnkkbpdmk?hl=en-US
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca4718
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9133229165211536921,17924398834597268084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:2740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4132

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x460
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7d2158e0-f3f7-4818-a195-b20330d29512.tmp

Filesize
6KB

MD5
07303023b04dc7e7ee30b36d373824be

SHA1
cf5c3863f6ff5350a66335e8a78290fa511005ac

SHA256
7b189e8a46500d225962b383b6139fa6a281f4bcebf9b4653c88d9750364060d

SHA512
e2e38fe0d760946a299b776cb230ee3a9c349604b34d4cb6ba4c7b37c365d742de01bae5c1b47a01f3256ec5c24a2fe8917b1a2ea3c77793f3c490b21829c11a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
27KB

MD5
6da5998f8e90d28378c84a2f8b1acf9c

SHA1
1eb55404a9d4089239d61f07b64d83d16d578bca

SHA256
10714240fab1bf95a09c0a6461bd3621783b763b6847bfa8255622d7d13a4fd8

SHA512
8a96b06b85ef59794870598ce40cd67fd1d608ddb08ea71fbe47e499dc449461ba0a0125188f16efe33a4e22cb8fac403685ab18748a119379aaaf2327976310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
65KB

MD5
c8e211758fe3f73ab23f875d188afc9e

SHA1
099291bf34e0cef73571b64dc194c2fdbc94828a

SHA256
81564b45f99738467f9bbf8f9f151f74481656ed04c663fb0d056b4f505c9948

SHA512
bd774c67fd21cb00155925e0a9d336bfa373a5e4292cc9ab80ddf613b2a6fa8cc3a8752f982625355dad5639b5214d474dd9d814a0109795fed7c6184e416ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
81KB

MD5
2b79b8d20c527a7c2edb9e19c0b8ef56

SHA1
5ed5ee527fe73bffbffa474a8ee810d9049f7afe

SHA256
3212d864b94b57f4f3d72de4b801e5aff4b70626c4855e02d674c05e61807c79

SHA512
8a254f0cb95fef00e49bfc231204598a216a7b291e61a7f0f782a4513ea5e2ce931383eddbe3d3ff29ed1f34e7867a1e66399117b4aa91d279040115446403b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
100KB

MD5
f306be335a77f7ee5d9715779d644d25

SHA1
64cb263c5e008c4fb1ef224a3debf9af314296e5

SHA256
6cf57b501f77e6ff635173b627318dc1384e54afd65fda5260cfbf72c6aa19f2

SHA512
893e446faaec8d7cabfe7a164cce5d61cf92fc31330f01d21c0e0a1a55ed795a77bf0f30c58ce8899fdfb54d4784d0d23583ad45fd19429df1ab13717dcb9659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
30KB

MD5
1d13b88a4803006098713c9e894b55d0

SHA1
72c1b298cf0e40b4f00a547f42b76ad25b439340

SHA256
cb5849247befca2172f95ac1cfd47228545ee5f5b8624dc28bc8e73068108ff7

SHA512
1b900d8cef3db8d352896dc4472904ce9f2fd1ccbb7fc6ee7f705476693932320cfe07adfe42054158c717f8c804cff7a0a555080794eadd9e391f23b027eb0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
60KB

MD5
5d061b791a1d025de117a04d1a88f391

SHA1
22bf0eac711cb8a1748a6f68b30e0b9e50ea3d69

SHA256
4b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc

SHA512
1ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
20KB

MD5
3faa1ad2c9e7046a634f0bde8dd88bf3

SHA1
07f01a0e5ee25de980335f656deaf5b3e3a1a442

SHA256
5d7409e65e9d20a38fd6e67c66473af05b8e1b0daa63d26b42c017f960c140aa

SHA512
f57e41730088745f8aa94e9364f55228ff2368d6fc2aed37316de905b5bd30d2eef6b2a9ec788450867e9d2c198a053a69b30f90d5dd34b62933abcd4cffe1d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

Filesize
16KB

MD5
6c0949d2cafb4b0136e62e83f69aab34

SHA1
e15091c89e7c0e364993d8da0db159f5c143830f

SHA256
201ff0cba3dda97312a40f4c175129cc078beb4a51bf56684713f93cea14485a

SHA512
2d47fdcc9c091b1de9b040d51b4eb0e9ee01b904eafae3d6f284cbe437b955a5a69e5f1705d02efff2ed77c29e876a8a25115bbef26a12fedc3e64a20083ecbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

Filesize
761KB

MD5
829ca3993690141bdc89030d8ca0be6d

SHA1
f5a129b89fc42a3f2abd242ed80f11e6bfaa2cca

SHA256
63c5f97aa260edc3f79404d81283ef96fc29aafa73a7b7a82fd2e02a4533202a

SHA512
77820e3d1a02d0da842cb3df48de970ea8af808ce7f192973a0fe7c315078ead02dfd5772bc67d161160d100fdc5cc2746b257671bbc3f3218f309b38907158c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
43a573b5f2ed3b0d99a82d44c41d748e

SHA1
7696ffa2d01b9d7d156b03a216971454289c7ca6

SHA256
7e1647693452df4ce45f37c5bd7c22355e5f01c7e39ec1cf6ed5d3efa8593cec

SHA512
547093ae069b986742020c8389503e4593ea4508e1719ac8186339cf2d508feafbc4d70c82845f9b273877cb9e98bad38e2be020b999bf056586db200a866966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7a16f1609e64073b9ba571e2740fcbe5

SHA1
31af81127578acbedd609ea190a584ddddd0a1fe

SHA256
6238cdb5a8f1937345008b14d3cb5d9b534322fb05b584168f89fe71c3391a3a

SHA512
0988850a4dc13fd15f5a82dc165e4093b3bd95c824b8c83d01a329fbf77c4d4aca195127eb23df07edeb833156fa0d58798acb5973a65a596a45f7f5fd3011cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c7dfe85acfc9c10564f8820a7f55f406

SHA1
334658e4fc1569ffdee2dda741121e381abf450c

SHA256
0fa9bb11c924a9575e20411f758b8a5dddd7552de26d3c12824279322adc4393

SHA512
a23823d85acb964af0e5f3ca08f9474c71dc738e03a4f8b4dd817af16e6fbc24d42bf057c24355532bdbd8bd392167cf577e3236bc6bfdb5c9c278b0dd6fb935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
157c7d090f670db987544c6eb9b3e3c9

SHA1
a600cd7dbcf9db003d953d02c36095e40929a3ba

SHA256
d02c7307227718ae020779bbdcf46452e8a5488c2684110bc9ab245c200cce54

SHA512
f375cf90f13010a6de40a6549258ed5b3674fc40e30ef7ec2ce720ef51ea4ff506e91adfcf2b33c4021055afe4cb08e32c884732da0eb030e78d9b2c19385fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
64df3893d5f67c867a61611a44cb2efb

SHA1
cf7ea2a60f46480e8cbc397d9a49635c96567990

SHA256
abcdf7a4ff91e6ee1107248a752cca4a880a15e4294f5e2f49aabe1661438c09

SHA512
ae8b21264b1b3762e2dfac48320c161e4813c3b769dae76e6b0596cfb427d417b84396a7836a646ba235dac0abb4493aebd7448abe388efff10af3e056769743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a9b2aeb308969da49f072b2590f3f28a

SHA1
7dbc83a6c2858c3d1f0087006952414d44c64e3a

SHA256
40910b040b6b07ab653ca90dee3a76139890ee002e14f1c2357fb1523bc143df

SHA512
3b74b81c673664d6a81dcd2399060853cc5ec7e512503de1bd2f9b31f39ec21fdc923953acd91315c4c95eeb7ef028eed84d7c21642e2a1d2cc582ffaa77da51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1b0bf5c9316d1c56ec045c8a356ba181

SHA1
9731c0bfc449478b0fd6dc03f692ecee532bcd4f

SHA256
4539a3037431f3949fb8fd4da55461643d12f99df46dbe8fff62742814d5db62

SHA512
6d7e6d5392316fac288cf07cfa8bfd5e47d6b1f01b6c5a61cea155f0167e932463bf18a00b6df7d0f118850b2d0114060507a81b7b595d5fcddd7af397415b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3ab792815687956ebab2d16c0b41e3ef

SHA1
b1d4d390b3fc161437601dabfd2d7c2ccad55570

SHA256
8e9a7e5eca62229d70ab169255272e4e847178a438284e84cc15f3f3bf44fa63

SHA512
480fc713443a14bcadac37df2a7b04440f075c5048b98f3529adc7e8950c67d83725523534cc1252535bb0873bd8f16cc3c39f3c1e55001814a8464977063e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
93904d64191495fbd1017ec08391b692

SHA1
0a3d661a6000859344048395ced85b070d1b5442

SHA256
6246e1e0793d0c451a672121c7c256f805af926251a31d6d4df57de848b0b6d9

SHA512
52d85f61ac8c0a389e4299c6fe0193c250372b9b6d17d5566a4a410814ac57bf54cf55be57fcb760b10256d295ad66b895c64a74d4f731d6c2c2c692ef0a42c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
63113cbed625e468395c2001d7ff75e4

SHA1
5e1d4accc1af7a6494c4dfe0d65b16e5be3c72af

SHA256
f774c5a8f7a061dd0fd4ebe0b974f63e0d261874cb3454d9100f6bf000c411d1

SHA512
6c40025a82f9cac11be640cf328e217a6d76cac09c730fd2987c1be90701667ec5a249ca542eb85ac5bb581012f8997500c5d6d065a0b0a212f9e2ee7b9368ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
2fb80c3e00061b31ce7803909c473a7b

SHA1
b3d9bc0815515b81392640d943daa233f094f312

SHA256
14e37b853052451122f65c250d636a86aa3589b29e8b37774100411ec6a91515

SHA512
0157cbed6c00717ec74d5ec676ff67775b7501d11bc052a83f4083c58a29fb9563f6c0d3e4d53dfe27679b8357e1419fe8aa3ff022dc592bba145520c0bbc90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
0e713e934a3b3db6a67b644d81b9db62

SHA1
c00d84a40c21d4ffd512afb98cff497f24cc4e89

SHA256
abc3bf53e6d8b10c318fcd3d944f627f3a6bb09e00ac47c19ded4ad6f19cf30c

SHA512
70c470d648913ff008d1373b479c66ec3460d2d822bc8ab4d0e70bfd7f323eb9ead92ce3668d75fe532c549f72490062f565d15682974b2a4f542cb0865362e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c50068b9bb447a22f04f78d4bfb0135d

SHA1
b443efd769cf60eb238add0fdc68780c30c7119a

SHA256
8f0317f543602e836f008dce7bbc7620eae86836944001f0b1c82348496d4d72

SHA512
80a3a4998f700efcf6956fc542aafedabb9e32c4c252eb6940fd39b280efdb216128642d35da7734031b9fdda7f59f2f16d6a2f63055c39076a955df90604e15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585ea5.TMP

Filesize
48B

MD5
2bb9612bebcf5f97f446dc4d9631214b

SHA1
771eb307d02751750dd782be2762d21795cfbb54

SHA256
ae65529ca953e48afafbd06d692c1bffcfcf4314eca122da418b7523250cab65

SHA512
1635c71f4670cf1f1eac7d7929d9111afc3b321059fb05e27de8b233f2b138c08c327b7316fdfc461a13ce28898d2e376df68865c71cc0dbb6292673e337c0da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
c63bb53437793f459255ff651a1955d1

SHA1
66e75f3ab5b9c68b1f92a45f95e0258e45a3566f

SHA256
395e51935dfcc1eb38e4c77c2a88c892176923dd52d3c49bd1a3e09d01057893

SHA512
99ac184603e70024485c0a508414dd0f2c8bb68cf8885528e5695078e4f077b42bc826b8a1bc10e0d2725466feb4733790fcbff98016cf4cbafbec23e5f58de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
290b5469f53fa835a37511b46fd6ac66

SHA1
4c8aa0ed6c0ac704acadf7ac55b96e2c7085413e

SHA256
5021bf9c5e4f9449c0f597ec824633ced161e5002344e7fc930eda8a9f31ebff

SHA512
2153a10aac8f9e954bd162f5a4afe4fee45cca0fa8e46d07931c581dc6d4ed2afa6377dcf8edfc417d98e1738e38d0a082dc74b9a6f5a132ded0c2426116590c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
19bcea575d4bd10bcadd3ccbdf7f4470

SHA1
aba785a4350cea1ecb4d364be08fd57675cacf1e

SHA256
ad6979811c75befadfed8d5ba8313df7e4c3e1baecd110c3480884dc1e46847c

SHA512
ba67b9a0ebf277de1b3814a318c14f17fb666e3a68cb4ee8699604f8098913dfd9da76c56d3ec9d557624ef1e85950302dd10d627b07e09947851e4b642b2eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7cf89abe1cc542a2c933cb16eeeaa94

SHA1
95893ad72108162a878697e06048a0119508d6d2

SHA256
9088a1f8de9f3d6d48648e0c72614bb818627a99c641a78299ad0130886c20c7

SHA512
97664baea520e64d15119fb7cfb885d4c62c4b7793fafa01b36e8ee40127b3bf5371627bfcfa27bbfc317824383a5f9f7e36f4302a2e66bf6da7efb13f43b628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4e9412c38e5a66eccc3e064dd30aabc3

SHA1
1dc8409b6a3ddd390baf1a4d13082e2e2344f018

SHA256
35ae7cb674a1a2c24d6cf6ab058f6340537d4b70bb549dcf6dcdf940926d9069

SHA512
637185ae4d38884ca1ad830e58fdea69bce9edbf760aee2668602e1bd1f20cf95ba7f19666ceba50e8baeb465c059873baa50870f11231c1287138fab25ab529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f05f1f99b5d29e5af812ce6a6a1bf12e

SHA1
fb78645858c70e2c2872b5f77bccc588f2c8d47d

SHA256
c4380da6509a39297233bf3aff46cdd13bcee5e91532c005f26e3ffba7242e4c

SHA512
6bd2bdff468a4706428eb14e3223a60a1ecabcdae1ac4d4d1cca194e4c1fd4bafb96af527817bb39cda3e08ae56f62bcd51424f1723a64564cd9f4234c1786e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e086579bf2632c15ad9a8a6f6bcdbdea

SHA1
ba8a6b26f07c74cdd8e52e3fd1ffdc0e28be6c3d

SHA256
70b00f39931f5832839232b3942dc679e883b3eecc5f95115d1f2cd7a50af549

SHA512
b76166426075221a70b64280882e0dd0a902483efa0a4ebc21fb5151d10e8c5cbca26c20f40b36f3af18dca6051797ac5e9f608353c561a9f18a30ce0cd5dcc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58317b.TMP

Filesize
370B

MD5
a6792294595fb1eab8f4385c0ad13b45

SHA1
403f18a5175215ef5a1fdeaf145dbb5dc9f0c895

SHA256
2c9c093ba488a763fa5c12728a2dc958664c44906359a4792ad7889f466107a0

SHA512
2cc4cb551e04070fbbd5d170622a938a29964a3220792f9170a23b1e97787ed4d9e2b8d235436f477125689da4a13831d23d5134d75ac715e455b8bee5c8b4d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5ece04ca655e277933fd5d7b0b6b05ad

SHA1
44e04cd40b114d6c6c59e3082f2833d2ab29932b

SHA256
b8382d65166392b537cbb7174593c9b18ece446d859b1efc3c1fb3e966bceb0a

SHA512
9614b3df90ee75969e2c577b1d559e4615dd3c6fd74fcff6c618f200e1b539c65b3a9394983f75a36045f7e778562fd77e00b9d78936289f6f03f5a254b8bcb5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit