hxxps://hdtoday[.]tv/watch-tv/watch-lucifer-hd-39495[.]4818751

Analysis

max time kernel
75s
max time network
76s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hdtoday.tv/watch-tv/watch-lucifer-hd-39495.4818751

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
4080	msedge.exe
4080	msedge.exe
1240	identity_helper.exe
1240	identity_helper.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5720	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5720	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 636	4080	msedge.exe	82
PID 4080 wrote to memory of 636	4080	msedge.exe	82
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 688	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	84
PID 4080 wrote to memory of 2268	4080	msedge.exe	84
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hdtoday.tv/watch-tv/watch-lucifer-hd-39495.4818751
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3b9b46f8,0x7fff3b9b4708,0x7fff3b9b4718
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6856 /prefetch:8
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18093329897790220839,7117434704390638901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:6124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3204

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x494
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
76KB

MD5
aee4937585f46cb9901b95db9dc64edc

SHA1
087e1389b471e7d10cef2306a3104cac4ab1954f

SHA256
d046d79ddc473cece95b2c243a456dd9c9d65057d936b6b52623c15422ff8113

SHA512
09da76354fbe99845e29b68754d640b40e700ecc6ee981bacc725338b1c3e716b0eaa3e18c16bcd5c7b9989e31bdd19aa7980bb8ba891207c477b83cccb4e127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
45KB

MD5
f95a0faf6629fe55dba24478808491ac

SHA1
c91fbfa760c6642f522038a7e90b9445cf8c762f

SHA256
3401a6c618e31c817b75f603ff2ecfd83b8b75e4309aa09007cad5e98878f1f9

SHA512
06f2e5329db17deb104bd106cfc84ea2b321a4ddf64d6d4acf37462cc0d898530b3d913f2c48c7cc29063bb22430e9d12ebd6c9f8e32a2e980cd985a40923673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
91KB

MD5
9460a9dca3fdc9eb2a47102f6fd52c77

SHA1
0a51554f6f8d49cd206e13e523e4b0b80177a4c2

SHA256
18346f5297491bc7c2b1b4b22aa01f49dd38b8d6a8c0de4326b13f1805d4a3e2

SHA512
711bc853971f3c5a882ab9ecef817c89d2261df93689f5ec23b3817949975fb59f815d5354dbc999819de47340ea0629b16c8eefb67cd3089d3089de782b8abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
41KB

MD5
0af350c480ab565287007d89ab48a899

SHA1
4bc2a2c1ed2f10d047429af7c9bcaab3a34f25bd

SHA256
030239207754b0195bad3b58d42e4bfed6df4aeaff730c3fbaeed92021ca4b85

SHA512
3586ded7ed16c12ba8201b1a215f818e0dcff598e012001a4765cd727587e5243c87c8e7afe84af623d34beeced1b536e1e1671cb3baf72175512a6800efdd6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0fa19d45e9801b5bae2d860e6caadb38

SHA1
7d6b532b805837bc10c51a9c658ef0570b93633f

SHA256
917689983868e18a5abff51f2ba246d1bee4ed852fad473b695a6f6f590801fd

SHA512
c063b85837f3f83efc2847e87e743e4cea930beaa71e456f9a8311cfc2b26f321fc8fdee9930764fb7abdb1fb83f1ff22e42727dc616aec8c2c17d1706a1a34a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c8f72a7e855221c6c16351b5032dd002

SHA1
663b4ad45a95097d96da8de66938e615097cafe0

SHA256
aeb4dd640840ce46615b2553e077dbcb611e847b673c2d1d0bab5762bea865df

SHA512
94363bfedde3b3e5159e225e6316fea7eac472bbfaea7100663f7cde5d835d40858ef077496c530bb845b312f945b5c59d326f62dbc05c0e3a2a3d3d1316b57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ca9efd3c91297d56fe11256a59027b61

SHA1
5373d72480867cf4437d562306afc3ac148b005f

SHA256
54917e6c8773e606c820d83033736669e649d3fe9e019fc0306f8fcc9192c306

SHA512
fb43bb5a1cafcab34a6f28e86887468361d7e7997fab0b4bd44b5d1a11148328bc7a642dc84ecb05f70edab9a19e354004b446d111d13289053757aa62547e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1432b8e6e36a8e0f917b048a3c6b66c8

SHA1
82ae7b2ae6231773e086f1e72e9557c5007034e9

SHA256
589e6e3c754bc0514828a1c22e70d6fd3a71386bfb321f992ebd4a9829f7c0e0

SHA512
c7b42d289b27bb219eb8023b1a2fe62063f8369acf02ee378851b116f4650de13ffcbfc5d517df3586835269f792f70b0a626b622bb2ef3d14c0e8f79681a7ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ce6d40bb479212a6a7d4993df5875f0c

SHA1
511370295762b82e97e4e08114e91b3254943cdb

SHA256
423129f6aadd2e992e29a2d0e4c2633e298efb9e31a7d3f517061aea22625f3e

SHA512
07853ff3c01dc21f5574e66ea399c4017df8f14cd5c19f0663d4c0c8eedb30cbda63835a2ff76f1cdabf7d4896f06e48fe0a18661fb76c15fa5e488d67e2fd26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8486051a49b3b85cdcdc5ed46de96866

SHA1
0452029c2b9ad26404ad0e5c0e87974461ad96cd

SHA256
69ee237ab698b9ef6e8034c90b4caa4c2e344a647c87a8225962dfd047357578

SHA512
e0e01d5f95c46e7d2f2353c7bb8086b2180c001a39f40876e0da414345bbc490b67a06a1d70e0c8d2e4135d91f41c35162c680cc4ba6a91e14206421001d6b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5be944c769050b4f42663ee01a4763ab

SHA1
65bf887184980b99049e1032561610fa537b41cb

SHA256
e4521a35c0713ba535c530952ccddf2566bca37dc11490dba6df6cfc4332e30e

SHA512
965f3e2a9c7da1d1942cd6d8cc0ce079359b97c54e2321164023ae7c4ad3c311039db4da2b3860170fda34aa6ad247342804425b2587f0f09a21edf6dd49e8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
733d96bf930b50c9b9c713d0175bbe50

SHA1
85f224ed3ff9a3c5dd81106ec7e6b2cfadb9cc44

SHA256
fc2304c428e6cbdc42dc75ad04b9d4ed31190eac35616a36b8715ca63d844cfe

SHA512
4f8d43d214182d32350ed059e4a95c2d3e37c4035b8c0401dda59b6927d05474d2899707cc89e22f4ffe2ea257bb84e6d0adf4d59ca84e61c4eef2f23bfca425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
34c6d20d9b00f1b08e25da1973244466

SHA1
1d526f8cbd977744c40985ed1c74e90a30d1b6dc

SHA256
c28749a7a3c7266cc07664879bf277cc35dab783b0dbfcc40e9adb33dfcb9720

SHA512
e3c7c23e729c6dfa0f71aaeb386d206f79ccdd8877a1101859d90fe3f0558e35366269091e5c38cbb843dc0529baac9611d2acfb7a363c789640e37e140a7de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ff327a4a63a733c0898c27bd6720d46b

SHA1
bf413b89c380d813f17922563f02d8ea5e733c41

SHA256
cf75a3b12e1adfd5ba998f30c1c7b86e62a498b2d9470ea8028de64cafd77e53

SHA512
4c1a409c7af155f47d7058bac269a02754221d4cdc1a21b27fde895ff51569cf1c2467f9d278645f99d2f26b3bd63a6b02fe69e1b7209a4a5b6dbcebac9eec81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
650a44a0deca2e6564b5804e348b5300

SHA1
fa126099cb43c31eed5b32f0d5bd748c4f1cea3a

SHA256
38b94888e8f8d15ac6e160356e65b651a5a68105f53abe1da16f04988fcb75c4

SHA512
08f6b7890bb2887d8ce409843ef61bf50f71e9785e0bb06efaf5386a417e7e2b392d75f4c1ca5dc99a6ced89ecd59221ad8130290238e2273f340c1ec30aa1b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c2b4.TMP

Filesize
2KB

MD5
e4b2006cebbce15e2e5d77676af9ba1d

SHA1
117d8c07f5db012c387d368b59163d41e6cf2509

SHA256
de0a51a9f3e5d3df2ec2c9086a1ae4fd4e7ac67bb80c6956ce10c6d60139d28c

SHA512
7fe50b51e53c069f0c7c24a867dd4453bc14a7bc7381786d6f1f2b8e82103af9993e71689d257d86b0f4a16ccbe3d83d973f65d45676e7f293317f9d75495b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2d7061dea86fbefb0750ef3b8eebbecb

SHA1
e84c624d0104e31f7d787f0dfe66d0f6f17ec4ed

SHA256
d19311c5331a0de3236ed027499479b0416997948b6cb005e719cfd471e9f4a2

SHA512
e77649afa1f35f6559df83fc37803e14f4b26b1b5a5f392bd0cb36a47af5ea5d76212d4d5d7c0dbfa9d58aeb16158ef2a33ea88369020a282e87d4caee71f3a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
de7dc1040bfb603d78552c43f96ec39a

SHA1
209da13941534a5f92a6da3e34eb3592a675617f

SHA256
4b8b50a7654548b503b9247b7df1813bdd468c27277f94d5ae0699152b145c38

SHA512
96397f483fb5c4c63c18c536b3202c93fb05ed86790961e35aca1b99a8b41452530d73e6bfd9bc50c1605a4b098e9910a8190d22c2074e653aa8182c4ce76f52

Download Submit