hxxp://www[.]insecam[.]org/

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.insecam.org/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1628	msedge.exe
1628	msedge.exe
2948	msedge.exe
2948	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 1972	2948	msedge.exe	82
PID 2948 wrote to memory of 1972	2948	msedge.exe	82
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 2796	2948	msedge.exe	83
PID 2948 wrote to memory of 1628	2948	msedge.exe	84
PID 2948 wrote to memory of 1628	2948	msedge.exe	84
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85
PID 2948 wrote to memory of 3840	2948	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.insecam.org/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff379446f8,0x7fff37944708,0x7fff37944718
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,16684173518794145888,6231952944400818432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:1412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
36KB

MD5
406d9b826bcb858a49b38b51fe43b066

SHA1
7727771206d299598638d69e9ce5402aebc4889d

SHA256
b8d8e6ebcc4f0feea09d573f2563ba7344e0b04bbf3eab174dcf5d8eb3ea84ec

SHA512
5ad0f4c3fe69d00d46f75982a0d6f14817c3620b75a6bacfd6cb05c019fd6f6b3e5f6b8539cb911d89d84e0bf9339c6f24d52c58432c8723391ff7546679366e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
119KB

MD5
835e13f16b0bbc44f153b7979d38fe87

SHA1
9f19a1220183642826719f40bbfc71b31e6416ab

SHA256
8484c0b0e345847624acd566bfb6112bd13dbe315cbe731c977ddb073b6ea68e

SHA512
dd454b125dbf8eee55870423ebb11f163d8ad94a4e4119e38ec562fe9840c768ff36830ce610494e16c6b955c582d8265b5de2e6a039d569f58713a4d4bd2e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
36KB

MD5
40388446cf6bb9c7a8d919d8a327072d

SHA1
0cc6c23540bce210536f47dd4f1c159cc42e6246

SHA256
fb7b5ac358deea4485de73770442fd5548f9255fa3f5e10bd4b12f3555f0c294

SHA512
59fb96e0e51ed53ee69a49c92d53f7acd39c9247c2682b6d425b1caa9f1f58b57161f90bcd33ba96699722d9eaf159870f4794ac7f99ea4f47ef316fc1664159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
54KB

MD5
7a84a0c6f3e6031aca2166b955646722

SHA1
5bed7d989bbb1d02b4fd0ea9e0189095c77f2392

SHA256
e994a6538b3558ea7aa928548ca62a4d384f78e0bb3c7696abcb9a031b7a6ee5

SHA512
c89e8f728b71dc6c66a80c5828ee287aca1e89061a8f456cc8e33a59bccb6f6b0434eae8d21fc0730cd4c36f3f6eaa410ce6845d3abf2a2087b9e797fbc49d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
94KB

MD5
32fa37d941eaa7a6f69df597e7eeed71

SHA1
85804e9b01b63cac0de24d1797df948d6a80ab8c

SHA256
22be99490bd3855c07250d07caa4eeafbcfd2facc5618dde7dbe94230e684eeb

SHA512
0ee9fb2e8b0f1e7440795e399f608a2495f479c28d8aa70c08a010d9671595fd46016ffcb677060d8d3cecbf565eecde5adebbc85e3505a7dcbfbb453a15a825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
80KB

MD5
6acdac66eaa762a966f2b8683805177d

SHA1
b2846e3cee6ad87d5f65c92e597204c0b38404a6

SHA256
2753ce50a462b215278abe1a3e8b3df4ed5a5702e975d12cae53bbbb9f835fa6

SHA512
2d1cb3606140905f838eef82cd7fe8e6b206f3503cbaac9bb27a2173f925bf63fe91e43f03f93d1a1d05cb6613ae81eb3f08df42601719bf42bcba853b87e230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
139KB

MD5
d6af4f3076d82247c07241fe3c4968e6

SHA1
a14079fe703ae074187db646be6b5a045aa825a6

SHA256
6b3cca38513922250adfc0b466ba693477afab28329bd9b1aeec56016e3305a8

SHA512
fc62c41d6700a4ea744e09b7914e6ba08affaeb433e89233f1e7945bce6569961f58a34b8129b0e7b58abed6b3590e2e54271ccc58e823c73314dd7f5fdc2975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
55KB

MD5
02862c381cc60b013438acb39a1ee216

SHA1
83a8ae758f96e9e9bd7abd28d5d38aa9ca0f7d9a

SHA256
489cca398139e0ef2675fc2fc7ebe72b999842a6b1574f9771fbd800f7329818

SHA512
f423ce4561f109ff5ae03b1928a3c61639446a61110cbc5fb165c40aa1d1a825e1d4cf420130b19821ab0eb08a74d2160197b7f77e7f03e2218ec345dec79ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
21KB

MD5
56ce4e0d4dc8a777fab10a90cc5b9ff0

SHA1
c9b4431178167058befc71b3b2d8ffd9b27b82fa

SHA256
3888c952dfadc79b7515e7f9da88f8fdff23a11b0957f670481c33440046a67c

SHA512
d4cb4c242acc72d2b5238b5216694be685aae99d51bd74de5b4da2d49282da90f8ec2a1e2b0d56e7ef268650eb6c84b0933dd9af1eb7693e58201e4f40b5330f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
20KB

MD5
5f747c64539885d991db99de756ce1cd

SHA1
a767f8dcef5742cad81e949f0ea5eb91ef0dbb55

SHA256
85ba8c5dfb41e7d6b7dbef0f0a180b487b7d600af5eec1d2c6017fe231b43abd

SHA512
1470b4b0272c7d5d3e8ed144ef1d2a2d9e3a89c99c9ad76a3eda2259ec5e84db693e447b555d9849b89fd507ae5050a461cf02ea70daf993aa74b4a1bd141bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
16KB

MD5
a2edb5c7eb3c7ef98d0eb329c6fb268f

SHA1
5f3037dc517afd44b644c712c5966bfe3289354c

SHA256
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

SHA512
cc5644caf32302521ca5d6fd3c8cc81a6bbf0c44a56c00f0a19996610d65cf40d5bae6446610f05a601f63dea343a9000e76f93a0680cfbf1e4cf15a3563a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
20KB

MD5
aac67bece45ce8383387b4729b62147e

SHA1
2b8c2f23699460ed5d190e4b6896ef12d58ab0cb

SHA256
6012590eb665eacde75a99d23d7751de686c65e15275c4b30b7209e92a09481d

SHA512
38364475d8808cf807e75ebde81ab383d30b137cf4a92f6fcebf8cdecc780c1508dcbe299f970a80bca245c333e341718b773218cfb86fa3241d53158bb892bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
20KB

MD5
3856de7c74fe6337d7ce813fc7bccee6

SHA1
cdcfa9794d003850048544a3c91e77da5ca1471d

SHA256
862f70d9b90d2587e8367b318e2e579f14b0e62428f6f0d2ff48d8a55dd94bed

SHA512
39ef7ed2d323c89582ff85bf0e0040729179aa4ea4f4e512eaae967a823375cb95b8ac914a9dc3c267ce75fb2a4a3860923011f42f4b9381308b9639f57b12d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
51KB

MD5
84bd83e119ee7dfc6b13b9d4618a4cfc

SHA1
b54b93389ed3bfc528a417fc042d7a9b8b1584bc

SHA256
37e29a0164a1fdcb91d33e519d194cfb5b878485f033391bd8edf9da044683be

SHA512
c3ccc6a46987a82935b7d58d1178df9efb58364dd3e17028cabb8ee062517c3e264a1e3b9e0d1201f4cd707b91bc9aa89047edbd65d1ec70554e370194db3ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\500dab643f256e7f_0

Filesize
54KB

MD5
8bfe90148543989afae8c33ccf8483b1

SHA1
e6e5d886ee9a46e7a85297690fe866973681c9ed

SHA256
0f0fbef58364617f155de82b9d692b2b72253ebc7ed18d6b43039c507d84f920

SHA512
67a35df5ebfa8741901bc24d6930c9acdf9c8d761de9a7cf044917c4b2a5fb1fc2760d10c34a9afe026dc5319423e2408aed3fbc64c64b76a753f47aaff65320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7ed8485f32ed1d450ce890265c479900

SHA1
efcd75696216bd7670329d450ae829473e3a23bc

SHA256
44c71a763f071721f6947486d898249e7e7d3b427da421c6918a66948b766729

SHA512
05383ee7df2b9faec066da77b9307e4d2889ef3a3b0196c2ccdd68cde7452c68392cd0a6b93109328b9624a747e60ac74542c462253ca9c1e34c525ac1b86817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1127678270904264cab0d951a36f6fd8

SHA1
4fa133164d0bd2d713188d23152608ff6ed6eed5

SHA256
52293ea319af501999734566c6e33b85cdded8f324c688b804757251177b4b96

SHA512
eb8f1be0a5a8826e4c2192ab1c20b1f1296b1e05aae6e775f0f400e1ad40e6db336e938b2273267d6a5794738189f850d1fe0c29a556a23032971c265a629215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6d8364b1d5bc09ebc927b43933a77976

SHA1
6bd3d1a2455151c01518f2059558e48dae18abb0

SHA256
ca1fb0110c361e0bd4737c182578a3b02754c1d73adda72e13d49ea09c215e32

SHA512
6d52cff077aa66b9e46807d690df0dc6e4c128e6eaa6966b30810d6d253a2071758db87f90783f23e3167f681605683f4fc19d6c3d2d49227a4322874dad7055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d8c82c2b6060eab8dee937f28694edb0

SHA1
cc70dfdaadeedbb44ab730389d3a9def0ab35fb0

SHA256
34de23c325d33a4db10443867f08e5e71a13c365cd1fb808b804f6766c055aed

SHA512
5ea77ae595b3d74e9c0072daaf1c04afd68cb576b07112a619f40002855fc67c53cecd818ec70a47ea4d8d31035a50b3f503332929f67cbd60d8bb6cb6c3a386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6bc2b96062137d6ca6123d4dbfa838f4

SHA1
bdc5b09b81e8c526370f9589f733dbd087a946fc

SHA256
feb76a843f90625cf7e3e875dc573d751fa51cfb2fab194751cc9d649c026bb7

SHA512
1b4ef0c56877903bce798a5d27604ccc18ee3bc10ac0994ae964a7bf8c06c6cec830944b65350085397731701942420f9d7972fb0198eb4dcdcac62e81d316ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2acbfdb792123e2221095c8c07e6cf95

SHA1
f6c71c1dfd42dbc2cacf55d6f93850c9615ce0a0

SHA256
cde4498bb0d4a43a9f51c745da9eaa51408757fd5fe2965a64444ff945004371

SHA512
88996c28c7978f84e9bb19d8f529f9e34420d8bbd6675169770015dc00e133f50836ac5a88c551b8409aa1c6dd314c07938b0fa49981e4eebfd37e1af878f980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ccd3f43b7973a6966266856567ad96fb

SHA1
0536ea507c91c2b86bcd2b3539d808d29bc29f8a

SHA256
b8ddf2f1fabd7ce5012f8d330d211cef5e381adbc55fe511e839c5bdab80eae1

SHA512
709b9047916d62bb1e729cece01e8021cf89bc74c8cc2836603e3680da8d14059aa9c8c1c469ae7a1b8bc8b8e2b3083ff6b86ffa311f9301903709a8613d3c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c2888ceb4b567f49cd656c670d1a0898

SHA1
2fe4ef6e07d7956aaf9df10a208b045c4233e4d8

SHA256
218a3901632a98090e5000f6a4444fd561e1ed932ba2b1ee19803efffe5cb6b1

SHA512
3f6540da23be821ae969b95ddb308388a4a877eb374a68c3eb683c115f10d4f2a9af32ef990a8777ecf6f7752e6504b6d39b4640a40bd1bcb22befea4f130345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bbd3ff5862cb0f0462bd37ac4d9925f8

SHA1
3623966e03e42afca441f82ec1d91579a69d6b9b

SHA256
7da3939affef665a585d9149f8247eb093a87e1be3161a7fbd00d9a5a57b9691

SHA512
bfa46edc25602929408d40ec56ea90d83f6e6f1eb2e65dee457ecafc5fd3c7ff4ad5c6e5069b927b8abc89be0791950504782dcfd6d0e3421124b2d16bb4a1d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ca251030153a26c66233275c2719ec4

SHA1
6693a19fc2d961190077584614196030fd8fded9

SHA256
299dd4bd7a127de1b5729a7f025f8979aa416c508ac9822b545c5384250c1e18

SHA512
bbddabd58f7a2791657d729df6879a30ceb330a6c51ef301229aaf5a5a6db39b55e8d59755cf02f3d2f2267b5e0b9389f18acb28b036d1bc87c043cf5cb0192d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bcaf54e62ef822e842f9ee91b8bd5b16

SHA1
ede21de894fee433b51b67d44b941acd9874ee44

SHA256
5186179168f2bce3b6b12d99c79f19ea4f775e333fb72c47c22b391d0491fc20

SHA512
3fbc03062c2482a3611afabd727c4644a369ceffca838ac99b07ff2203f4fd0671b774c88ef50a6c4a3d012cf8bce07d0c8fce4f53d1a02e75aec25a7feddb50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b2ffc99dae3e160147761542738a3ca3

SHA1
351bb8235e6415b7e41bd7a26ddc90a0ebeb3ed0

SHA256
ab4c6fbc9564b7893762f01c0a8a2814b58ebd4ed34547f912e6a37fa8b7cd73

SHA512
6f15a954db6e72392e537f8ba82d4bddbf37bccc732409bc70579120e27ee7d64861144068526a0c1085d44479ce12a02201bbf0c5ff6285e35c961309c93750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c1c9.TMP

Filesize
1KB

MD5
3dfd0af8ceda6f152f512abb618cf7c8

SHA1
6428b995bb73411ad7ee3993105e6e11951c435d

SHA256
6b3e821db3ce8fe32b7b85a870f47421f7d58e9e13a5318f910193801bd7f858

SHA512
a3191290930e5be639abcfcb79541bfbdeed8411c20451f2ab2966e67fa6040bb0fda4e2f5d2462f73a7d1ac0067fa7095cde4d084ab88cacb05816e5895fd5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
79c9941180ae6ddab701226835bc59b1

SHA1
fdba34760aab48f3aee6825836862664726ebec8

SHA256
9dfa24419ee74a6a82acb18cacee10e6aaf6e693c2a848380f0d706f9ee4f0ed

SHA512
bd85022a686ac3717103150371b890d264548675d9a2e92248583036a43a15e68e4d4a95bfe94f7d9facbcb7310962b9ead7fbabab8a03b509976d02610bf3f5

Download Submit