8f1373d68141153fd199fe865bd31c8052798fbb46316fb30615c0e36ee67107

Resubmissions

22/08/2024, 12:33

240822-prdrcsxbph 3

22/08/2024, 12:31

240822-pqa9vazdqp 8

22/08/2024, 12:28

240822-pnejgsxamc 8

22/08/2024, 12:24

240822-plfzjawhld 3

Analysis

max time kernel
155s
max time network
178s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
22/08/2024, 12:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IMG_20240403_100446.jpg
Size

151KB
MD5

c831ea5e71a02f0385cdfbb21a7f7a13
SHA1

4430b664552e60813b24df402bfd98e8e240bb15
SHA256

8f1373d68141153fd199fe865bd31c8052798fbb46316fb30615c0e36ee67107
SHA512

176f89f164e522c8585ccd50579089b77a1a6be5e02b6081289d25811ec39789710b24cced27384df2f6ceb35d53a2db5e361179581dce7888344cd6c51731e9
SSDEEP

3072:HIEGfnX3ag2n/nau9MhVAtIveKBzXEqbq5YZI8xX4tHG4xiN:HIBy/ausAt6egzXEqVe8OHGV

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{C2016F51-E1F9-4B98-8A3E-82A4259FBC16}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
2380	msedge.exe
2380	msedge.exe
4964	identity_helper.exe
4964	identity_helper.exe
3792	msedge.exe
3792	msedge.exe
3348	msedge.exe
3348	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 3888	2380	msedge.exe	83
PID 2380 wrote to memory of 3888	2380	msedge.exe	83
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 3156	2380	msedge.exe	84
PID 2380 wrote to memory of 4856	2380	msedge.exe	85
PID 2380 wrote to memory of 4856	2380	msedge.exe	85
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86
PID 2380 wrote to memory of 2860	2380	msedge.exe	86

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\IMG_20240403_100446.jpg
1⤵
PID:668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe42713cb8,0x7ffe42713cc8,0x7ffe42713cd8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,4944319762540473779,5038609380174762393,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
60f8cd04587a51e31b51d1570d6f889a

SHA1
88574c41d0ab81721b275252464da5c7927a4835

SHA256
27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb

SHA512
84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
2049c79ddc0ba3375dfe1832624bba4c

SHA1
aec0cf9ae1738391d630681d653b08625b276bc3

SHA256
e9cff2115e36f340c8a7cee5f24c5392259cd2c440fc9890b265551e4badf572

SHA512
4fd7488e94e8c9c990439a9200e9317eb7dc50eed35d32d17f13292d4d468949d990afadf4c654e8abadb638aced83cdd868dd6b68d4efe5aeec2670573da0fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
16KB

MD5
9395baaa17b0a20ab4cbb63fb8b5f9fe

SHA1
41f9ee65e2a8df82ca7d0efa76a067580b75380e

SHA256
8ad28f829724670c14ecf5b8e2a1eebfa603ddbd3b4281aeca9ae5376cda9bb8

SHA512
ddffd1b003ed46eb248e5a5eaa5b7c65a2f5988132562b4172e8d863ff739e2a5613062808811bcfb5695f869556d31e31ca6484e066a581b1a25486f0de11cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
25KB

MD5
4122e03455f2c73530fddc37ebbff7bf

SHA1
eef56ef24cc09883d9a99d1d485e5f43a7da1567

SHA256
e566ba41bd83d86a5a27a10ef1fdc86fb2d7ace8470d636c6b30650c6608ee0d

SHA512
7221472830342b8699465217e73b9acf94828ba3179b60bd07228a3f43d9f1cecc30f73e0c5404c6a74be40774526de1aa04edfe7c9732df9e75154833e1d382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2c8ae84278d90111512097bf6bf124c9

SHA1
20f16d24fd84e6fc6ddde4e25db78a99848a0d79

SHA256
246d9400009ed5a776c686045a7673a8d9ed33452c39a3401d27d106f071357b

SHA512
7b4b6b0416ab793fdabfa18cc0369199174b00ada073dd474edeb48dddc0379d2013b49c51debc39157dd709a7ee4ae55ad68586de852588023b96b2936d4849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
992B

MD5
2e2db91d94fe702d34c7ffab5e3468c8

SHA1
ab4961204d15608df819182416aafef29f7c55ea

SHA256
399c93840fad05d38ff0b0608c7f8732aa69fefd0446d514324add969daa5b97

SHA512
03fc1bc0d13b758d6df86e96e4eb3e69f2ea0d1aa9b8b8dbf75ae86cdb4a97748f8ebcbbcb74698338fa1e4855c19142b9e640b4ecc21e588ac420f52348dd71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
035d99869d4f98b044494bcaf2584576

SHA1
b17f9df80f85c80af8fb9c6950b15ab9bfc8128b

SHA256
d70083f087f0afdf2cb694551e936ccbd43f91480fa3cb54c39768f3ee42e54b

SHA512
6096528ac81f872416d09dfac42be7f45c5825272e8ed42baf641fbb1502d843655b44495af137b9d7329c5b6d8552a6ac2eb551fac5a457235088854d657b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
88dc8472a539e3cfe9c796dc2678cea1

SHA1
bb68bc2ff5be246d2c9e109b870c57e4938f17cb

SHA256
b5bcf24e4e8c3b542f3bca862f316ae42432c30f518b95006fa16982a3dba197

SHA512
65e1af57137b78af08095c8eb0ce74d02eb5a388c6ed45689c6c6bc050c84b2071ac5b2dc4be20bb4fc1b5bae2ed1b760d0ebe52d8f036998c215118d3384809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a56d2ed810a7bcb4f9d9d0054eae51a2

SHA1
858a6510e0394234669f92757158ab09d3bcc8a4

SHA256
da2cde5a4a76bfeab1bbff71f9852a39141d3c93ed801ea9217012b10ea22f8b

SHA512
439bb195089bdf9d5ae80eb6e4d26d4069eaeb42247e0eaae1f08fbfcbcb6648cd1ab64b0abdc8add6b0c8a9b1fc8358f6c75877e6724d6c44d60c1b3244b364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35468c3a8edb3352c9994346d9b3f59f

SHA1
f2a1db15ef5f04eceeead5bad6bb8beebc029af1

SHA256
a2779231bc33b70245de8c7462925295b49b5a0ade68f218c9c8a2b58b57d470

SHA512
96af242d99c5460d5187c65bffa6076bf83af7da603eb589a9db75af525642803c80d313cb5b97760983c7a6e842abbb8e933bf1cd024ad6314e7a1e2e92999b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ccdb5e8f29a5543880d1585b7e935c15

SHA1
905c4045250e2b14b8cb8ee1c9820b14abd15c03

SHA256
27c4e1da077ca6f7378a9aba83bc8a9189ecce12a1d616c8266efea3cedf0ccb

SHA512
ff7fda141c2d8f3f0b71f8c7a6872f91bb35ac9b963784306f108e22fb1c5af92201d2bf7c7191dcb8785fd8f3c3e0ee6c12364008597a0c7c8685cea8dfbe1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bac950539d9af6a0cafd38a66b1358c2

SHA1
20bab38094f5cf5b3a1426d3e32354fc4c7a6c38

SHA256
7603f32cf9d01bb0021c46945508675862cbeb1590f7a26718c9ed1eb4d31996

SHA512
80c85f14f413dc6b69c007d643e412a473146b4ca87f5a04670607055af29d5e9d5733e381f2bb6846ea88ff61323b59a1b6dd90a386f513e46bcb4dcd542498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580e43.TMP

Filesize
538B

MD5
644463a236713e621433cfb816ee4075

SHA1
f32e6bfd553ed65fd7f8698624fe1d7149595856

SHA256
53a5be7ec4a16202a5aed5d47871ea0950d32dd27f47877f92b6979a5edcbb2b

SHA512
a668770d8d18d92671d69c0bc8046a7c7d1894ef2a6a343f2fb7e21ee7c33b0e8a3ac8377bb3e36f894c468eec9450a4cdc12c06b15823deb2cc4b17c532ca3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e15fa84f-8c5b-4d2a-ae91-6bcd53327bfd.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
db86aaec308c93e72be79935a631f2d0

SHA1
959cf9d8702bd5a58240eaf525864a3f273b028e

SHA256
4cbd6cd0c1b1f9b3952faec0dab61ea0bf93a18eac54691c670ad72cef73db2f

SHA512
b7a57961094cef1c0983a3e05fa70de166d863fef1ec4aa3821425a474f53aab23f9f54a688e255bc8f0ec113d36f64ef398768a57b5c0cb44bdf87e35d940b8

Download Submit