hxxps://kolenda[.]us9[.]list-manage[.]com/track/click?u=3a435025ee2bca712b3a18a89&id=8368f4bd14&e=fa67300d55

Resubmissions

18-10-2024 00:11

241018-ag1e2svbmh 3

18-10-2024 00:02

241018-abldyaxbqj 3

Analysis

max time kernel
539s
max time network
531s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kolenda.us9.list-manage.com/track/click?u=3a435025ee2bca712b3a18a89&id=8368f4bd14&e=fa67300d55

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2620	msedge.exe
2620	msedge.exe
1488	msedge.exe
1488	msedge.exe
4652	identity_helper.exe
4652	identity_helper.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 3940	1488	msedge.exe	85
PID 1488 wrote to memory of 3940	1488	msedge.exe	85
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 4696	1488	msedge.exe	86
PID 1488 wrote to memory of 2620	1488	msedge.exe	87
PID 1488 wrote to memory of 2620	1488	msedge.exe	87
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88
PID 1488 wrote to memory of 2360	1488	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kolenda.us9.list-manage.com/track/click?u=3a435025ee2bca712b3a18a89&id=8368f4bd14&e=fa67300d55
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8e4a46f8,0x7ffd8e4a4708,0x7ffd8e4a4718
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13695945118994086750,6412338268305753454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3267c68f-1b1b-4b0e-a91f-7de808009e55.tmp

Filesize
703B

MD5
7d4a42cb2f5117ff98e91e8f40dc527d

SHA1
4fde92db0ce57b3b070e03e6f746167a6bbafd1a

SHA256
5865a8ed5a112ae539590b1f26ca547926fce5a5bb35bffb31d0665072e8a9e6

SHA512
41164e41479ec0acc80879b7c68244ef5323f383d257f50b7dbc8b7836d699eb5602a13dc8b1fe9b2d2f3e5b77aa6bbd752e5ad1401df7378c74dff48315300e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
17KB

MD5
d0f4a9fdd452f147d59e321ff72b84d6

SHA1
a63ec066c0407260dc788488cd7733498a1e5d9c

SHA256
085f8ae1f27f45911dc4a1a56353bbd5581a7c5b1991a685ed8803c325a20e1f

SHA512
19a7a9a92f2aef1ba52da86066fe27224687f8548d0f46c0f5f507ff829e1673be69e857e887b966b58df2c31df56c316d791170b6e31b8da0695b46edc90840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
888B

MD5
fbb2993da81bf4717ac1c17b1576ab7e

SHA1
564fcf86132249524927b2cc2c00d63c10a73725

SHA256
9d549aecf9c5938817b804b81fe66437b23f828c94a2000ab5561b6ababc7307

SHA512
c1eb5814b50e2ea40d99d8c54eca56c159b7f0601ce09b9206817820284253edc6f0dd796e1f8a70f55aab40366a31b598794b8efaf1d600a7e0ad8f1203f22d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
28ae17afba3336c80719eb640468a95f

SHA1
ebb6a6a886cd38eb0dbfef094dc365c3bb2d2aab

SHA256
446b4bbb2f36f806965e6782cc64ab76f497d3b3002e9391d97df622d46ec770

SHA512
49f87b78770d15e05032abd6219cb07491228d3543083f335bb3971758244f7735a64d9e4cc7729e7dfb3839d75595c66b448e43193f6c3ab823aafbf3501769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
7bbb031a5c876a358d59867b106ca55b

SHA1
b28410c8c7664c0ab50711b2a4d96b9e50751909

SHA256
d366ed830a1cf9b847d04433576c95ef82bacdb01ff0e3c4a28ee2a1fd0a2283

SHA512
d3595ba4b0fc6f4e123e0a38f3c1ab0b5710e06166acc3c872b0933dd769499ecca4d44ab19b9d22613170a8292108e91bd20305492905845bc90a4be29c1778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
6a166fdba84a26fc9cf500faf9c9ad65

SHA1
90fc8ae0918005123a4b89a102bffb640e15554d

SHA256
2ca491d709e502b59936980e70567931996a4ff8ee1bde5c38d3775c96063484

SHA512
8272f82e7c7889f81f2d91e2a8b41abb573b77ef3f7119fb79c005f3bf14231775d8554949137262d32b465e1a5320a0709a02216582e12826cdf23f0920517c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
92f5e28223df9f4eb0d54ea24f6fff0f

SHA1
f6a2dfc74a8f5904495916fe77e6686eef8456e3

SHA256
cc1b82a1c491ac59bb4cf0947e90945a243af97799f4d15d4bb50069c8cd3aa4

SHA512
ff4d3327164ae46cba34691f55031d84c2794c633de7e2ca4bae238aa9268bb13c62223455f21e68bf17006c63d360655fcc2d71602aa8aed1be2c8bb2c7405d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
4d0a2f4666fe696d0e5e9ed419629448

SHA1
7ae308459da8872e1a73e31d7e87fcaeac3bab01

SHA256
1e449460a4cc1df7c855299ad56295b80a2520d6f638f864227b1458fe98d51c

SHA512
612ec97d942122eb3072f60f6a538f6bbefe01822fc4b846f87c3d1619602808e0fbf9dbe647151e41ef5a9790ae17cf3955480bc2b9100df07d9423ecdf77f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
34869f31aafac262e989b9b71c7cf1ce

SHA1
3ffdd29fd1b68bd6ef821092212ab7abd477a4c9

SHA256
48cc5c46cc1f19148a52e8f9bb3ac9876fd16de728de16893735ebd8c0bbb3e7

SHA512
5ec8a159967f5e898a0ffb31b47552cfaa180978b31b34d54f60714f699551259c4016a826e87b48dff3461e9d98641f9d20ae3a7a8c5ae068d72f92e632e4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
15e51ca16b9605134d2405fd734fffaf

SHA1
effd47d82b529e2538c8a1b695d595f7ddcdf292

SHA256
758098ce0f3710461b0e2a8bea928841b30a3caa3901ed5d7582ae29341726c7

SHA512
57bb4e2f3abab82b1b830fff4bc18a9776fae6cf4975725b4c46c8b6227419faaef164278994cad099d92e8e76904228e2b2a439b24833aa58564f9aeb8c83f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f5fb6a6c182ee0b394384aae43a9adce

SHA1
493f838675fd4ede381d1b8f1d5147c9b90269cd

SHA256
0489c8d7c0b96900851363451ce79e3e11e1dfd5d4bfd8bfc16ce5b64ad6df7f

SHA512
b9e92bd10ced63ca35e29d739b983010badf21c703bfbc79a132de09eb0080587c1ac39cd738b842635932c9290365324fca954d3c0acbd51e2bb8bf252bba43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
226b6fe2be7eb8268bf8140228ce2656

SHA1
f033337295584acda11901aa5f26092c841dd9ed

SHA256
f47bc53aeaf5a9c01d153a107a82ee75c58b0d1ba67a5eb749dc66ac4c313761

SHA512
7208c9873727fb46ef1af3d3073a81db0e74f3432c7643e4f76ec64679ca67dc110a702856aed4fcbbcaddbb5668c5f86dfc048068ce31a77806a5dd05c6523f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8e7b2cfb3ab57da595859e562a3d153

SHA1
62b7d8d5bbfb13b0dae6a42396cc83cd3fa4d3ca

SHA256
0eb55339b18e3ad1260f590753ce249a766fb8f7e449310352b0ce7cae813030

SHA512
4d8c76f4fe6df76afe85349bc78c052207ec22bf017b2b81528af966c94d0ab9425c012274ab73050f23bbe990722221751f8ac55f41e0ce138b1ff8781d2000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
758d3c71faf64647511ba4903f8834b1

SHA1
2c3865de58d0d03acadc8b7403a324d75655a7d2

SHA256
2d2d4df8a1d245b03eacd3a83571ec92a4fa84c330c71261f26136213929c0ec

SHA512
63f34414f70f790476a12e0d78bd1af85fdf50931f5c074bfbe5b1db1ca356a602400a8a03ed789371201e8aa14e8db51e965ef627270495538e4f161112e015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f988f607c2791f7238e5b8912c52787c

SHA1
48ab0d39858ecf510265a27db14c399bb1293fb0

SHA256
b20fdd584deee598e1dad5d0d19f7d4c935d66dde92652122c928dcfe000cf3c

SHA512
eb7cac06793bd4abe27e1ed2991564f39002fe9076e693e6d875fbeff41a67427de1b229564d7e0b873ec4cf814570908cb33838e976c59bf191632418b7add0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
94a0c77ef0c8790e390b5a4456bc7d08

SHA1
638e06fb6816e48989f09545a0f9548e518ad8e7

SHA256
f7f2464adffc791515368151cb5b7b38fc8fb2f71aff196c6c322c8135bc7f92

SHA512
801b1d460548986f4cc3354f01f4333c986ca1c7b86874f9db3b2c7f1655525370d477bfa8d30dd5716da447d1430c2dedb3998f3b8a0583b204d942576fb229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d4122622583812e80b8bc2505d79e23b

SHA1
0ad29cd6725fbefc84767b495ec88f3a26666055

SHA256
0db162ee19d4f159b1af55452055c211930b5be2cc6d87cf8edfb7dc9e904943

SHA512
fb9af62a2ccf3361b842911ec9a0f0360d67dc6e35258d5654fd5cd940de616adac6bf8ca60de1538e752ba77bc2b44fa73097b579a53a9f85f305c4e22d6d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b918be48e554003b485140c9d5f19315

SHA1
baa75b2c4ad99f3018be86e37af902c3033097a1

SHA256
affe553bb7889e94daf05d8c8b1893faa1075e8640f7559d69522f250953fb87

SHA512
11d7d729066730bb263dc2ef383fae3f88eae9fefd252a4f5174e2568dd36f7b0a19641395a21273e8e7349c0bf4fce4c440db8c7a3e7bbcc0c233b778448b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
700463a8ca64f876fe01124071788766

SHA1
66b1f525262de704595fd81eaedce75f620fb985

SHA256
fff0d7e18979f7a30eb40e8b564f0f138290fbbc01d90006483544baada18846

SHA512
8e7b0753b69e225f140884ac22d404eb0c233890f02171b0f830928d18c27be84fe08686940756ac3563983cd159e14f7c0e18ffb761121b0f0c7e355dcf0480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
c86085c825a26016f951f74caa0a56a0

SHA1
be59bbc6cca1970d833306723c588ad676d80c49

SHA256
bdb93135ff4524c549c0a45b400f2a1810feb0497b74365aebc89a7cbf89429c

SHA512
f479824cb1e40fdf8237f04894e4c7e23fde998b61925900725364532a71ed114cf4580706b078dedd2bacd9711aa0aa1a6e8480ce7046a9859c4205120461ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
eb5e8a9519261815a7a97bbd5b226192

SHA1
4351945c6090ffd576e7b34e36607222069f52e8

SHA256
47ac64ff5c2e1cf865c259de386a4227c67e4fed79375b8c4fc2a35420f5fce8

SHA512
8256feea57002fbcd9e0bb1b7acc732fefc570f953f4c7bcf7339c71341d45f5e2924cea4827cccaf575b6e35fc43a13c8bc85c3e8b665e6fbac957acb06d19e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
e7715bebfca445c2b13a9f03b7d98dd0

SHA1
cabaffe2e53f49fd2478d8458e53780d4643d9c2

SHA256
5c72ca3f47c4a9fc2c5932e25bd88a47fd5ea235a80a09a34cf7c22ee7244120

SHA512
85e824031a0d8f0b0621795a57196836e8fe9cc946f9bc803ae14b38a55ec123ca862820005dcfe75d14de047ee8f7ada2d3a9736fd1623dccb54bbab03415e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
059da082c818a2be5e29029015109e0a

SHA1
2d660e387cc8e8d86f3f045521c25f062d169465

SHA256
9d89819158188fcf3b92f17aaefd6a68fecfebb3604f5440e97367e6ee49866f

SHA512
9a94106aec051d24175bc570702fb92cf1ae2a94fd29f71691453da4628f1c423772ef8f63ae8439d905bdd557b8b39f79d6734bacbaf150b2e55b448e6b2940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
797132795c8eb6f8969bc05779bb9b62

SHA1
22104154a78277c844b4d04bf3ace8c35c9ccbbc

SHA256
e8631134d718826a8cd01606775d9975bdf03d8a170b86164962396913435ff2

SHA512
2de746dc40edf6f07744b4c81762bbd698931095947a87cdd76952c4242210e21d08538cebd74236eb2946026fc8660f59780bce51db63e744672241054996a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
9be762e77eecb66f3537f2e0728617a3

SHA1
2f3cc55f801bb8dc926bb59f14697585eace2ee4

SHA256
eb1bbd0ac7dbdce701786c88ace4ae6c9808b40abdf4e2c9c782fde84b8f3b4d

SHA512
8ba1054735bb5421624c27784184560a0550187b3dd3fc23980e39625d25850685a6df5d1d471d894a282961c9bfb21c6a8bacc9a4cdc0caa561e39b1de5ebc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
e34d14b9ed40a3651e55341a1e748416

SHA1
b04135f50ff3528e5a3afdef742d26848e2ea252

SHA256
6caa284f15f99c43281e62c4aa65e988134fe17d93f47e4eaef5171cda69452b

SHA512
6bb49b2b1dd8c1425dcbf380bdedcb3ba03157f2bb756fc1b56d483ac73b2406b99f229dc44740b2a1ffd4cee03b3ab2c121fc69d8d4b0f322729a86ee0fd69d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
df5d413a6bf03f058af9d53886ed030b

SHA1
ec88473d0d8203981aa3548b27761f0ab36215da

SHA256
3865457bbeca96a2f800abf3085303bff45bf1fef64502bad1ebac0e13d8c480

SHA512
dea06c70f86b6265ee9c01dba5caca3fee2d68284576c19bb3008cff795c6115f8eb556e7573c070d2ee9d47db385af59d2fda93b2e93d49c836cd81a96af0d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
3fad55aecafc8538f84798cc7b1aeb06

SHA1
9c636e11e202d25e205e878050c51bc621bb1455

SHA256
4c3be48e5136708ce584b0ad0d15e06bf144ad0891506a3d923cf8c2d284c9d7

SHA512
d9282782e94e399aa509213c544b14b8108549aa337d07af8d25e595c4ff40b7ced164c65796fc86c3a0f96cca586addbc9cc3bd340d61937ad284fe6be48986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
9df75f7987d92deaccac63c16b9d0107

SHA1
2a7453b0a3e6a5b1599010062386b388455fe206

SHA256
88ebe1db806a777b4f003e9434bf1f3d9be677658768a2fe5be4cccb89b2aea3

SHA512
1d43f0593e69d2956fd8cef08489ece50b19462d2aca23c0fd59e4c0def9823c6b792e458f6a5dd42f753cddb83ddffa034aba0d324603813ddaa6761e750522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
b26827ceaec9fd806c4fd2824d2b76f3

SHA1
90114f19ee7a7bd482ce80adb8ec349b13256ec9

SHA256
13694f46938307b9ed58859a686295c0ba15236cf8e54bf8576136a79a49ade0

SHA512
0a695ee5ed287a974c1238258c839b125eb72d25a4a89e445eff7a82a88df1d0c3fe1adf793cca3ef28b2fbfa372fd52ff9fa66b5fa26a42780d73bcd9aabdcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
10bbe8165c393971c8b40cd96cd57a87

SHA1
5a8c3a7e848061b4f490cfde7ee41a7456813993

SHA256
af936365997e6c79e8978a310a6d572bc8ba029d03f3562f59b44b574fc708d9

SHA512
7f5d22f2ef1f0f892e03052ca88c7a9bf70c43b194f3166b42c6aaf864ffb8a865dd6ddee4e3c921bd81e5781361ecfb37d1a8f7ba2f1906ad41533e9b87b863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5847e1.TMP

Filesize
705B

MD5
c6fb86048e300abfee41aa1050504aaa

SHA1
7f09780b80870db43e91adc4dd20d0160164d80a

SHA256
bd07c7978fa6dd790b22f44bd4b520e22a0b59a559e66f12083bfc41edf79b0c

SHA512
c08891ac5093c033406c74395cbb4ae3c089f5b2da24cfa5811fb6674f844ba01e03557b7a498edee8b49d055a515834d8187a02ded161cbd01dce983bf778b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000a

Filesize
18KB

MD5
d7a02f507155c5fa9d3a5ba3d3e1eb6a

SHA1
5b01ed0593ab8dec76fc2c68e2857ebb1d179181

SHA256
6a455720692413962a0d3c0acc8c1d383bab1f92f7998c03ee92bebc01b2b911

SHA512
9e62f0514d08457ef38d39f3964d467dc2539855cd91f19c312d1898fd83d5cd456571cd7a38671408198565a085384a70ae1c569b68d09f02c446c261170f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dbaf924af4523c990d50b82995270575

SHA1
53526f57dd1bd9f1dc8a70eece99d3ddc42372a2

SHA256
5474cb126c59db382217fc0745255ac97ec8cb89f9bdde85377e44fe1b35c97a

SHA512
97c7183783f83f1db5f87efaaeabac119f2197235ae04f995576a2e806a6f7ba405819bbb90389e67117e1faede8af91163fc83fe00eaf1fef9bc15b401d9bda

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit