hxxps://t3kzfhdh[.]r[.]us-east-1[.]awstrack[.]me/L0/https[:]%2F%2Fwww[.]KatzPrivacySettlement[.]com%2Fsubmit-claim/1/01000191d04bb808-4b384773-d65d-4b34-b67a-8bae35867fd1-000000/EXkoXbpKGCu41rE6Oe2TMvolkMM=390

Analysis

max time kernel
148s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/09/2024, 16:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://t3kzfhdh.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.KatzPrivacySettlement.com%2Fsubmit-claim/1/01000191d04bb808-4b384773-d65d-4b34-b67a-8bae35867fd1-000000/EXkoXbpKGCu41rE6Oe2TMvolkMM=390

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
1508	msedge.exe
1508	msedge.exe
4948	msedge.exe
4948	msedge.exe
1252	identity_helper.exe
1252	identity_helper.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 3420	1508	msedge.exe	80
PID 1508 wrote to memory of 3420	1508	msedge.exe	80
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1088	1508	msedge.exe	82
PID 1508 wrote to memory of 1104	1508	msedge.exe	83
PID 1508 wrote to memory of 1104	1508	msedge.exe	83
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84
PID 1508 wrote to memory of 1172	1508	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t3kzfhdh.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.KatzPrivacySettlement.com%2Fsubmit-claim/1/01000191d04bb808-4b384773-d65d-4b34-b67a-8bae35867fd1-000000/EXkoXbpKGCu41rE6Oe2TMvolkMM=390
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff813823cb8,0x7ff813823cc8,0x7ff813823cd8
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:1
  2⤵
  PID:580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,16535613258748093616,17604608804410924334,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\32377a4a-0815-4edf-adab-190fd9adc830.tmp

Filesize
873B

MD5
9127808565f35ab5131a2e2a93668aee

SHA1
fb30573a4292a0480c763af8103ba16d7f3bdb83

SHA256
e7a5be8fd80fb42334b772372b30385ed697e1e72f7924efe1233a97a04e7413

SHA512
4140e6be9b60e1bb67a04127123fd8ab905f5637041873ad35965166989fe506f68f8f8affde194e3bb1b34d01c8638b4af49cc3b41f5fead4b5d474f8d18403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
102KB

MD5
b577527a2dc9751adc97599068644aef

SHA1
c98e02ef3dd7b34e78b27ba93ff13289ea1ba567

SHA256
6392f000882b7310c5e572d035b765df5a6d6e7e70b7828ee93120bc13816c1b

SHA512
bf1d5e01cca9b3d1a3ab74b87d7365fbd2b69d2c79df140163387787adbc0e3da779fbf3246ab517877e69dc74436a6d3c3f26c1df1344734e384eb0948ff9bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
102KB

MD5
f18b8c1f52776ddfa5e27d3c31f76b75

SHA1
a7630a51769b368ea513b942dfd2a3e659f15f4e

SHA256
62440dd67d105266a3579b4cce463a8776d04e0e6f507468b8ce9cda20cd5b40

SHA512
8de982ab73dd5fff41b8c51e6c42910da94ce75b6cb58187ebeb6d39c02e4bb546bce51f826c759c9722e413da93efb0a49c8bd667644ace32dc15876a37b4d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
88KB

MD5
7a5ac42eb7aa2f2c94ab63e054547bb7

SHA1
3ebbfbe96473971296ec7fa46402285e358e0da9

SHA256
0a9ebc460b2a1ca8534623b65af0fe515f11013b4a2b6c957b31065172826c4e

SHA512
bdc801ba2a911aea9122dcd2cc534cbcb89ec0d1376415329278b3332d4323af94c8d2e7744bce8562422aed60758c22e3fa19ca353d958ae83977c7bf972e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
25KB

MD5
80c998aa03640281d556814a14e1d9c8

SHA1
fa769dada707f35cbe398506b921d25b780bb303

SHA256
72e086ecb5eed26e489b633ce3a7a85522747d8583852bf8756e290fec0f3d3b

SHA512
f9dfacb33f6bf01d7ab9cce01b4550a494ad9e4b095cb227c2009504e7f86f8bef3a2bdfc2485febcf413e0736dc13373e714cbdd2bbb29d756502f6f864fa22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
102KB

MD5
93867a7760e2af8cbeb8bfc2e0f7ae5b

SHA1
41633de03c7ad62dbfd5c520c6394cffd063c465

SHA256
c9612c027c4af32b17a8a1ba662d868d3438792265af9245d34a8cf537049be9

SHA512
78878ef85cdceea7a586cac42b30991ce8104a0ffaba666c89beb97575cc68e796205fd804a3b1a1a55fee3046a1306ba3d228c672979cf758ae11d43ba772dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
92KB

MD5
ba2aa5f5007d7e10a790cdc71ea4cb06

SHA1
85cf43944e200db8127b90bd7c15cdf1ff087417

SHA256
686a735d14c1eda5ec34918967255b2ded3b221b23ab1f3e5258b1f9f043930f

SHA512
8ab633eeeaaf070624e9aedcf18f50463bd059b48072c78a816aaf0bdcdfe4d5a2186dc4e87f32d5c34806050b64e9f40fa7398710067aa30c4d961beabfa787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
105KB

MD5
35562b23697549fe9bb25650af1f6fdd

SHA1
5386eb7c5de6cefcac1a0025c49d9206ef0671b4

SHA256
0ddffabf7c82bab318ca8391b1a5ac64aa2f89a010e37645992e42260bb68f65

SHA512
c898353116dfb809592c4ca5ae0416b6fc8e31e28a034e27492ed77bcf0d0d8efa05c76fb58f7764a1f7dd6f842518b68e6bebd12b6869e4967127b94e3e5728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
41KB

MD5
aef6424e5166c08e122473c02ac1e1bf

SHA1
d24f96def79b6acac7f548ba82755e0680c9b28c

SHA256
66226f2cc1000347efa5d20813f52855cabfcf25624c6ed002fe2c0983c93e4e

SHA512
cffa1177d760792b8291b4d9ef9ef37d1aeb895bf4d870102fbb8a61d089d55a26f2c6293a8f133465c4a8a0d9e2fc9021e74ca74f1d19a32d9d7725752e4291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
92KB

MD5
18e12e1f0bf0c693e34134c652be82eb

SHA1
ebfedb6d4ff05757bc29e1248eca1b14b3830407

SHA256
42b8cedcd7c2b5a248a4ad201791e0c238f4326c6924454da1cf6682b1b05c4e

SHA512
32de9db91b78300b221e45a55644a5e17aa7f830980cdaf29b19e949eacd44bacc155f92398b8874ede86a34353c92ed48c369cd888f6eb187ef03416818770f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
102KB

MD5
07f53ef06a458655a0daf403beb2dd95

SHA1
07fcfb9fe5bb48f7613171aa439ad6f71a8fb65f

SHA256
80be25d9bf578262030fb26ce4090e06016e4f58e53293efb31d1a418b71d582

SHA512
3549bdb22c7ca9d0ea227ba32322a3a885d1c9749829dc57556a7666f99c2ea5478805a208e090c6494ddb3ea8bdad2bbf1e667a1160f943dba62ede15307ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
105KB

MD5
3b3dd0e7ea287b5c11c9f74f845c8261

SHA1
cf9f91ac8ccc41c65161e88972f4e340154ad124

SHA256
391a8583421c49a097b40734a0af3715d15894dd1e145a6b5036ae9339c082cb

SHA512
b01bd8c1a34ab9c370b8552a0ed1629c4361a2ab4c412050db6503528f59924126fe0cc6ee443c1e51fd4846f8abc64ee50cde3a2db63cd703625e16d4249f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
102KB

MD5
940a93de41d9bf439f5c9335303b770e

SHA1
6311d0e9f991d9445ddb2ad3182c94db9a717da9

SHA256
5279dc2051fa35405845ad384e83b55ff6d3bad57e26dce0fbc081b3c3d4f1bf

SHA512
8f5d70f13e5b4ad8000e01e8bafa16126622802d25d9349fae3cec5ac80fbb0bb12d8a206ce22de3f95720086cc344912e5f0802836a47c842d8592877dc94ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
38d5c75f6fa9f9f687e10087918e72fd

SHA1
5edc4769e758035c4c436ab17bc62fa20c5b1ffa

SHA256
73ba61489cbf9d135c269dabc151f34b4c798ed1079fcae053674b2e4e709406

SHA512
76d5860ecd3ba8d336e7aa245289ee1c2620b662784c9d99ec5326afe4c6ecea11f465e01e929b3cbf25201a7cf578c660a06274cd6448f69255389c899b84c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1d20e4c1570436a8d3c8821f70ea86a5

SHA1
5ff666eb6c57067892b09a5fbc19d6ffa6049c62

SHA256
ce3044ddf0172759df6a4792f2c702c3b48f88c2634086f5af84ddd31cbad585

SHA512
3be88f7524ed6cf9938d1670ee1d19821d22de127c4b1ea04a441a3e8a1b39476a77cbd3e93fccca27ddd1ff4ac377ed837bff4bd8af05622c0a39fdb54312cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cfc649040103a01729359b921f2af97d

SHA1
ba0096afe404224c729e9f30d0dd55f8c001fccd

SHA256
7e001ca8fadd076a6858351514207ab3c1269b6527855ab7541be150e0442e72

SHA512
b7c85cf01aeddae4a59b285317602f08a8816206b11f3f47495fe0349d3f10edbf3175008a2a40dbe0e6ecf25016cfec22846bd5b9cc4dc1cb4612c5da5e634a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad6d4a22c385e54ee0ea877a575d31d7

SHA1
274ba4b21a2993142f5952a43407944dc3f2eef5

SHA256
a0201d32e5b3f002bce03c60e07b08da293427564ff2a798f534af6207e787fc

SHA512
12c046654271499cfaafba2a2fe5b7a272e004d0804b59729b60a015c892432595b77c09838f9e07ad334f943ac28bbc4087397c78b9aa5b8518be5acf045efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4fd6b34b3410583209b17d616fe10da6

SHA1
56634fb375678bbb62d0d753064cf6e3c4fa6ce2

SHA256
602d02e88c4ba6682f1d36a77c5d7ad1b02e484e6f59b6a25b78cbcfe66cc2ec

SHA512
06c9348e237e803519e987a03fcdd8a792dfcde6f0202f0e0753e856cac3ac9a56ee87f5f69ae71a655a43569875f0ed93e6833020fa49c198bb72f4354f5189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
8fff8c46c1af3879c712c80c5d3ca87e

SHA1
777eb521dcf01a4464af9ee582e9ded902fe602a

SHA256
35f28adc240d3e586630e675a09866af918c1c4167036ea26a4dfef4a89c3b23

SHA512
ca8e94d792c4fa84c447b4e526c40979813c1b1d1c567d220136a2cbb6d63a9bbc71dd46daaf138834e0b2d90d1db42e1db5b80637fc7a799c99ed7f422b63fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
ff894b0d3c6f4fcd816fcdf75f39266f

SHA1
830912136b9ea3f8557f4f77186af0650f4381e9

SHA256
008f2fdd55dfd6e2212a2f296056e518a87874c6cacb2b88e96fd6bcda024679

SHA512
ec0c2f14c004a6688c41841f7be735b819e62cd857507ff415cade2104bdc64a44ce05ddd1da6b155f8ea9b7fef2d918509a7d66a969870219c5aa08d682ad06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
13d43a4c804a0d14228df48b04bc701a

SHA1
637a507acda16caa052e595cf3bf09761ef13b7b

SHA256
c852c959eec393ec886150eb7f5597a10f1a618aa94e1694d67885157a6e600f

SHA512
244fcc4934e53cdb06a05f3cf09839e808654d3d1997e5b11d94e55f6da251ac0a2cac1b12da8f5e0ec05678727bce388a48a3083c060c74e9712c08edf631a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
0a8bc939396dd5ddee8b70a720ad74e5

SHA1
c475f6896692e0d654a5062fe4b53d7a896b4b5f

SHA256
93563cd52aa904dca4e30a4f1ed2aeaee6aa2741eabbb1cab645dd89f959e02c

SHA512
269aae4ae3f4ca1e05e9bbd5a0bea8b36e5fbc28b417585b46c14f937addf76d8c4572fea9dae2d0bd5933928b388acc3019aa6f6147cc8a3da48ee978d0a923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
16bc6c47fa298ca63477d1e740e295ad

SHA1
d7cdaa79f6ebae531013b5f663044b4b00624a72

SHA256
6e7a7e203487caf52135cf5c6ff34f956423132512f6730d84c6005faead12ab

SHA512
cf58245a4bb77bc899488c68689f9252756cc802f339f3be6f088107953f7b9c437224042ecf9b66e56f7c368c46ec68c6def1ad458868191efc65aac505ca2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a7a5.TMP

Filesize
873B

MD5
3142e88eef185ffc1f4304733ea34243

SHA1
49eba6841b704794d108e53d23ed5de9a441ba43

SHA256
20a16a9fa4e4f7e69390b128317b44250c55ab728ce2d42992b58dcc3f3fa67a

SHA512
77931ca4310af1fc5b4d15dcb692f1114fc5e2d93543885e5eb03100bedd8de827642d1ae2521c3eaecba2d49578c9bc4fd6be8a564185b42bc8a97bc9a18297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c25c6275-1afc-4833-88b9-f6d66e215519.tmp

Filesize
5KB

MD5
70c429d135bd658e5d91435e9ac3c927

SHA1
d10e4168b86c5c4e41f29cbeab0cc614572dfc6d

SHA256
6b1d88042a247eea22d266cc9a4247172aab6c6de2a60445209ebce6c66285bf

SHA512
8d26cf76ba7aa7add5bb1e2a30974fd21b295287001746ba2dedd2578a047664375d03156b2608049c1ba94670565f637743a3f6f7007ecf4a3bf25ec7b42b70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
df6ea325f1b2c3cd4c355534be9ce0fd

SHA1
5701837592eb44fbe1bad0ba58a0afff7364a892

SHA256
6dc136031da707edd4fb613b1d78c1b00c2ccc18afe4d749d78fa6b21ac1db0f

SHA512
9b649873a685bf09db856832bd335122f2b255272e084d2c8b4e810fc19f85e220260098ade707529bdedcb06724f218a61d403d14af14f501daf20a9f0c1015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c6b4d17c0e40dff611932a63c8833b27

SHA1
3ea22eeb3cbd99fa5182528d2b0096e3649cab67

SHA256
a567defb757805e08f2cd25e6573fa97e8c59695b8ab3cae7bef96bf6b7676e7

SHA512
f9a73b9870c144533e1fb35fd26567db6d05d4f56992cf885be2f531f64237a41b9fd22ed324dad0e1a8b239b45080546900a6970121549397f0d72223921395

Download Submit