hxxps://turbobit[.]net/download/free/nk5sqz73fqtq?asgtbndr=1

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://turbobit.net/download/free/nk5sqz73fqtq?asgtbndr=1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{E00751EE-39A1-4D73-941F-59087C8CAA2A}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1204	msedge.exe
1204	msedge.exe
3872	msedge.exe
3872	msedge.exe
1556	identity_helper.exe
1556	identity_helper.exe
3304	msedge.exe
3304	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
652	Process not Found
652	Process not Found
652	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 3592	3872	msedge.exe	83
PID 3872 wrote to memory of 3592	3872	msedge.exe	83
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 4332	3872	msedge.exe	84
PID 3872 wrote to memory of 1204	3872	msedge.exe	85
PID 3872 wrote to memory of 1204	3872	msedge.exe	85
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86
PID 3872 wrote to memory of 3512	3872	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://turbobit.net/download/free/nk5sqz73fqtq?asgtbndr=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd8f546f8,0x7ffdd8f54708,0x7ffdd8f54718
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6760 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1124 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12413564867955007445,1151620472485869711,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1fc0e4cb-574a-464c-b9ac-ecb67505328e.tmp

Filesize
2KB

MD5
78ba7821c85160513cf7a30cc878c379

SHA1
bc772fe0c5d4fc430f8c6aa0beb39ff1751f5320

SHA256
33cd2492cf7fe74137107d937aeab35132cc3fcb548f35771630e9581c1b2be5

SHA512
15a3b6b2ef7100b96f0de4a0636eecbf22e8a1708b261bc20728a979a0c29418da0b887f2c0d1a4903629ae264197e449b325dfc79710cba36ba8893fbb1a5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
25KB

MD5
04b57b54d2cd70e79d15b68e64525bed

SHA1
5356795c93fb40912a6f6add4956398469cc7857

SHA256
a27e8006279abd60b0c6306ad0db7d06cbd6d52d395561fab507407057ea38fb

SHA512
440e170df68e02997263c13ab212e2a3b4ae114ef7a7275196c44aad4f119c6d7a9e1d6e5bad3431552ef77520f1fc1024e657565a56b232aa066ee1ef8817ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
19KB

MD5
dcafadb219491b06627b7e95f4abc1f7

SHA1
6908453d8ac27d86e0789583efd031da1970e3e6

SHA256
c196441b191d962e2a250c76a9aecb6cdffd368e4f20b479ebd53d1e64514a87

SHA512
83a3f7bdc39135c5c1fc9fd9918bb53e55872745a67fc66e98b203d11b1ca28439daa8b4f50704a81a56e2a3954adf9aa3a45a5087cf6905ee9c2dfae8754d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
22KB

MD5
0d1d043a09502c8b044963d3b9e8f4ca

SHA1
df8f5607b575594c1f7cc332ead2b94f7dbebfdb

SHA256
e969a87855f332724c214f97fefa1c861f7d60df04cd8032633948b60a9df88c

SHA512
b5534948967756b21a8009343559ab441138c5311aeabc77b1669ca729f3760c3b0bf97f39cfc00539bd4d01ca45dc9468b5373bf0901cfa33f98fd73b9f08a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
81KB

MD5
42503407c0b83ed0ec262055530a1860

SHA1
b12a88db696819eb83be495ceec616875e9d3def

SHA256
f56d0761748110dcb85fc11755627a99a0cc70c3c77217475294ef1d356b64a0

SHA512
bf8c268205f95af67dbdff26d6848c999c64c9839a36dd018cbd7eff047b33f584253ef83b8ce3d50bbe44e56065ae0d1fec0e9dbbc763955e6c59f58878cb1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b689fdb4de822ac7d312abff251a414c

SHA1
2732187ffa0ab5d5cf4720c1477f85771bef1392

SHA256
d7c93383bad69b16d037575990b6dfcbace63c05d8606c93ba3d275b36db43c2

SHA512
f787da4ce9e6cb424e39316752ad8310a7bfcc1344617dc7a6103f53a94d3c382bb0f4e6db571f1405e7cc3443c871ffe54066a729131c93fcee28018e2e5c12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
df7cae732a3f1ef013accf0f4a2cb01b

SHA1
86fdf2669f60c778448b40dc243c9a7a7420ceed

SHA256
7221400f85192d83e39f1c7c5d7f97bc88a4edcbfdb0647037aa66706b116fec

SHA512
0805f66d764e14cb0d83fc0e393bd592aafa9a28b8e88d15a2af64d30e564d12b153b73c1dd49c920ac55d929b1e3ee4a593542e6a162ed8287103e54090ee2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bbd9590d54962ca9657770b012ba9405

SHA1
cf1e8f513786e856eece2c324e9ed6bbf1569348

SHA256
e46ed0ccc5a7ddf05c27a40e91b9cf77e42e2044bf116dd0cee5e5d7b64b5645

SHA512
de137319bf42fd2f0b66cd0baa3ee4cb8ce4501310a0ff836451c0fa0f91e74e32d5d1cbac39d10945d26a93191d01c5ca2a1bfc157e41f3496d5e8849975b08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
382c03fe5c62f8d2bc7a1647a3f09ba8

SHA1
fc4b6259df9d679e9d64c9ab1eb677449288f8c1

SHA256
66c3167b60537a3f25be559a6f5b6d41cfe076b8aec4dfedc18f621c9d51efcb

SHA512
a5fb9015de8119fd9ae2cc88092fa715aec69e6b13e7ca4f34016ac0939bd31d8f459c40e1bea2fb039a9f316099cddbef34dc445410692ad043bd44ff1b3c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
705241bcbd46a174cd18cd6bdf6a5e94

SHA1
9331f5d3d08add4d81fd595c06027012c94f98d4

SHA256
c1f8f5cabc03026f2e0a2fec010a01b5227151d3bfdcfe1aa74640705785653a

SHA512
761553daa591dd42e84b9964b760100f7511978edd8da21aaff7d16a3983f8efdb4bfcd556ceb4e90f944c54ef441dbe34af3a64223f5ca3084a30b460dc444f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e4ad252db38907822a98704fcde49729

SHA1
81359481c647701457372083050c62b9955b3b3b

SHA256
e92aa1595df9b2944bbd8e9c4dfd254caf4ff7f85d3d96f5fe8684310e8cbb5f

SHA512
d31527b2d747585b0a3a792ee1d2f11dce5967f868ecf98a7c8153d33812db5f6137b12839a3d7a2760c8cae8a1c4d8533ee2346603a7596980be21b1c6990c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e68ff56aa08a7723e5b3422b3542b27b

SHA1
7bc7b457a836a255e03ca6682849812270f48079

SHA256
2b8f07608b496ccf63a78446f38b7c59145fb04904c8a9998fb852aed84b8ec8

SHA512
e1cc3317244a6e7a052370b58bb77ac26322a92ad06009c6f3b48eedb84e43995569668e189dc850f077ce33fab4dd6e5f9618ee750709e2151b1dfe563db813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
44fb4343213c2783cc5bd7c922e12285

SHA1
02e09a8f1455b8cee0e7ff813fd0e240827f7d6c

SHA256
d4f859c7be592060a278f26b7dc240bbead63643a1c208f07ecc994083dfc3e5

SHA512
59eeba33b10c383c9df143190b548c0c821710b86af8ae5e335e69e3f3710dd9b2dd14292923d4191ecc8606c6249cfb508d74cd20f85e309755a010f1f84958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
832e11207b0e88a8a0871f4c606a3a47

SHA1
a4ac54aa58384a28b8183794d436bada08d24c0e

SHA256
f4734e5891725669fe4d59a47d3c96eedd2900765a7944fcb3f56b164d50cc17

SHA512
efbd917de5043e376ecfd2ab6a5aaf5d9e6f7faf3111a2709b1f5b62477b98650f188d4903598fc90fc37e93bff4ed24c6e44662f308b3ba90174aa6859731d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5534cb415f75bc7185b5cbc557ee0b2b

SHA1
1b927a8f5f7e1887b7981ef9614abab1bc36d61e

SHA256
5491f07fbe607d584ff7087e6c37b5ca8f967807fd679c3f50a63c154feb0b7a

SHA512
943e05307018e6b916c2d2f6ac7b22d519ef5020b803a29c407374bda10a3c49042934f01fbff10fe34e7cb093b27f9b3a89ea6c44602c7a1a416be73193515c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f37fff2e8b8a2b5b14dc6c7861b1dc0f

SHA1
0c087b05282e22423735580cdf9b9d729da0c8b2

SHA256
54d16f84bd7a0d6f939d1008655fc7e5a6dbc8d1370b455bf0a9b6e218f141f0

SHA512
2c4cf2431c7275b3d0b88c712a02932651464ff2ff7261bf55aad9ed037b86668add738a251999943c6f23d666da1955227ee4ad3f175b4fd668c8c5b975bca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
df3db516b780ce931535814ca1364d65

SHA1
a205d9e522f8a6a0abbc82908d1f8b160ccc05fa

SHA256
ffa0243873132bdc49cdf2e26179d6a7cc1f1fc9c681f0a509ca5d59177df3a4

SHA512
669a97a07c411faa6a84f90bb8591f1e052705db909785aa2f385c3443c33b919c7b31460debf78c0afd9c59e47ccb807a3c8b064a75820967a579b32d01f03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e3c8.TMP

Filesize
2KB

MD5
ee11cdfbeef4ea5530c5b06ffce4cbd1

SHA1
280113e7c44ddb23738102f52fc5903e63f37a1b

SHA256
7bcd42a0cf5fe7618038a2bdd8b51c0d17dcd4816a1a9627f022f0b0261c4803

SHA512
05d7e145227081500306f8671e74ada236dbbd7a707bd1b4dea1dcb67d987293ea8d7c0cd762bb5c0a935eae77a493c718d77e44fd28c2fa2f6bcebc60d767c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b2407d88-1663-4787-905c-b4913c728f42.tmp

Filesize
2KB

MD5
8e06bb8b6964b26e7e99e0e3677380c6

SHA1
d5e0e35c2e0eaf277adbff787d3dac9b2170499d

SHA256
a57e65a4d0af057ced9c2cd04a8392d4b8c73d22baa47d8a705b9a654309ae4a

SHA512
92fed8003d87991841e1180013c6ad49e58ccb90530ede5fb99b4f322c6a1696fd0b2df6b40a6a738534799a18e72eb83f973983c8258be42429fae4f8b68352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
227a3a55112d2598f857eb2dc807fd29

SHA1
df068bb9409598846f2162e70f4708329b261bcd

SHA256
1f374d3082bb9c6c636fea5b0c677b3b940752b7fc33918427a62748201e1270

SHA512
5e3c49d68b9eb141a931455eb78b4e7ad39fe4f0134fb59feb51c73908f7a221dac82c28eec0dbb83d4ec4d340c712f7d99bfcaca585a80d2479ded24d47d803

Download Submit