hxxp://pornhub[.]com | Triage

Resubmissions

04-11-2024 21:08

241104-zy7ccsxdkd 3

03-11-2024 16:04

241103-tjdtls1kgk 3

30-10-2024 19:55

241030-ym9gxaypez 3

30-10-2024 19:54

241030-ymr8ma1qcr 3

30-10-2024 19:53

241030-ymeyas1qcn 3

24-10-2024 16:53

241024-veaf3aybnm 3

24-10-2024 16:53

241024-vd5wkstaje 3

24-10-2024 16:48

241024-vbdz3sshma 3

16-10-2024 20:04

241016-ytlz7atdkq 5

15-10-2024 20:13

241015-yzr4dsvcja 3

Analysis

max time kernel
2641s
max time network
2647s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-11-2024 16:04

Sharing

Report Analysis Logs

General

Target

http://pornhub.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1928	msedge.exe
1928	msedge.exe
4024	msedge.exe
4024	msedge.exe
1692	identity_helper.exe
1692	identity_helper.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4024 wrote to memory of 4028	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 4028	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2492	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 1928	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 1928	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 2420	4024	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://pornhub.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f17046f8,0x7ff8f1704708,0x7ff8f1704718
2⤵
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
2⤵
PID:2492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
2⤵
PID:2420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
2⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
2⤵
PID:1812

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
2⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
2⤵
PID:2824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
2⤵
PID:796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
2⤵
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
2⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
2⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14513057929613871341,9203461634505287431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
2⤵
PID:956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0cd10fce-366f-4e21-aebb-6e9129e22a4f.tmp

Filesize
1KB

MD5
2b7190ea8f2c7efa768bc1da6a912585

SHA1
e62bf1072988f85b2f7cc48451ab04367cb55aa0

SHA256
7e57bf5379d00f30c9e3b878ba4824a6b2702b94abafaf411a7033230a2f6d62

SHA512
388f31168006d11e789ded163740d2a8df76d15e8455d3ee17f424fbdeda5953f69836081556c5131a9dbdfa6ffa4b8eb66a2a665cb3b68a6fd9e11c78ab41e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
816B

MD5
661e027788474da8cc48896f3c350f9b

SHA1
94ffc0b54bd97a0f524ac45d3bc2ecde6621fe3c

SHA256
7cfe3afbba4600ab1e1e2be4ad9ab0f64816d5c2e6489e79734aadda8e8c5e41

SHA512
3cdbd89085a07537c281983f19a6a85448183168f13b5b75d45a0aca437f36389e1d3e0902a0b061d3489a7f4ce7cb46a1519b99de9d2ac803198f82b2b4b187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
8091cb905e17754a667c3110797329cc

SHA1
e8492964a2f0b200adf54b2581b93550c95d3bc4

SHA256
f84848a1ef685cdc38afa0129c555541760267d422f052df1e467f39e24aa9fe

SHA512
604004bea89b2886cc1275cb7ab929b8bacb0c76fe3699c1df02f8e2e26ffe4a1b9c09a2265659a62dd943012959c9449a42e7972b616440ae4aa08921eb0ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
39dbe1ad83e8676affedbaa0c3d2dd2b

SHA1
d303b53426f366c1ddb14699470c5b45cac6b4e5

SHA256
f0fe24628e5432370c49282a352f5de3fb7a2a0827de6e5975fb181e4e05def0

SHA512
334bf06259d6d091371d169629ca3577509c3437f0cd23f795c35d35204367eda69a8e5862bbe6b22637628ea6e90b9175357ba58d44546ba35c702b4981e726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4b3a8473415227d98de21d0f0feebff3

SHA1
d6422a36febae8cfecbf975a8d514d7a20b202b5

SHA256
ab1aecb37cb57105a345eef088fc84e7202a9db7bfb7fcb211f6d67c245ed63f

SHA512
f3b9c975cd5e57a9b8df16d5fec7e01547a4b4257e9fabc5bc7467eee8ab0208151edffb660a197058366eb4851d17f357cc21d4fb1b0a55067349094844ebbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1eae311613474fc5d54578060b48819e

SHA1
6b7bc5c94b1165dd96d7a9e57f565b979134c314

SHA256
dbe7b38a7e2d381277703acbb89a8e556411544e14e943a0b74e15936845b8d6

SHA512
d504bbb2ec548bc279466ee51c1ba7b1761e98abd759704b9025848330a5abf1a8ed795d856e53d7d5966b6a4eeb2655a4109d6dc4d4a30f132afb9af6dcca52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
99ab573bf715b296e22f109eadb8dd08

SHA1
708778e8c547b20dc824cd25951110be6b6e95ac

SHA256
97ee7a3fa6421fd9edc1e0b2e54cbc9f90fd64957a7384bfd95b100a77b75ae0

SHA512
87eae2f39b0314fb56f50e3ba2924f6144b800b7306499df8f51f77d5332f940801a66ece849231a49d8d4bb2c93039591c9c47c23450a13006b674309bce2fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4268a60a02d00c04d25ebb5cc9b99ced

SHA1
8954b3f0d84ee179fbcbb10fc6241b90591c0a85

SHA256
39afa9b08d167dbb4341fcf6de6f39f2748a6d582cd0501eaa5f2ebd02fbcd2a

SHA512
57a78eeb8d41a0b90cebd1eb08abe7a5e4828f30b0996d1fbec0e3960afbd398dc0dfef9ff9358564a74df611322795b61342ede7ea1d38313a1c9bf203c4adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ff931ef8427eeb0e56cdedd0c5d9d0a

SHA1
95eae0e3fbd7918859f6087b2f3739d423295c93

SHA256
4e6b5dc7f5f4c2f4fe13be8a3dd8308558f36f41e84bca32040c4a4cbbc2b76c

SHA512
7321ce1f7d5fc577266de50208b52587aaf43369e76dc7a28aba432f32434388180f3c264981b75674d7dde285cbb67f3ea4a30970fddf64373137d7904b8db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a5006386086f327e5812d914fbc836b5

SHA1
64c232f53e1c787a1e47363cbb9fb5dae1869dd1

SHA256
1fa4607191bdabbdfa28f46bb34d512ca9b351ae726059e615a8337ddad9dbe7

SHA512
b49eece7a6c152d4a3c9a6375c2eabb6874da2ecfac56aa3d5544767266121ea800db5f7e3ef7aafe2bad37595a74645dc215710220571b7ea2fd8db0cdfb7ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7b8718b07c466beb10b811679df76bfb

SHA1
bc6a4e7d2bc783c8329169add94fd48dd8cdaed1

SHA256
bf3dd82482d99e2a00e02998db84ae3dddaaba2f8f88082dfef0c01791b432a8

SHA512
1d5512f9174c2cbb3a23691f6dbf140806326468d4df0bf49ddc87c182efc2a2357f53ee5963b3a445679af1621c273aecd2599cce92335f8c5cc833adbecbe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cb8d.TMP

Filesize
48B

MD5
bcccbf18c919a96be582ce2757346aed

SHA1
c44ca2511a5549c61daa90f6ff78925d9253470a

SHA256
dd95768443a286088f8778101b13a5d9f3a43d628b651a07552c74530ce3f50a

SHA512
c1545136ab36ca6bba2d1327f0162eacc4518ed75e5cb824e9f20e4f8a8c7bf6b4846370cfa0ce6b9e637debc3da2aa038c293ab9d9b0c3b94b24ed2fcb0664a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
c682e5fd161d924becb43ecd87ab46e7

SHA1
d3fec8f1ab7d4b219cf1a9bc4813c62889fec204

SHA256
648fb99fd89e984db1894947b429f764f4b367626c1ffdae8eea20ea05f5d3ec

SHA512
df99e1f9eabb3397bf8888d10bfb2051c64cc5464bb120fbebd6b943dd72db835fecf48652da9d85dce1ab6cc816fff338464eb9f43786ef374e1af1d35da6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
0852712ac46587afe798192332e11457

SHA1
a618207b5b6dcda80dffca65fd7516e7836fc0d9

SHA256
cceda9b129d75ca756f6d65a7602d9f68e4b4965a29bd4f891db6707d46f7756

SHA512
edba49c0c3a7b8d8a63ed93934b85ab26d29076f593ef7edecd5cadf35c6769a181e529145408bb2230d48b7b7e882094f3bcdf127ec4e6b3e5d22572410ea4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
012f1b3ce6a1e0e27298a15d6dd046e5

SHA1
4c789294432fcc8e386bcad298512c1297abdf4d

SHA256
8f0e4f876d2e540c4cb40f5fa14f154f7d8267c91a05f455eb8f0c13d9c418e4

SHA512
4648529053ee0ee27696c3ad5e5fd276fd04071c510b408326b57d9ec9aab2d8d7d3d6fe0f144fb14b33b38b6015abe1a7b1e05461ecc100a2ebc064113e5efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b4860.TMP

Filesize
537B

MD5
79404d9b51a9a1381e333066258b0ebb

SHA1
75b4233654bf0091dac74f51b23754dc7f189a28

SHA256
7c40c14aeedaef130261754a3c741f4b323c4cb28c712daf308bd932261ae6f2

SHA512
10f0edd222a45838dd74ff076be91cde593457ffc966f820bb8edb0660a985113c738b8d120468d5400e9e466a9f155581092cb62aa67030ee347e79515e7ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0c08a0dd9e450acb6b5d62d8dc8f3cc5

SHA1
221a1a39843328d28657cf86e0295cb7ce9e6034

SHA256
cdd15b6adfaa5d383bb529123d7b0212b306392efcfc1a5eb9a4786d85bafffa

SHA512
e663a1023e61f0e3a40f3ec9a6cbc115b7a989be3e42dc1f74eea9d643e89837727037a62b9f66177a7eeeae76e99067846fd20b903811a53737023a3d0d1a98

Download Submit
\??\pipe\LOCAL\crashpad_4024_LIVJFZHDJPBMHRXG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit