hxxp://obtaintrout[.]com

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 09:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://obtaintrout.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
4016	msedge.exe
4016	msedge.exe
3532	identity_helper.exe
3532	identity_helper.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 3448	4016	msedge.exe	84
PID 4016 wrote to memory of 3448	4016	msedge.exe	84
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 2892	4016	msedge.exe	85
PID 4016 wrote to memory of 640	4016	msedge.exe	86
PID 4016 wrote to memory of 640	4016	msedge.exe	86
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87
PID 4016 wrote to memory of 2828	4016	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://obtaintrout.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3dd746f8,0x7fff3dd74708,0x7fff3dd74718
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5248794923309094559,9060807915215747082,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3452 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
26KB

MD5
bfa0ad05b7e2d4e5501af2ef1c0b214e

SHA1
5c620618134f05839fc890be4423c3caa37678de

SHA256
b30212296e975188e2831e5fd8e275458c8c29a2900f420b0670aeca552cda46

SHA512
b2058f8be98ea1ed027779f5b3bfabb970a37439a29d5588f189f2edec8fc335154e617b2a7ddb94782d31c98988459be4d66825a1b7eb9a909e3996b2bbf933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
366KB

MD5
8a2475365d185042a22c7d66e31bded3

SHA1
cc07311a9702106b07a34abac6e0d5c4605150dd

SHA256
4ebe528425f19437fa976e831904d0dd9c2350a19ba4d7a63b435241ac72f511

SHA512
9567e9f359f28baa7e09bf745aa56e333dd507beecad7d4dbf36974c4030aa4076c240d1254e8087a3567fc902b9ad73afc49fe851264d014585201a1ececbf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
152KB

MD5
23d9bc44bdfc0ce3606871abedccdd62

SHA1
96c158be1787629a841ed6fba69d452bdda952de

SHA256
d5442a2726ad4e9748dc00721c0649fc0588936e736b762f8343d3e053078f09

SHA512
2f34d4ff55f52293c8cab38efc55ac232c0a4ca9a75bb7ec2284fc0a2f72fbdb1264f7ae87abc244f77b14cbe53747b407eec1a358a266dc0ab24a57bb1c816d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
26KB

MD5
332ccf77e62a5f13f716c6d8b104f747

SHA1
aee02bff02259e60cd51658e67352c1f0013bf4a

SHA256
f36cfa34bff12d5f0cb4228ff4985e4c4513febd336e8cef4f0203ae622d38e5

SHA512
169a8eecea26affa32524377a81f6d1c6a5a27e1d1d9ddaecad4dac004aa6051e0fcf58200e6063d4f57e65aabd84e5afa6073ba6e3f4833bf41f9ac93997ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
43KB

MD5
ec0fef9ca01d35aec2abda470ee95621

SHA1
db8fd1f11792905e91f20286e877599c2a8af99b

SHA256
0a66152e483791358eb442c016aa188b53d3cc855959ba840a2257a6e0df24be

SHA512
511d77a2e59e584a9478ff360c82229eac08951b3fedc9ffdea8aadd5fbb11a7c707f9626b3619d70c2840fcf7e4be2ea40ab7fbcf4e819f8eb9104be2eff877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
1435f3cfd01bf0f3c24b8983e6780db0

SHA1
439ab7ffa6f9d5b654710691d8736eedf2b6e892

SHA256
8cd3f9f312e86bade2e77eb25c28eba805707909441d49e29288944677ce6d47

SHA512
dded0517b2c8f6c6ea045ba87f3ae870df63843291c3e2219e7bdeb4e33baf360b5fdb6065f0566fd1c79253105574ee4ca8cb13a11f7e6a51bf20eacf03155b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
159KB

MD5
ebad033f32053291eb4402aa8474315b

SHA1
d94fee25144fa14a3a2dc039080cc8184ca5f3b3

SHA256
843bf950589be4645f7949d4e68d08bfe064a2fcd9623d6e2e682e3b27a0e883

SHA512
d70363851c9232a75a2a82e9c321f1a24f67b1930600162438dba1b977ccd382c9e335a7845c38f6422899f73d00046cbeecce7b8e690339b49238a8337d7291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
78KB

MD5
7de0c80ad21d01920a96d6d0ddfa77fc

SHA1
d6b81d89c41848b3f2a8e13f63184477e35cfa2c

SHA256
25da42089391e06679058d64841167e8e0815f54c5d00461cb4324bfbf6e3efb

SHA512
75a29ccc0e9d3ce46f258cdcee3c9fd42a083211325d8eb12477db29d4491050914192c29da3d273e5c1aaac155ad7724e5869cf6367d9ccbc3bb4a8f99820a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
2210c5dd701e07a36867ca3c1d3994fb

SHA1
81bfee1072ac0bcc7fc53846c3a5f5bcf76c09fe

SHA256
46b0261e3bb74e89e1f6c3b1426dfbfc5675558a058fee41b54ba81c07df0015

SHA512
bcbaabab03a9341f2fe80c5907e50be3859ea605b812321083325a1af2a1fcd5659c29b21f0b43089426f5fbc758209ea987507f7b1b1dc8a4d9d8919523d8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
35b9d764b95b6a715b7af15148b49ad7

SHA1
634d2b572902a16b76435da6379be272cd52e173

SHA256
6eb8126bcb2baece66ca780ebebbf558935a15db19e702df2d9750502f7e3e6c

SHA512
ba869bc187fcd66dc5377e9ca53e2374d7ea2b1b4ab20d476e05d13b5691bfbf896aa1f867e03f91aaeee750394cea2f1402d4609abebe33cfef0cca600217a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
54e5d0b456d2449a9b8f0735302f4fbf

SHA1
f939a9cc998f1bb9f94820026753fc4f14dba776

SHA256
424cd191fc2d848d6810e13c7fdc6e4b9942a4ba5fe458463b974ccf0cc514ef

SHA512
2b922405f09550862add1ec556fafccf3266ea813b09bec1c1bc68d226c2dd1493c00c17d9ce5b79559f3f059de3e608cce0cbc9e2bf0dfa7b1e65b13d55a2bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0d76fe554e83917456f1a688f9eab8a7

SHA1
b20f85b756efef33cee7e8e8f3e83159abfcea48

SHA256
deecd370280a4031ca4a4b527e8816989fee9e2380611fbcb958ba7a5117f096

SHA512
5082ce09ac9b0baed8bdbde11f504bb9c54048ba89f4ed329ab75914cd77ccf085cbc6272f3ddd100c3b9eb39e9576f9837dc82146eafffa8633c518dbabc8f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2a395834223b027d65ff19bcbfeb36c7

SHA1
4ba2a6275bbd099a9d33fc5ba80289f19434085b

SHA256
b702831a11b4e9bc8b75b677b2345713e1e90b931c5ffd52db38ddac2964e1db

SHA512
4341340cf09f6b5cba5059e06d731e239a2c5a228eef13cb5c6d22b2b1ee2a74ec8a83b6f3a2cadc50a48f54894e61b75b7197c84ce002006d903bc6a7737f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3416a5ffd757403349c91f8a232d4d83

SHA1
b256eec52e60d920596c65e409950ae25f34dbdb

SHA256
400973a6258b328895569925228a60e7b54ed643c503ea490f059d00c253b523

SHA512
78af8336aa750ce4da712e0da2c124fb17f702a4ac6e783d2de8afc9ae157ad9166329900161d1373234313f3afb71758ad32c404849f005a1a3c9c6ba92732f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c0b863cc736b222af601f2aa9ca5c23

SHA1
d821f68bae19e1ff4a8b580803a2f2037d2ee3d7

SHA256
ffce87d4db9303a5e6b5254099a05c844fad694c8c7195ec995d0a453c4cc1f5

SHA512
120a5f81653f08bb9f096b1a4c475702bbcac99580f60cf53a5abc94b4d163375abc62ac231eb419ad21003a1e1add6329ecd81c49cced5f58b3982d1c6123b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df74b31fff60032a73f9ff3b50b054b4

SHA1
9a11bfe8e16683d995a07bb9eeafb97618d7798e

SHA256
d1f86bf8116a619ada15e2a5248bcb5449bf420e748f556dfcc994869f2b86db

SHA512
7c2633f95f392da6301ece0f05e8ea420e07780f813cf158c315ee1141cbef1405b16aef595dbd606bae19a49d81dbaf5d3c0ea841a4525b0a05e7ac1e5affb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98b1cd1c43e71b63d16d797ad11dfbc9

SHA1
ebcbe652f9286931a5bec540e8668adf2e20c111

SHA256
38fad6fc0eee08d4ad374548d4589838a58707ed8435e406dfb7a534edfbaa1c

SHA512
df7d08d00a837d1d721caa62cc16ccfa8fc1eb9ff2786248dc795ebcecd87c1c64354a26fc34566f8f7990c2a8d00afe9eaafe502de3596fb04309d21341773b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d776be4fa319b810f7d929901659162

SHA1
0ec3c7c8e370b281f6d9414237517742a7e09170

SHA256
1f52bfbeaf0456460809a1e1d339fb52624294d010cb834a64f5c344ffcbb62d

SHA512
92a2fdd8e1e9833b072bf09bebf1c992f4cda7f993383064982e0275a1aa9e6d110e43e8e16834e4225aa110f7c2a27b72f6f202c0a81bc0c0f875e928a09b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
c811a2e49f639f8142c08de097f21c59

SHA1
12774d614fd6e3bbbafe2f61051e3365a724a63d

SHA256
e36180d669b5d0858a4ba4fe6bbe9996e4432ac27a989e397c5cf2beb55b659e

SHA512
5f51936af6ffeaa2b72e788bddb6e313f8fdc8eb8cd5c5bb2200aa23db3e2c61ba06c5de3545973ef4d7f8b315626df9ad11f196c319450d5faabefda2b2d5ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
1b7824a6d4faef2aa4d5e3a113941e23

SHA1
1cb3f1ee38701e902e579083336952b6d71655ac

SHA256
7afc40fd7d5f740a561f9566f0736d181c5ae5a6afd8b7b3a24743d3403c29cd

SHA512
9d5bfed77b42b962173f78811b4732716a8e883e1369f55432e3a9327eed61ebfc56b1d858657680c2f9cae80f72444c24615912bf024aa1bbb1a30c1f735a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
bf1a9be5faca16ce7d5b77a1cb3ad24e

SHA1
09288b737cc00d00adb02ee0da3f59f38a052213

SHA256
67dddc2324bb1c46ecc2db1cec585183f3ca1754fe87334bafb49a817f638988

SHA512
8cb257b29491f9309ba28b4bd34286db8f8201e05a497b386874352ae1aba3f097223ea8ff1dc93bb768668bbb130b9d457a4b294e65233c19479ef9d94a89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
8b4d833ca13807900cd5ca410896a8c5

SHA1
6e3c546dc1178f5ea07e0b295993a45e103a8dd3

SHA256
916e6533668083665408a93adf00126bc77a32a3ac4b6ffa5258aa57ac488d10

SHA512
377d961a29bbfaa3509af2bc2955d3198ac41bc0bbd6ad82bb72e235062bbde65473564f613db8d7de539f9846da755d5cb5d5868242032d7183c55c6bf62812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587376.TMP

Filesize
372B

MD5
ebd7a82804b17ec83e427e3de2525f37

SHA1
6fd43005762104101bea21059f8c561494323cc8

SHA256
1d883273115bf09833c0855ac84dc941e153c62670f5854b0611d3b991c4fc2b

SHA512
3de2cfa6c72f955b2f544a50bd3365076d75a13a5ff4eb70898021c00830d8a19aaac222d43a8d64c30ccef70905b3bfec026b6ebcb46c730024aee31ad554ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
98ff07c6d74b509ec9a78e7ed0e617c6

SHA1
86e8dcfc7a247312bc3c039400b926d39c369b07

SHA256
984bffdefa6476751ad4c019a7c54e5d584d26649a69f8901a38d1ce10f475fe

SHA512
51a56d1da3319012761a7f3483ff5be1cdbe3c7d0cb1ed31ff28d698ee80af718c271c1eb6e20fe3a5cb6cd5de37a8c9724bc143327d7da4685da7ba9d73632e

Download Submit