hxxp://CHAT7[.]LIVE/W887121

Analysis

max time kernel
134s
max time network
139s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20/11/2024, 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://CHAT7.LIVE/W887121

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: PlayfairDisplaywght@600
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
3272	msedge.exe
3272	msedge.exe
2072	identity_helper.exe
2072	identity_helper.exe
3136	msedge.exe
3136	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2060	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2060	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 564	3272	msedge.exe	79
PID 3272 wrote to memory of 564	3272	msedge.exe	79
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4420	3272	msedge.exe	80
PID 3272 wrote to memory of 4736	3272	msedge.exe	81
PID 3272 wrote to memory of 4736	3272	msedge.exe	81
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82
PID 3272 wrote to memory of 4372	3272	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://CHAT7.LIVE/W887121
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc976d3cb8,0x7ffc976d3cc8,0x7ffc976d3cd8
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,9369763226692760300,14126188277334057368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:3032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3640

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
98KB

MD5
66f2dbbbacf085ed956ce56afbeee371

SHA1
0a3ce4dfbd63f8d10d13a110eacfba89e8034353

SHA256
0672b0c9e319b2e93c47a035e1ca1e0b37bbbcfcc6b81977cc2120227122ea89

SHA512
a5e3f4079347957fde3da9e6cdecc507ff1f59554e21adc34447566c8ebac552b5e0ae4c5e0747505419441565b2985d0da88dcb901dcac7ea197fa62d532499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
27KB

MD5
f77d2cbbbd7542ce7bfc84f21c4fc25e

SHA1
7c4abd866399c53c13b9b7c752d57e836540d0e1

SHA256
e03b3e1555b0e19bb14a3f7563504d8f4bb1580346749132e2d7a0f2447cbd4f

SHA512
bdba42f3b42ce2d4eeb3d0b97fd73a7d08c315c22b588cab81065e910f73c2b659f0b26ebfbca9495dcba10196f2d106b9e5a225a98d56c0d2613cd89fb00a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
24KB

MD5
06fb7331dc40a56bbf88f7e99da2c45e

SHA1
59ee6a2a7c2b11dc4f1eadf4724ea3361f87f564

SHA256
2f54d739774ca14174ec222a14056c4ee8ee624d8fbbed9eb28658d5b1c6d37f

SHA512
e31e93adb4cfc30e8be6f63a2d95c8016d1f8c24cb9069356fea04ed9a77e5d018aba9dcb487bfbd1cb4ee3b87d3b065d98f738878b96a627c8434601bafa111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
39KB

MD5
052c7ce48d46a4526932ad1f8c7d3c89

SHA1
9c2fccf24ed5c4685c2d37642954818764b498cf

SHA256
4de7ebe1e71afcf4949d448ab605a1839868fefdfe508c2918051e101796651d

SHA512
879b7bad68b28a7227d56974d9c59732e013a4f2307eaf988c709d8ad98d23cc3d9024641eb8a069fcd8ce282eaa4c33535854c916164163c18ba79a0be46c27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
26KB

MD5
e0f842c01eea031303180ee65352d0ff

SHA1
0b8d3afa4c77bfeb8a651279d6829e482bc0f59f

SHA256
9690f4d1245362217641007784c88051db87a33fed7010593fcda254b6773161

SHA512
39dcb4680468531a1e5fcad7ac6be6cf6be554c28d645fac8d2d745ab4f5bfc6e48e961c2a222f0e64b6744e3664def8d79910fec3445ad9f472c2479b9fc65f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
63KB

MD5
77e21471c1d723f4f280a5a883d9f650

SHA1
b770cf4b0a257c2f530f250c222380ae7965361c

SHA256
5d486cc089bc866e19ec3422e03027201b47fc663db8b9ed319923eaf2f9349f

SHA512
593ff8f5e019d4b6a8d9051ebceac655b190881c1b2df071c02550df7edd237f53cd115561c3bbb405856a9e2a4095be345381de3d03a937e0671e341513c63b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
91KB

MD5
c591f641730b55ba9f22ccb473c01fdf

SHA1
a1e530a2dfd5c4756971a84e22d7ed653e3d2948

SHA256
5e870c90b623716822f5b86a411577eaaa7528266c425771472e793a00d1e812

SHA512
73e36d97dda84340379281657676d488a856707646faa1e02d46d1c1c48402190bfb1ee860ac1589bb8c4f6fa4652958bbead61da231211802d8333b97f11ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
108KB

MD5
60824932303e81c4af185cd9229dd24b

SHA1
0290816f719559c1c5ef3a3b2e00f6da15e8720a

SHA256
8458f8afa67b5691c1fcbe51607a2dafb53a9839e48131c608a186b65415d96d

SHA512
dafdc500d420fceb07ef5c81dfc25ceb2e7938bf7b43179d3cc93d1e020d200556bc68b2882fbcc3e714010e836cb3102fe25ab93b7356010d34a11cd56717eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
105KB

MD5
46a1550a4bbaccd13a8eb46a359a9f89

SHA1
237befb8851c19fe6a0adce50bfe9d155384b5c4

SHA256
b6f9db9e45be20f3c1312c97fbee7ec36b7d8280f8caa4d53c9ba0408cc9997a

SHA512
33b787e9d21b30c9884624b15fd5a3fb95e5f758cc08ba06fea2f097d84e0957d4acecba6c12403a95ccc3009df59e59f7d9edd856437f5688c38fcbeba5dfd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
2353270b5f111375a0508c02d6e392a3

SHA1
d55c69c9112c8091bd132d8021c5d91309f79b9c

SHA256
6243be7e4173ab5ebedc597ba24cc3778e70d4b3b7584d6df6ffc98e6901455e

SHA512
e8f99832e799026b445058a98a828001bdecc1495ebafe1a47e925edbfd7ca6a386472e8a80c5f4dbe969be02248ef2eb34d3b553f94c2106df6339ed63dd106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
2b7a256b37764c7871b2873ad6b2384d

SHA1
b10fe7cdd9996082273d3b25c7bdc4f46df0153c

SHA256
bf496028f8bad699b77d3053ef56b7b6fb1653a1c7248b90b4aeff0fea63ef5d

SHA512
c65f97b94248a581fb6f3aefb73abc8974de0fd381055b86c0d8587af13b16375d6954fb9b49cc8c0a5842cc4ac88890ea74b4f7be29f0eda12484a250aa5fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c8646771b783fe2fba768a8f8c11c4aa

SHA1
eaf4ab393de9ad2e194edb69b4bfcd259a235574

SHA256
66ac36840a114d9ab737470c6a560230b1e6678666e00af4741ab00d7d4ab456

SHA512
ea33dc4c7c96bb0f9b78cac2dceec05b571a692c6fd89f9e716f2688a5c510cdf461cf3e89d8a7fec4619f95d4468c219d7443c74db59f18febdcab475f2e04a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
80d44eafe43a49d553a135a9f8733151

SHA1
bb9b3137351a46c9c9db370e6bece71a3296a85b

SHA256
992fa093272295e7b5d64cc3158026b3d9f38c1aaed48bb84501084e5c680833

SHA512
2ae2d851e7987ea96f996a83cab4db262f593395f028a158eff57bbfae41552ed79d664286254eb37df27628f936fafa7094008baf26221ab3a3720af14a19cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f5488fdf894436bb5f324a28221be19

SHA1
9f9042e41ac75926e5ea75eb5e14b52e9275ff13

SHA256
d4668547cf1e187f1b2dd63ca05bc38ad514ab16d7c150c85b35dfdadd213098

SHA512
dd61585e79b4caabb0280b42d53d90b2aae5787b8598038820b1591abebc2d4a67b3ce1397c0e31d9fa319cfbdf47cda81a74d776325c7fa442575f4fbe65a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dff7fd614d9a53418a17de8ee9b06931

SHA1
c1f6807bb92c9bb2d4886be089d9aa8fb7bce474

SHA256
a74ccadbed23d38153f90f2f3f84fe1ea7fc0304ffacf17bad70128849010058

SHA512
1553103759388a28a98bb45b5cd7252735707f5e1e1962dcebe8f74b30ef3caecb61d84bd30264eb716138a9c5ba31edcce1226a9097b2b31989a59d33f23168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bd42de02ef890be05a7f4529c001f47

SHA1
cae2494f90598a8b0b276f0c9b40fd9a0e287f7f

SHA256
0e334dcbc2c1992eb5e013e5e4df736cb767e2ab5c5ab0ef0e76b8667bbe16fc

SHA512
c4ab341b72940c9d9d891b4665c6da3b00b4fe7de559adb1c694ea0dfd188652e953de38125dff8d7b838f34cfbfdf3c7c2be2f691eeadf7fcf677ee1ab567f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89aa8d7da874530f02568e557a43353b

SHA1
e555037ed337c068c4d0cadeaa85307ebebc1f9e

SHA256
f54d6f910dceef9191b29956d222434539bebe684b09b7db70d17c8015c718bb

SHA512
d242df9d67c50e97a83d937b697da20dc661e01bb85751c5914e4a72532d88396206885a91673c99bd36ed298fcf93b49559835e5fa639e0990dde325d019577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c431ee947126ed2bd3c7f0dbe4b118e0

SHA1
a3ff7436b624ee413ff175b95a7499a72098e43c

SHA256
4dc420784ea8ac47be3e49df96895a1d909e6edfb9aca2e6039661ea4b6950f8

SHA512
39110464d8d8b5d505fc7da6cf2bc32e01e6e718199bdc7ed1b9f37672ac44b1b96bdc9409eceedcd642d95cc1e2370d1b03704c73a6a9bbd6b7dafef4402350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d16165c99de694a671ce263d862e24ce

SHA1
95657b0c765025f7be7974f34027ce684fe8f041

SHA256
e00b1100109b4ddd5ae5d94340931fb4633562e97ba1c8f4b4dc068b5f1c4b99

SHA512
10c8f2044fd2ec52e5c3c69477f01c778e058e0016c72548c8b3ab76dd1c1e13a08157ff2788c15a8cbb930022b5bd13d7d204dd390c66cee245d3dfddced9fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
239ebb742bfab93e883b7868707074d7

SHA1
6d96f22c1251d05959007c42cb5572212bf18ca2

SHA256
0653a13ca8be87d0151c28740a2a5b3a732273b9cf2efd5a105dacf50107339a

SHA512
579a4dc94bf971f2c77afe3ec43e6b91bbfa237eef10705dffe8f0aa3192e2aec4f171da1f39447486a269894bfbef007edf959aa97cb32711ad03c01c8ae0b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b640c7c199518738a7298d7c6076b45b

SHA1
d8dc6dedbfd11eaa59107062ae5f53d420496490

SHA256
4c6603ba5ab88f6fd4652b75823037af239d1955a06e6db975705ab893874eef

SHA512
38ca7fb19bfb2169185bb8c73dd4ef986e037093bea189991f7f15eaabaf705bf70eddc767ea4aeee92c9747dc6b22d7ce7a41e6d598ab442488dba0ddc340d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
12c22e68a39fc3338ac6eb65be4e24b6

SHA1
db059e59c0a438e25de3eb02520829c85c921a09

SHA256
f5356f3820a0bd7e763d3eaa449d5b03466451285f2c3c3e61d5c8a14290b1a5

SHA512
b115925ad6479b29fa6669e86d404e99cc22064b4906357b4ec24d8f3f1c24474072575cd652a9386180ab769ba86a993814acbf88a3f6f3c608726899b13d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eee4.TMP

Filesize
1KB

MD5
d445cd0d749db88a80456b704cdad342

SHA1
da77516b1687044de5cbaacc7e305891ea431573

SHA256
0bcbf16ef689a8a45d8efb6879ce25e76883fb3b0a98610c6a97283e218cacd1

SHA512
1f1777ec9f630b5a8e2a56eeb6d1c2935bde3acd0cf2e67958da86901ffb2e399440929de8ec359db7a4f497064a9825dfbf8c938d0ede2cc4293ea31f9a5430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000011

Filesize
26KB

MD5
8235f98068f731038d8520df4727c625

SHA1
6ef1e3ca36d59de490e593ec195b632e8e09565d

SHA256
98280dcf81e7ed7a29b2d383c12027481bf771aa6358012ee5ffcc8b3af21e38

SHA512
d75d4b688898ee9c9ee07f7be6e9dafd0154518ac54042270666969dd15dbc3b7c8cf92997c510f42f20a5ad8270d5324dd8f2ef91666a9d6d0450d60bacfd83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
48ee85cc9a3a084fe6b399e09b5bdbe8

SHA1
e07be89af876763173614260293cd8e89a8b7501

SHA256
7dcf0e8af679ddda1200399d0cc83fdbf67e922ff0c4eb94bb0895db1597dcee

SHA512
a519868284275c41498656a20d8fc6200ebd624724b3951ef17a0a60eb1fa68d496e32081f1698d5b50598cd458b9484dadb98f9f4f36e77ed131be3edd3ab15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
755b194bb71da7fe2295dee6cbb15e67

SHA1
ebc9a98e8d74d751027cb28f80a40e5f9695bbec

SHA256
89ff1cfa70cc5e276a3c6ef82248b6b98dd4e60a67c0e2da5b97a71bd3b3b94e

SHA512
af653f87abb7d3a97e9b1f45592648b4881bfa75fdd0dd90c4c0487a16a3cb217c26534a233d1d53ca61155af6be86b2818fe4f62cfdcbcf3b89fc812c779c90

Download Submit