hxxp://www[.]oningroup[.]com

Analysis

max time kernel
69s
max time network
71s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 17:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.oningroup.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
2788	msedge.exe
2788	msedge.exe
2616	identity_helper.exe
2616	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 3992	2788	msedge.exe	85
PID 2788 wrote to memory of 3992	2788	msedge.exe	85
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 2680	2788	msedge.exe	86
PID 2788 wrote to memory of 3392	2788	msedge.exe	87
PID 2788 wrote to memory of 3392	2788	msedge.exe	87
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88
PID 2788 wrote to memory of 3960	2788	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.oningroup.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e84718
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4559297773161670668,7658514722846015119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:5772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
72KB

MD5
7513fd280afc2a587011fbc3100cb587

SHA1
868f4efa802cce23a63a5ce312d337e6d543e786

SHA256
47d8a965b09e55eac1afcfcb14f6607f4a27b34f7d142789d5a82fc38a576bf9

SHA512
364bdcf57bd5d15653fa6babdf73646083bf43a4d2f2f5f36b07d96a2088e6a948e1199463f8302c6f24f6e25439c58c5dce3cb7c5bd0e584e017b83255ac8b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
107KB

MD5
7754a2ade9ee1317f6aedf4e88ba266d

SHA1
17c3a4200e1751d00f2c9a77200695cb70719f32

SHA256
65ccf9d5f983a31a76381b2b97314a315d358768ee7657cc8ae2c98ebeb0bf31

SHA512
a42143ed7a26567c9b7cfea782f288aeb528f6e86b080ccca4114cb9e7fd4a197afa3a3b4cba3f8ec97317cd7a6a23065df104b50789c183a555fbf0b0de30d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
22KB

MD5
e8b5c83398634f381d492645addffd71

SHA1
4c5f556636def74844234937658b32a415c362bd

SHA256
de71a4a47517b7afcd0702170e73d103d61fd1a14714fcc61afbbb20de326f80

SHA512
ee9c17afd3db090abb2bb11f79e058b2663521390b484a74a19e283b17801f10d277e4c1d55cbf5bd9656b8c22ba9ec66312c477d2308790eeb55cdc22b7e394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
96KB

MD5
aa1e66db31ae5c78382dce6154271ab9

SHA1
b82514af25808cb1014002d100d22a64e8942fef

SHA256
242121ac893235b6543ac0df30de081af9a7c5b9d81e85de62b98e63c99bf955

SHA512
c0b602d74eea8c7c6ae5f0458d8214980c6880ce014d558d07d4e5247fadc91fb1006493d7ad012b4849e9c38fa25fffd379e5104c71f4b6d41b63675ad2eff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
24KB

MD5
84e176550355f8ff326eee0fd0d1a3ac

SHA1
38c57e84afcda23bd975792cbf18300e4dbcbad7

SHA256
3b1966edc512ba69634d54ed188944c6df16999736436296872c151644f22c3c

SHA512
cada5b2920901053f9e89bcf22709a1632468182159008077aa0652db8e10dcc28cda1bd1c849e5e02ba00b174a2ca3153b3af2024eac99866667f11d55d0917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
145KB

MD5
df2ac439f6d3eea96889e9ecb34ff2ca

SHA1
8b795eb8d7d3b633f0df48650c50f0c287a4e6b9

SHA256
8599a44cc10b38db5705caac6a5fffc1fd6b251e7ae00b1a091ecdd79ed7e062

SHA512
7cae973ea54b45bb146c23692b869f17adb173ec2ef57c0832b7c8248e36852f1861e51ddab51c122a5d60c29fa339876c0878b430da78fc837815a3ff416522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
25KB

MD5
ce96d3f20c1c1f1a7d74c1d66b610790

SHA1
ee374e25b1655076fcc979d50854a7302cea1a06

SHA256
d9ccd757938acc2637106956bc422a2ef33dfa2b60c14dbf46b8fa8740e54d01

SHA512
b41fc6482ce313ef84094a68321c5d7f48368fb063ca1a5ab4d5bd2e3f80664805a8d4d271833a7846c0cbf5b6b89934d47e4664e47753233e8c069e898d2083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
18KB

MD5
0cf73a8f0ee8758a24aab3f00f180aa1

SHA1
d5c72f4acc8416af7d793e6accb5cc5f5d34a24d

SHA256
129c19a266e381cb4a50733857e9115a29a1012741dd9853424cdfc1d1e174a8

SHA512
25585e3d7afe647c2bb19104d245dfb3da986ad2e8e67b4471bf6f7cbded64dfba44a6fd98e507d21ce8dc24e9c0ed4c6868fce60ebbee733ae4285b297a72c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
89KB

MD5
b9b69d7f7cb24c362acaf680216e3753

SHA1
d9a4cd259d20b8e2716c0fc5e0788f5991e116ef

SHA256
30d4ca279630b121d0de1776fd1516954b75db73a44f917849fd9ccfed95ba5c

SHA512
668efc2816bac0282a00d29b437f37dae2e135cd68358a9fa0462c932dde9332fca8cb0dba17c73f66fc68369159bbc8249c04b6782e9367f7c691d7272d0857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
89KB

MD5
3fdaeab8845db0ad4e40ea4c088f750b

SHA1
d2225f214299b422e14b7c1f78cc419efd9206a2

SHA256
7196285626034e6b366cedd653c8f3dcbaa87df9cc6dca1307cefaf8f1714a85

SHA512
90cddebcacb3e2257fe556963b1715b9b60fd4af9de733018ab63dc09ca294297b0e29d5b031602d32755d38e20b0bd35a7d7222790068f041a926133c12f9d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
179KB

MD5
766ae8319eb10c99d42ae09d91d4465f

SHA1
fe0b08e66e592393fc914871e55739ccb83b12fd

SHA256
e230b7046c7c4df6ea5c092aaa61cbd53e23bdbfa463e46ddc028a4c6ff7e00d

SHA512
580c4005c19750fd706ea8ddc47496196e45cf65066fe1c877703bd75ccc9d14d2d653dea1070c54e97844d84690fa17dbbcfcf6025d753c3a7c053eb62a5054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
55KB

MD5
b11fa268c8680943b3b200f89ae9fa74

SHA1
fae1616216869638c411920cdce7bed94a4f5718

SHA256
25faa944db834d830f06538b9e1df72f43cfc975922c670feeaf4e72e789114e

SHA512
771383c9414e1bd2c7ef1e196b883e7a8c2c433e806345941d96b0efee56164997eaf7f61c28d3e6365a0808c89f7fce6d2478582f8b2ac2b52e62670588d7d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
62KB

MD5
1facce1a31980624ba9347c41f7f051c

SHA1
90dcaa76f1fc0197f06e39d77f55a10725228f5f

SHA256
e089bcfc8021a71a1d81c54b7a9311eca984331f17dfb02dbaa0e8bca0a69fba

SHA512
1924769bcbe48354a43ec2020971f98fb3aac71d86c8d9e850948e9da6d9f500b1715249027e48b61139de655a35a9243fcaa73411f05605304f726752250129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
24KB

MD5
3fae285824040fa1bd0c284a6148bfa7

SHA1
0122b9ba578abf969f97b525f5e1d6791bdd857f

SHA256
9b93e1763ea83f11e7260028c6e4a74f1d7c2ff518e0d04b4e22a74dcbaf4ffc

SHA512
6e3e48c7eba7b51718155ae85427d9587cf9da22813b774b30861b0d64bb4f561afd97667e9bfd5b63a2ac49df86553006c8d482be6795e0dcb991e1e7f79316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ea26a9291ba9b541c4f583b925651895

SHA1
97373a155d9b05f7727ec427822d756cf53fd28f

SHA256
d87633f48fe59b015a76a9aed244bc612733d70a346b2490b82d05a797c78dc2

SHA512
e1883c435ccf4e7d4ec7dfcc3156a7293bd7afd62075c41feaf74d1fc67b7cb48877e2cfe6acd8f1d208639a89e8b12c7105c6304dbad2d795a63712f23a1999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
488307d4a8becfa4db5848401478aae3

SHA1
dacbb38af4ae0587b0a72c1ccc5813a56c590795

SHA256
3e5fe82e40b4c348190bff9595fc573922b14589c30d07da6fbacf76e7bc9755

SHA512
7f97fb26eab893d1c550825420b004b0725a5baae53725a2188900c815d1e3c7381143f7f434594a9a7e2b653bdb12159ea46de1bb8ac7f726015782c521eb71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8d27dec49cc3ae6c632c25781ad265b

SHA1
2201b90cdacdc2801c4b4be4f6599b7f1b74cc2f

SHA256
cb508ed6ecdd00ba80f742b7de9f310325744fa94b2e0617e33022168a2b5bf9

SHA512
9e2cd9a325debf3b9d499c9ffcf6ddb7949a9963d52166bc34d20fe5c73c864883c6975c36e3f4bdb7da620716dcf37211296806273372be3abd6a78e7b4cfd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
629a3a081b1ff2de13f2d0ea609bb775

SHA1
122d27f23e86cbc0a3e050b780c50be70e99599b

SHA256
defcc60069ebd72dbe4fde2157d827756c9148d74fd4911e56030769678d893f

SHA512
b8d98f88061d0b2ba95b4fa8f6b217cdfd5a32d5e0899acedf13864afb91cab5b9b290150dab6763929aa8e97ecfb2d679f41a739c9d7751404a2de8133e59ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a1d5c1b45851dad3f08050ba512b21d8

SHA1
1ee99a4e63fb45af10a190536dd1f6a6f56c10a7

SHA256
d7b576a3c2d888bcc7e71dd7ec0210ccb59b953b40560e1e6d35e70bb1c0e0b3

SHA512
4ece589223b768ca318e63f3480d5adff62860ad6ffbf8334912ab634215cc83b0ac9a83f6d7fbfbec4f0faaba80adfc1c0b64021b2136488cb03a34758d446b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1a68647d3049f55498e182ecdbe31da3

SHA1
219e97c8fd9a8adeaa890edeb4ea4788979a5b6b

SHA256
3e0a23433f07b31311c90e22d2c44b47130c649795a9f11854d7f3bb8429e4bd

SHA512
723b40520c216fa029bc1ca7deedebe64f3abece5dd2b9e83d4d2ef4f9978d5b5c81db3b23d55f584a0952786dbdb84b3a70745294eb1c5e23b377f88148c482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa2b34f20da12f076c3fb76853c8b4ca

SHA1
dca36e3ea26350a453deb01e2212e1d1e3883f28

SHA256
0a9194ec428270deb1ebcc96857cf1061d168926b010d8f53066e2ad7ca5de5b

SHA512
e97d2466c4689353fbfda9673e346bab098fd4d28cc0d4692379b60e2122c0ee63442ab5f5188fe70a5e398a3a3eb4acff40566266d769bc537c743a10be7ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a5a34989c1bd6c59a1430195982cf534

SHA1
16a91f945771359d1f455c03c59da07f622574ec

SHA256
4f78f2cfc87d661e48682b3c9b2fe40c57e3d0b752be585fdebeb75f25d9d15c

SHA512
969bee3098097aeb8da2909a8d74f7068db695469ac1ee05d46779b66efe3b3a2b757bb85e602156cb509c96a064eb67134478128f34dfb323c9a4136ac6cba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
48c7c0af7a9d7ea4c6689366465a3753

SHA1
9d4a2f052f0dc6dd9a79ddcbe0127ecfa3f9a39e

SHA256
adc70242994c677f39f96acac7d15c3d2d6d399e4098de7d7d7bc1c984afec59

SHA512
a73ca3b28b61758ac453264990545ca4a76cf25018942d1f8f6416422f92c96a33cfc58742af208ba1606a32230378cfba76007ffb889998feadd66f6e6b518e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea31.TMP

Filesize
1KB

MD5
979f5e120475b37926c4347b8641719c

SHA1
1b1c4567abd31c69e39c137fc09481928c589ba0

SHA256
3c0897d43c573ee506ac51d5dbf963d485a897c8ef54f06e5ba78da131654dd5

SHA512
d7b13e1f1a065eb485c618204d325ed6babd33f0467db56cb9b2e5d8de1901baad0e73adb0029f9ef038a25d8556ead84088807c4623c7849dac4a8e5c25d929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fb9ca294df8fb19526847c51e201df1b

SHA1
08072e7cd007690b6c1edd39f5b15551682b9cd9

SHA256
b9539ed57fadb143a91b7d2f0e79883345b9bd9c2edf6310cb4f33426d077be0

SHA512
de2abca609ade1e432c395e1735921ab5eaf8efdd1455e3413a6410d89fd93f563634e59b2775e75ae2e545805a95281b88731d6a79a17632ae0f366281a12ea

Download Submit