hxxp://google[.]com

Resubmissions

10/10/2024, 18:33

241010-w6895swbln 3

10/10/2024, 18:29

10/10/2024, 17:38

10/10/2024, 17:35

10/10/2024, 17:34

10/10/2024, 17:32

10/10/2024, 14:13

10/10/2024, 13:34

Analysis

max time kernel
174s
max time network
173s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
10/10/2024, 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
5076	msedge.exe
5076	msedge.exe
1632	msedge.exe
1632	msedge.exe
1808	identity_helper.exe
1808	identity_helper.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4456	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4456	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 3872	5076	msedge.exe	77
PID 5076 wrote to memory of 3872	5076	msedge.exe	77
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 1512	5076	msedge.exe	78
PID 5076 wrote to memory of 4704	5076	msedge.exe	79
PID 5076 wrote to memory of 4704	5076	msedge.exe	79
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80
PID 5076 wrote to memory of 1196	5076	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb11233cb8,0x7ffb11233cc8,0x7ffb11233cd8
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,17534185369955790757,4226138980033740554,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2376 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:996

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
a6bc5a2ab8533bbcbc9b756cd55b000d

SHA1
250611ccf0c6fffe7751ee61b0fa58e60c87dbcc

SHA256
b16914dbed82e8b286101a942759e2557c2ff347d871541b679418ace00a1a13

SHA512
c6ac039b25f98e12181e20336e7d1613d4d249093cbd000a5ed47ef26fb0903436186abb0f204fd61837af96dc7093df9bb2848974bf533d2128f7215af2e5f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
87b3a5ebe9ea55432a31569d0dfa3164

SHA1
e098ae9953b973a7e8e65afd755b62345c324596

SHA256
9c2c39f3bd0792a80ef9dcf53f80c2597e09686bb0d6b3077f453bbd0cb7e748

SHA512
99c5b6deac6dbc8d3fefd1f7039149645d4bd9a6dfa57a027e33324dc2604488a53fe338f037255d8e491551dae3a705cb3c1fad948c8e6f63af647b92790de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
74080b9a773e86751baaf6018c0efc18

SHA1
13f1e4432f0366f65ced9d7ca9963872c68021ee

SHA256
9a5f95d26e83c4955b81d4182696763ee0ad6b4b2dca96f727e60d029f9304e7

SHA512
c5711963fd375d8892e163b94e8f8621d1d9ce297c6bc26f4681de26dd5896ec60744ab0174cd621faac1b40c48f51966432b9bf039c4baa957830c7eae3f20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fdf787792c516edf181cd72169c047bc

SHA1
f9d66a17d6213c36b432df0f81313ecc0e6071fb

SHA256
409c56ed86779b538f2cc1efdbe8bf1509a3a5a10cfd66ec19a54a8684e01bb2

SHA512
5b684fadbff4a4b489c292022acf5ca7a599590ae02aa1777b66160f0262b5f28baf5032928d8487a588f660acfd371724033230ecf046f999fab50bb8699bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
417594a677569ce39ae74d8d0e5ac782

SHA1
ff261827dd88537add44fea46cc08ebf42b7d5e5

SHA256
3c3f80c2223d6cc5ab8e90d4b1ce3c91b4114ccf2a566926514ed4b3c7db8066

SHA512
617e6884248d4b4e7c7261acaf226be9fe3fffae5a682c617ab6bf9cfb7c60c20f93b13796053b697dd9c5a6dcff46b82fec4cf5ab8cc04fe9ba19cc15f96a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2c76c11d3334caa9502dcc03b453b20

SHA1
ae52d1c54b93714a5bd953ab370966e9a73df0a2

SHA256
bad052925eb915d945d1418f41c9bccf5972ecdac14ff26f76dee658007c4380

SHA512
58ac1aada6fbe50e25ed466ecb5c3df55623245fa0ee4538ad075b5caa695d2728b6db768181572cfc0a7b4aa50d2108c67ab438dfa06fb8ad69f8bc8de01d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b07b4f67ed2093a27b5c3e6201fc5e1b

SHA1
f091a9f62cd053feb9a8a404759947cd3b79377d

SHA256
a19c7d67e67da5300d95706c525d853e915b8a43769d86de004b7f58ecc3d1ac

SHA512
cef5ec85393ea97d07983fa802c6308af58aad06dd3d62f5a735c82944bfebd29964b5d778d777b954438b6384aeb2da717d0243c52cd172fae97d02b41fe74a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb56bd5afeff733d54966251f5c22f9e

SHA1
bd0d2b7fd9668b1c1f45b3a3a92ea54ad63ca294

SHA256
54ad6e9b2f35d8789a5240b2af7eec0091119c975884c45d8552e1489545e74d

SHA512
c25c93bdaa0f048e07d6550a2949b2fa3dfa818187f02572476e455bcec9b89c513583c9410296b06fc5c81ddc2cf814b3248ce75c0b844d294eb3b65c6f2409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4db3d678-d485-462f-9870-3c4a30013219\index-dir\the-real-index

Filesize
2KB

MD5
7334eb741d35f7d44fec73ffc09938c4

SHA1
997ec49dac07f996433e1e9497b6b9c2161b3f08

SHA256
3a0cd2595b63dda89489a445d79e7540ff57740291ad604d54747d36b15faa9f

SHA512
365ac9147dbe2030a57acfefd635a04376dd1d3701cf0a9a8f32874923677966ca6e91209298621be439bd27b282de6cbf89ac6b46abfbd205dd183ce359a6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4db3d678-d485-462f-9870-3c4a30013219\index-dir\the-real-index

Filesize
2KB

MD5
d78d9f8ad05a26bb8b23766f11e24c25

SHA1
2c09704a6bcfbae353ae3b3ecae6c4a957a95a2a

SHA256
d55f67f18180abc3bbf7ce42ca461c1c0143f753fa3181a35833c99c6e828393

SHA512
10e5dedd720cb89f306ec6bd806b0e81a512c6bc09955100d37e86e7b401771ef47cf264e3f08fa1c9bdab4efb31e7ad7f2b81ab3fee1b2f78f88ac3cecc4363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4db3d678-d485-462f-9870-3c4a30013219\index-dir\the-real-index

Filesize
2KB

MD5
a59e0cae4c67ff5ee201770907d6d19c

SHA1
72116ac2739099d7f690ea9dc4dae1b405902fd8

SHA256
7bf717411f51739e890f5bda53e9fcf186d12d97a5bd976bf888e2c44f8261c4

SHA512
e4dc1413e0cd876aa770ff977c52ffac2e58e1d9d67503c71282324bf977e4aba18d2523ce666cff7e88c55740edfcf2b0670c93fd4ace751baf65dd3f400b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4db3d678-d485-462f-9870-3c4a30013219\index-dir\the-real-index

Filesize
2KB

MD5
c93773b92f92264f0e845b03ae2b4698

SHA1
faed8c68ce8f939fd8a63034d27b6349931e3e80

SHA256
41ca4cbc6a19d86e38326b7d7d8931387f8bfc608f5a9c6ea8028dbf1b2c17f5

SHA512
19feac849528758aca40dba569654e920dc85510278188307f23c21d22ac9402de1bbda11604df6eab75660438b6afaade48509fa751969ec376732b94d080f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4db3d678-d485-462f-9870-3c4a30013219\index-dir\the-real-index

Filesize
2KB

MD5
774ddadec9ff649c2f760ff57005ff94

SHA1
0041127cf6bda57a7d6b5a2dcf9b472b54b6361e

SHA256
92db00e7334c47522d63d89a59d33b8b92967b7f20a2661c63fce584b503462f

SHA512
db3dd991792c7522b104b32e059bf3be99c668b90a330b7089fac837c6244fd5652bc19f0f971051cdc07b34d803aa852536a4fdcfbe3d1190fb326cf64e51c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4db3d678-d485-462f-9870-3c4a30013219\index-dir\the-real-index~RFe5829da.TMP

Filesize
48B

MD5
759e633121c75869d612d6606b6bb84f

SHA1
99b7d465a9c868ef1cca15092abe00903fb2c816

SHA256
bf3ff4078143d14c78ad131d63c22e5838ebe08d55562fb714a4896b7c489218

SHA512
3d487475d4662617f6da079142baf3e50284325777676e28ba3ff8a552a46bbdd8c54cf9b67a6412b2f395c0c7bbfa2584cb6fb2fc4f09ea66c52a8c902c41cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
1ac41d3ced5d5a4b8fdd6ff059883633

SHA1
b956ab9336335c525109fe0e80171d4a51ebe890

SHA256
99a26e749ed1f14c202bdada8906bfc5f47d1d15b5950c8c6e5289909022fb5f

SHA512
5fb14ef8f800f4dac1d5d49e9bfb04b8dc58bdce002830bb5472edb33970b642f1b08d4be1fd86eb4363b2e0eaea3adac08aa3498b0b896becfb3461aaceb6a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
879d48b7ac2ad6d481ad154d988ea431

SHA1
123a53277662c5891904ae70ed86edc3c253a35e

SHA256
1c58135e585ad12d98fefcbcb4e4049abcb2c84a974e375d9a7e34d72b57212a

SHA512
3ced13f09f28c2374613377ddb232766fa03f90b067520a8ee52afa9b80632f1eefc29bcbceaa59fb9730dedd5ea913bb9a5aae73d33689aa8e18a61ec4552a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
356bc879d1b5ab01314eb58c3798b8a8

SHA1
bbbb2ef18b6600006d920c921955970f698ca951

SHA256
74329099bada407789537bbc144ed9b1fa670d73bd6d6ba109a42862518c602a

SHA512
bb9866f0d63fc49beb9bcc8a8def2a501a416b1a1b3af0cd8e8ee52acba5813a1aefb354f845f75a386eec704a0082298dce72b2bd1d1cf1ff33fc96ef614446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
4f86d7246ddc6e1827a7fb9110d8f343

SHA1
d6e1c279e4fc1d2169d8bae3d9ff4547c4c31ef9

SHA256
41a7c25ad72031eb526edc32bca5d5dfbfd39e4dcd5208b244e4a9056d75f15f

SHA512
7234460d49b9504c2786161be286c6ea02547a17e27b689e2c159ed7d8b21463cdef425d007d47bc4be774dc7fc0fe402150a54eabbf59709f3c2ee9eaaad533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
dd2917ed8baf60b91183bcba537d04a8

SHA1
c601a67ca9d9144f0f1b1acd093158d589ea4143

SHA256
b9f5c2fac5ce9573335efd951738970f9c443fea5a26ef802497aac084eaeb23

SHA512
d872b72f0b6d48181e8b654757aaec38f76a197be0cac6fb06adc3a32662c3c28807cfcba02e301e38f7bb047300d2580c679bab85fe29606a1e475c09c839b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
022d8fd6230c2c132776ea17932cdd77

SHA1
706b3203a13d9cd0cc2487e81619b57a949e71db

SHA256
a82cb7195453a2fe8d47174e8559bdf81992601bb66c145f8a900ba4bf46b179

SHA512
cb68c4b5f0ffc83ddbe8e8df65a4a5eb974dabc5bebae7657c51782353a341f8b197cc968c9ff063c856dd2c2c76b3fcb8b5c91756be715e2b319cd8aaf41ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
b4d19ed67b1106ed8e89aaea669a6861

SHA1
f3d20b004b538a8d12b8530120771c73f9d9be64

SHA256
c19e57c33f8f80262bbb3e7559b7a070679eeb522fcbb674d52dcbeab45b9cba

SHA512
65008364fdd29d273c32002abf2d169ad84e12843f2a4b44e908e1ddaabcae96028bdf27a0233cf5bf7c08f181a6387d9068479e198c1cf727eb104213240846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d8da2a51a05a86cc176b3b95f797c1d2

SHA1
9c069bf8c6c1cbb81b9567516661be74d9384183

SHA256
d668fba3b73cf6b3d7d36654a33a45eda4a64d8141be9ff5a917130be2a0e7ff

SHA512
a5d7f6dca942e833c3db083e3f0f5c9232637bb12bff38c3e2feeab82a86afbf6224766e66011645a4f22a32ddff2e7e5b154c20f20c2779ffa284e74e68d025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5824aa.TMP

Filesize
48B

MD5
9a8c504f5a92923d6d1d304aac990451

SHA1
670066f091d5bf1b9bc9e3e12b8ffe1cb795b55a

SHA256
41f727d5efcab2e33bd8339648559411712049dbae4c94946a8726e388c7c982

SHA512
9252c3cd978192ab526a6ed245cddffd3dfda4151ef44c232a52da57a3102ce415a7d38ef4a3f5b35d304985b587ff48f64d4bb894bdea73a1af11419a5f7cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
125d3497137ff4b775521b81d1c4825f

SHA1
d8956a9fd614874af616d645834feac8d59c6c67

SHA256
8081ed5283ea8326db60c5ae0415071d3c87c95a4af01dfdf8eb263876c936f4

SHA512
b316ac98725334e0ced77328286886965f93f1769f096055fc4430b592d32240d83aed347c812ea8f4d6e09235c082f8a4eb7e1d843bdc9ae1cd1460c214339b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
c197cf89778b4d554995d65871d9c4eb

SHA1
5724b6e438a6e31d7bf09d1f6d005d6a2a7a11ec

SHA256
6e4dc4e221e4179f13187418472e17da1e1fe3a4e0a9c1e54f747b245891f9b3

SHA512
7c4b4948a95d6b273e96b019d50d78a0346ee1c5313091e015f62f8c6a4228a1c186c3d6df8d2aac7afeab4c6864c66da55fa2c9154f88ca930e2912f708e13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f6c4.TMP

Filesize
204B

MD5
e4820118bc8fa5ad17ff15b43931354e

SHA1
420aa2ea88a31b3f750122eca227c45285c8d9bd

SHA256
03217b27c6b531bd8c81298c6a826ec6a3b95c106b826f23b10c0c505034ec6d

SHA512
18dd34d89c10d96084778c77a064b195059a39f9a16fadd4877a2fe7ce6102b6f88ead43700b9e54286e9b6f6b049a4f050f01cf93b61cd7593248f961c891c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4b328f67d5c2a7e4fa1e3887acde9519

SHA1
e1cb69e095d398cedfdbbac785c0995ae23a8f06

SHA256
f2e90e9935b619aa0b057f78fd86a24523d5908a4d8d84d6c4f701eab0a14166

SHA512
95be97841509cb26dc7b00ce93bab7f818eda79a0d1070c85bc91d33acc0500437d309919dab78cf52c3fe7584808e74023a77078dd837c0d8799102cc6f0a42

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
899c74da95f4b9328cf498e7310a85ae

SHA1
e0922e8e35811156a8e5c04e9bf949a89de8c6cb

SHA256
d59c074d3ffda7cbbbf63b35780724c012af5d67a56460e23bef57d274cedf53

SHA512
eeb5a84b846890e5407ce3b0be1fb6049e6a86a90b5b7783c43597d0f610b19447dbfb0e879116517dd8a44dcc11d58f28fe57609ac44bf9461e83cb7a33edbd

Download Submit