hxxps://lidsaich[.]net/4/6551683

Analysis

max time kernel
83s
max time network
84s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
30-09-2024 23:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lidsaich.net/4/6551683

Score

10^/10

alibaba discovery phishing

Malware Config

Signatures

Detected alibaba phishing page
phishing alibaba

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
13	yandex.com
86	yandex.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
728	msedge.exe
728	msedge.exe
4276	msedge.exe
4276	msedge.exe
2816	identity_helper.exe
2816	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 728 wrote to memory of 3628	728	msedge.exe	79
PID 728 wrote to memory of 3628	728	msedge.exe	79
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 1312	728	msedge.exe	80
PID 728 wrote to memory of 2920	728	msedge.exe	81
PID 728 wrote to memory of 2920	728	msedge.exe	81
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82
PID 728 wrote to memory of 1100	728	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lidsaich.net/4/6551683
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb13ec3cb8,0x7ffb13ec3cc8,0x7ffb13ec3cd8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,17075758937235783033,5991040307746520871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
36KB

MD5
e1b9f0ecaaebb12c93064cd3c406f82b

SHA1
f0e872352fc5af11960d0eb4fd6ed09e9e98f4ab

SHA256
39e72c0794c12f2dbb14a0f61ca946b535f795b1478fcf795bd26e5cb52ded34

SHA512
5fe73910046b2873220a73be768f1153475a869ec0e59abb06609fef867b44b84450ad3c3140b47328defbbdd2ce7740791f1795d8160a50ca0af058f925a0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
45KB

MD5
adf5b614cf48da0df151e1fbf8d1b0ba

SHA1
c6d7d1a03034d3ab5c4c7da14673470d80a208fe

SHA256
a2ea24a47789476b4f1e59fc099751016a6f31c60390b164691e505b31736391

SHA512
38f398fa3fb44b478550433cb8372a57401aca032f3902e5b91f496ceb7670e1e2546611084746a05666ebeb3885cb9335fa0bf722e9879159df21ce400605dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
128KB

MD5
350e286aa097b002349121a926cdc88c

SHA1
30ae096371488c5c6326d0f870ac35624059a987

SHA256
81578b23a76a10b7ed3ca2afa978b71006c3c32c36f683dee11ac5f740822bcd

SHA512
e04218473aa357bb3b1a446d79e69a7e1dec9a7c40f917cdb63a05a604e5b557e5bb7986e75d0813354a9cbda4e94fdf0a167f74597f217df8784dcbcb7f8d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
30KB

MD5
0fc1709045a2eb8f7795014d24bdc0ad

SHA1
f77f8231a05aef633fb57b13878a390ff7daef0f

SHA256
fd3348080f17b4f21e868b1d2d797ac6d61e48456f08c5e450c20df6538498ab

SHA512
172b57e581dae8982c7c80679a7abad2d7967ac67430a63312c55a3525a6a7645771467fdb5444c0653d5d02f0cdecaaefbd97082243676f8330365af5a09a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
50KB

MD5
9eff7201cca4c3d395baa99f596488b9

SHA1
34ec908a7b0bd99bbe806973395417462cb57d7c

SHA256
d70636400e2681df868c322426d1b3bd9cd9add8c000d29c643c85cfb4d5749e

SHA512
230d0455c099df977ba887374f81a0cca7a57dc3f3f25e1a166828ca958db0f7cadd623d4b3d4b3d7f142d285da3141d899db116a5571da4f2ef737202efe19d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
51KB

MD5
0685951fe0fc4c97b6b486c471fd52e6

SHA1
a4f5edcc5c2f653b50c3c8f4d1e81048c475811e

SHA256
d53e3ba4ffe2b7f197f7ae0484afa0b2126ff736b2fc45153cc3ca6938ca5548

SHA512
6c2c7970e9a01525266730bf60c443f82de326067985f06a4f8bb576cdd53817457ba5c5519ecd7e5f5def1e746e664b3ee55d757b43448fd7a074139e104fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
142KB

MD5
8551e0c31c8e57dda54c020021af4a55

SHA1
8417d71a5fe3c99c77d80da9e3b79774fe3dadc6

SHA256
21c36799d13497bdd7a803183b8c6a6058a86a25c71f4ba6e493ab155a5a574c

SHA512
973b26a3ad0ae7cf6408f5c2bd531633958d7e677e76f1da83f5754bfe03b5c06ae9204a759ea525c8e40a6bb347465da051cf5670e060daa81f084209d32cef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
33KB

MD5
6819432d3c5e5d5a277f244e68786590

SHA1
f4a355ab1a265f734f7decac01aa260423355089

SHA256
59370354621f4ac565797f85d604d12686d3fd36bcda5290bdb2b4f824e1669d

SHA512
c15d7ab03ba912590d1b87ae32ac164590d53cdee73d2b92de4910cc26d84385e1868351716a7642e1511de91813c2fbab213dc2bc2ea56d10952dfd21dbd61b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
35KB

MD5
3e56274a9b42f084f0f5f3ed7abdf194

SHA1
aad01ea3d9c2535d6672852c862dbbd8f17e1d9f

SHA256
4429014f89d7530b71fc903264cc51357d7ce4a456568b40beb7e65530db4200

SHA512
19c6ab1a3dc72ed9af10440b3e4e62e90f60d00c418a5feb37bd12ad65312b3767c823045991639d78c9bda287f7c8ea236c284bbd31da43b5ef606ad19bd928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
223KB

MD5
8432575a9329ba97b18a9c3ace2a9580

SHA1
c36adc17f218c192bf5476bbc6094d33afcc133b

SHA256
095b2253a7ffbc214fc6613b6cc13ce163a9d82691aad27febc8b19a9d4b098e

SHA512
aef3c2bc842e4461fda4ac309dabb02d30fa9474e79391d5e468d218408e9e6fea688433d0e13dc1fb1cfbe4744c2a7f54b92ffea6ec445e869da3048b48f779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
46KB

MD5
e802d43ee311f4de084e7a874f6d3963

SHA1
ba0d8b77dac74df9b1fbe5b24af181a61cf0efb7

SHA256
b37674fd32a4a39d2de4e8b1a66f476e4a011bf199168566e25cd55c83a9a7d3

SHA512
6e41ddd26449e82f2a6b3b12facf5ab3528df413736cb7d23f30409bb65783ea5dfd25554e83b2261fa08db8cc7c46fe3e2790b5d843117676e27cf197af757d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
31KB

MD5
a1a8ad728719891531d2ca0898dc9e0f

SHA1
24ce3223da7af585146f4e4861cf1ac41834e1e9

SHA256
3a958fedc25c8a6ab59d36181fe8a5467017ad13174f13e6b56216e4c5f4cbf8

SHA512
9220fa75482313c14458b0bcabde060564f9fe0e8c6e50a676e28b9ed3d3ab16e73c45c898612891c2952007d5c52fbc19e780109fbae4cf9348567368c326bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
230KB

MD5
a047a9b0f5bf5b46e4844c4555c60d24

SHA1
872b72f76a2b821a0ff6a4195d189b9a89d46666

SHA256
9582b3aa0eafe2c3c9ef16d492f77835abc20dba1262beadf1cf13ca4f840fa5

SHA512
338396b234ca91ea6ba327c83da7dc6780d9cf02ed37aa313215619b1aab89ebb7f4d72150fadddcbff43f345dba7e1496e6a6a1d734aede7d501beedf49bab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\91b5eae9eb34feb2_0

Filesize
49KB

MD5
14d0223e7745c3c81e1c314b01215541

SHA1
14a4c7665be34c41f4ac33d46308001d4a15182b

SHA256
7e1083cfd9dd893ebc7d70ebdb8d4adb833def5e78d1d5fbf92aff1a790bdb6c

SHA512
c4c5c91b653c4f7dd77a1b4f95571bbb29c160a985af3e5b1ec42f478876663c088b5a6186cf0a749eaf07f0f5d2810cbefb48a07a997e5c1c1ca65900631069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
c7fd8feac6526194c3fe8123764a3d9a

SHA1
5f4c23e7ea0378ace143d8152ff8e14b4d7ac6b6

SHA256
1d45e75be027b33c887780cb5f38f9c26c4646d7980e43ae4c420cceb9722b7a

SHA512
fd2b034639734dec48ca7af890345fe8d0866d632484a080e0cf4b96123b609d10a48d039f7cd5a8641276d11737c6f852f74dc5981d46652e90781699d045a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ce47d76cb612388a63c29d3423e4c7b9

SHA1
62b68b88a2653c6e978ca1dfb4a35be6e3ccf30f

SHA256
63d99495ae11db267ba123dbed1fb6400772f8d1489853796d1f9b5abe207af9

SHA512
2c3acf74e6016351a431148e064000291920adfe178c11df281d1a2df9d409f972767fc838eccd156cc711eb8593a93445f73b574e9a74a82f7277a88f064f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f0e642ada8f3afcaca79deaf90f50a1

SHA1
03d3b620df41a6894746a5410e494447f7d5ef36

SHA256
f59c64360ca534176852c2a8e8b531e6bea9c2809cbff52a444be69c34426429

SHA512
f15ab8e594e64b748c2dfb2212435cca3bc3122b1eceace50e4e36943c076b17e65f8c130ef171ab62dd1761549c562de51c9d48f1b9974da0d3a28be8600d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d201d82ae61be41269a3157ebd3d3f8d

SHA1
3c22674d049e09432cca09fc6d246a562fe5b31e

SHA256
31a38ae081af26adb55e14b47205757624a9b704d812fb506b18e42a77275fa5

SHA512
023bb3a0529ac75fdce3ba45a1dc338822850a6b4787d511774e32c5b94b5da057a281219dc5c3cb8080e468b8e1681a70ef82e25d7fce8c2423ff4eed2624d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d34b980263cc0dc1bc395033202e186

SHA1
f6d6834b291f16e069397634699cd19b88282d3f

SHA256
141d67a0fd4e5983a2902af848a341b169cdfe9a174a20e2a870056fd0bbfffe

SHA512
930d1e93039d3cbfdddec32578944b48774691d649951df440364319c6d3f6c2ed846d7b3379ae408efb428941a21898900e1cb0edf1922c1d19983f1fe12310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9ae092c68bbb643b3f3417863406b9b

SHA1
7c1be87af626f5007a488005783e0bd76cf47854

SHA256
6fb78739dd79c07b2269d251f6d8d13472a296e3f90171971e6da81686efd259

SHA512
e7ba8c113f417def0fe8ce0e68f457f2d82aaf564bfebc9dca9b08c5bdc73a5fbb050935268f8c0fa6d773fd05b5f62e609b0729e64a0d58ddc5fb749f81cac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9f2d2711f2450741d3358ee3ede9537c

SHA1
d2bb9f8c231bde81d42985c6ce68033b1cba8103

SHA256
249bdb84edcb9519cc62f03c3ee01ad7afa431454e391458bdde201374812ddb

SHA512
d03d70af285359de33392a6e77efe94c7328f0c6522b1b35d985253e14daf299f35c05713e10b1814a409916bf6081b25685786429e97ab4c3065718b2cefb55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c0f1d939cae8bcdca4a6e7bb78281b9d

SHA1
1339476179db733cc727350eb964ad2d82a1a040

SHA256
ad404011c9aa6b064ea272f1f0924c8355b984cdfb7fc49177d0d2e5e1b1fb89

SHA512
6b30113a8b1078fd1c34d5db2f17430ac156104abd56d03d539eff3da3633c2ed4b22e6cb372bea4ec3f1916271a1c704a28e1fea8e8a3d97da80ba83e2d4f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590083.TMP

Filesize
48B

MD5
ba8880b72bf505806e326687f9ef0e8d

SHA1
23d4a90f70064cb5bdde33170f84cac4a6b1a6c7

SHA256
beef53ec475c57319ca11a22a61dc955fd48e5587237c0f9ac498433d0875811

SHA512
0fd036b89030c16eeee864b6afedd448d590416f59ee264e87c28003a396d3cd8e06b490d17e67c6e357fea210302ccb6d8f8a38f27e1504598142dcbeb16ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
34278e5a10b5c0ca77fa56e758b4097c

SHA1
973f3fc27b55a8c32ad9d89a1af625ee39495f46

SHA256
2e0e1d098404c7e04ce8b4ef1024bb2721c10d5974a796c9c3f7f3daf2404979

SHA512
e9f5fd995f5db94396eb05510e4c196400bff86c29d855bdd850df82f343594893efe276f4c623d3cc276e576976605d78cac0545d392440a30332582cb0c717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
66211919657fb61af616fc78db7eebf6

SHA1
a8de2979f12fc71096464df1874f3e1d4155cda2

SHA256
46d88dfa5c4eb41d52d2074621b0135f1db2756eaeec691675fcff4929b00f42

SHA512
12802552164d5842a867d35d56cf7ea134469db7e6c9dec12bdcd77af8bb5be7fc26f1683aad7b5fa68bee2523c39ee94940224d0549f79a340d85c3ad6ba9f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88bf148330c21cce7671be918f79a815

SHA1
0ae886fd67864551019431763858e8e415c295d7

SHA256
620e6f9d9740f607d888eec05626f149d05b3f2b005163170438035009b1a0e7

SHA512
00a04ab1e0c5b5f2fe51ae1595f9ae1eecec0cf630665a208989444a4b03584292a887266dfe4218b23b750f7e23eff8ff553cf1a70b1bd74233e8d46aa83c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f206e022e060087303954420f4d8ae1a

SHA1
6907742dbd4299240220d750334ed32e57e0cc79

SHA256
57904fded13fe446dd28520d53784bd8ce0ca572bccecff5317dd13428b3e813

SHA512
a3323291403af03f3cef035d7a035fd8d9658cfa7f173bb4d82ed7e668f6f80658aa5ca7add2e4fadb5a14089c881a0157d0d81a61806a7bd1cd32b063ab1ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
538f45e46fa71aeafef884a06810a4d7

SHA1
828f920c3574d06368552428c843301a8a05f667

SHA256
da28881f953f5bdf43d515a1171a6cd2008c6b49f1daab4cab7c05708212a253

SHA512
36abfbf000b646cad7b5967798266024b1ee0683a7919dbb2e79ed30b46c43a83a6bbfe471b66fafe6138d0b941ef2dfde1217deeb3e4f198af02859ee3b513c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584dfc.TMP

Filesize
876B

MD5
ef3318cf1b789f8b512f1f58fa35c140

SHA1
cadd65441f85cf8684d6d7bf0fbcca2bf9719de3

SHA256
e33659cdc795f9a7de1f0c0b86f97eecaecd6f79e469606e0802c4d50b30e53a

SHA512
5575c2121875e138152d276fb9e50d5cf6d9b929d492f093566e612dde05ad6f4388cdd59f68f26039f4db290671539657d380f645b7a9f8fd8d81cc2fa069db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5c639e7239308c15aa51461fbd0a2981

SHA1
31edafdef2c8eef051d2efef1d3dc9d0a3d17c77

SHA256
5fce6ee6e2de49eff56ff0968108d5a898d9a3b0ee3e765dfea20cd3777ef416

SHA512
eacd35c63fe8702c67c71d2f185e4a0bc4bb84baf1be1d56ec9a97259f24bb9982b0a7f05ade010dc7b6c585c2485fdcd396a55db8d7bf7f3fa08080e3cb2add

Download Submit