Analysis Overview
Threat Level: Known bad
The file https://shrt.lat/bOHGc was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-22 06:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-22 06:43
Reported
2024-12-22 06:45
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
154s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://shrt.lat/bOHGc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa388d46f8,0x7ffa388d4708,0x7ffa388d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15207098072113948133,10930701027561957234,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3732 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shrt.lat | udp |
| DE | 46.4.88.158:443 | shrt.lat | tcp |
| US | 8.8.8.8:53 | www.roblgox.com | udp |
| DE | 5.252.33.158:443 | www.roblgox.com | tcp |
| DE | 5.252.33.158:443 | www.roblgox.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.88.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.33.252.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | inju.cc | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 219.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | t5.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| FR | 13.249.9.11:443 | t5.rbxcdn.com | tcp |
| FR | 18.245.175.51:443 | images.rbxcdn.com | tcp |
| FR | 18.245.175.51:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 23.73.139.17:443 | tr.rbxcdn.com | tcp |
| GB | 23.73.139.17:443 | tr.rbxcdn.com | tcp |
| GB | 23.73.139.17:443 | tr.rbxcdn.com | tcp |
| GB | 23.73.139.17:443 | tr.rbxcdn.com | tcp |
| GB | 23.73.139.17:443 | tr.rbxcdn.com | tcp |
| GB | 23.73.139.17:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | 17.139.73.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| FR | 99.86.91.90:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 90.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_3792_RRCGKXNYGUBAEKCY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8a603b94f3e00a28711aa92d047a2731 |
| SHA1 | f0b98ca0d2f95defed4ac595cc74c0fada31b1da |
| SHA256 | 66c3cf9d9b47557cf77b50a94b509965cdcd384674632d4c6ef0694304448983 |
| SHA512 | 028ff61ead079c8aece5c018aa5a6d492d177696a99ccaeb359c36206efdbfd8f5cce20630c94233a82da72e4e18c912a9cdc03e5abeda62612d2a408692ccd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8d6af0cd04f08cac43616692ef3a1bee |
| SHA1 | a9e2905e72e792265fb2909ead8b72166537bec9 |
| SHA256 | 0a3dfe9fbc29cbb9816d7ac4f96e2551ecedeed74e1943b6d2f687080dc53264 |
| SHA512 | 5caa9714cca020e7299d50cfea71d22a2646bbffa8fd8d94ab1d31bf9124e0c3763f06f39226efb76cb80df4e6e46c10c73bbbff28b487494a12a7a498603448 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 283086ab0200a23eeac869e2d5acee19 |
| SHA1 | 79b71924b76c08f1dc31fad53ab7cf09c62182ff |
| SHA256 | 917013e0c089ca470de13b50b070aa1f90b37ce0c83cc464e13ab7f7f093b72f |
| SHA512 | 4044f84393b686c6f9d4bb4d0ef0382881c2873ede8bd0500ad59661b3d0f60c4359d1075ba720828ec72d6073978290b994886e2a0d1c061bc23d0f1b1ea9c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f6358ffea0e73f00035385481ec21af5 |
| SHA1 | dd6f5457396aa20e511548688385aeb9dd4efd5b |
| SHA256 | b21705a9bd9b4609e9c5b1eda549b0143a371e5dd8e82131a8a772f8706e3d84 |
| SHA512 | dadd4a451927fec8de6f5665b3818f204060c32b187574725602c20d188678c32fcd6c7ebf3b9dbf3af68542d1b20f447051ec4ffe54830d1ab6d87052ee3455 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581279.TMP
| MD5 | 5b3ce8839f1e561d4c0b3c6dd59447da |
| SHA1 | 0459207f3197fce929d428071eea7af642daf9f9 |
| SHA256 | 07089ea1afb1dec5e11700a32786dae0e1be707f2f9776e7fbf04ef8523a256f |
| SHA512 | 27f9e412f02902625d062c9ec45291578a21eb8a6f993f85a79ff72260d19cccf087c8d551fa4ceef0276934d4076f23b9937f6e41ac7ed3fcc5440116a1f6a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fb79a1b50dddabcbc976bba7f94447bb |
| SHA1 | 6d4eec2dd0c9af469abb7d7e5d565e1c745cb0e2 |
| SHA256 | 8f90155955ea7f455f463fc1ac5abf0b52db8cea7e557a601c027df962b556c2 |
| SHA512 | 264ee07e334df652003904372150cfb1e759e2a658f86989158096c9026ecac3cf5657491482e1b9b6238547f15fff24f9c5d8f77ef0d8468907f68a729f32c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e19ad4afd1496f32923f4fb9e6d44842 |
| SHA1 | 1b0ccb6d38c6d466959e00eb35c2dc21d6f799bd |
| SHA256 | 789130f1d69aa1efd15abb0f44ca755555f01b6342ec7c3d48ab942b19a7b698 |
| SHA512 | 8245fb627534b84d4be36870235d263b3999a0b68331fc3146ec8d99b805828bbdb593deb0ee70a2074699c8db50e7b985d702d06358722a65a90f395f8acf8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a523f75c16efaf0f73359d29a4ed1535 |
| SHA1 | d6334f97a11ab99022d054fbf2f6f366ee0bbe07 |
| SHA256 | f7e3911437076376767fc33678348c5eb38ee58a7a74dbc60d59cd780402c0e5 |
| SHA512 | 1b491725f441d40a71383dc39a8f1771f56e5f0339763860d2c05b006cbe5621669a09e47427417c27cfabe7fcd7456057050b57215d593f618a064b877db394 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c019bdf5514e79daa6efc331235b007d |
| SHA1 | d603f25c9308e8eab032ece2aa16384091910627 |
| SHA256 | 245c2848285fecff115f65aa2312620c43ee1cffa0b72e83274f420a9874fe4d |
| SHA512 | 9e8e15f7b4129dc19bedf2c6ba75f99acc17c1c64f1c45252f089006187956bcbe400568a7d7bc09d64c0370de7c494a71e724985077f1aae8979706f0822392 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0df11882f845a30e78f36c47eab2ad59 |
| SHA1 | eb45bb88f7109b6361e4993f23009455ff03dd37 |
| SHA256 | d1e05cf64b6330b5cd64cc44fc343e6c2b09ad05b2fc751b60ef34ab61901083 |
| SHA512 | 7defbaccc9d36ad2691dd073e2b5ccf94ad626e0871c514cfc7ca1c3b07727281780add315e39d5a66161a7fbdb6ce8fa3b48266fa110c1776058133cf875b2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 039a7e58f2eb8ff817bb199acea58f85 |
| SHA1 | e4e0091eddd50232ccc7e65759efd5f6acc9a04b |
| SHA256 | a9817d48a460fa53e056b336bbac3d1e598f644ac5e774798e244bff6d08326d |
| SHA512 | b0dcaf63c4fc19c804fa981ca590c1e2b62c3f9685a95af44ac2e2c93eb6644221b8fe1249aeed90e885804f12b17cd5ee7c717ec070b9e08a57b79e0ba00504 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1efd28188bd94b222b85a7e36e9d6cab |
| SHA1 | 7266581476da80e6ec8ba4edae6c36cc60195b64 |
| SHA256 | 77f847b5af5f018ed1879144a903de26144ba2bf12e850102ea5884eefde7039 |
| SHA512 | 91d77976a493d4d1c3ba4640bfc9e374064f8e4dc2ab098a2e5e44c04d7700bb0c4a080fa37b9b457f8cffeb3218c33b33f36012e190f0635344950a1c9e8c38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | e0210d118b3139c5c77b0a3cdf07240c |
| SHA1 | 520912218ff8fb26d188dafe6eb7d53e4a1347b8 |
| SHA256 | 09afbb320f0230e85ca0b2ad49ca106b3cc9bbacd2e45bb4e8faed3a3fe93444 |
| SHA512 | dd11395f2f830af1571beb0293e78a4ef01c252371194bf0e8154d6494d951e44b0e34219ab52ec8cc8ed47eed88b99592e9fbfe2c8d4cd65e26faa257a64550 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 4670305c7a91dd7d819c49e11aaab673 |
| SHA1 | c808a80f512a23d3905909941e4cc9eb02efebf0 |
| SHA256 | 5043a78776a6f0ebdf75562b965cc86893553f30efc120e5647d8b157629447f |
| SHA512 | 05bcece1cd9a592e6a6c9e5a80f4f019d1a4d57c9949db4a5b9296767ad8f7e360a5fed197c068b00156bd43daed98e7cc05ab8e62e13e568bd0bb015134c7cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 8dff9fa1c024d95a15d60ab639395548 |
| SHA1 | 9a2eb2a8704f481004cfc0e16885a70036d846d0 |
| SHA256 | bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb |
| SHA512 | 23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | ff122ed83c65b35220660f38c2fa26d2 |
| SHA1 | f99451f4b2fa18429253c8b80209900bf711e8ca |
| SHA256 | a0b52734f27b7bcdacf0d69789bb34370bfc772019a37ec52a3f62ea60f83dbd |
| SHA512 | 482afdf9c42f5277ba8412746ed79d2a9628d1287b53c7ffdf4afa3c71adc3368bdd1731b45104991a3a500451c9f02a29e0d15387fd706ff22ff0dc6869bf1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 6de364539a9af501b74eabfff2208dd4 |
| SHA1 | 69e2cd44916c641bf41b993735631429ceb5d38a |
| SHA256 | 1b6fdfb416fa4f9a22097bb18854c2eb537099cab843d5f9af6d926ca2983f0e |
| SHA512 | 9594134fba6af01946a47c45f1f7177f6d98486e405b0534a205c7fb15e43c9b3837a07c94f65bb62b1608fcd4217a40ae372ba44e895180aa7c1c13fb9bc592 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 4822866d4c91b49688d1aa044c61c38b |
| SHA1 | 2900419a1825af3cdb1d7c0d535bdbf80db75bf2 |
| SHA256 | 96ca222cf1dee023f076455b179662edfde1222cd7e78d805a0c013404f773ae |
| SHA512 | d15905afff90097c0fd59bac58b2d02743796cab71af6da9af66666888de932760f21212796320b71aff98c2ff108d5bed20b2a2400926862746a2ab29479102 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 99adec199701191fda80529b0506e475 |
| SHA1 | ba63a6135825ed9f463762fdb1fe8e4a3cab26e7 |
| SHA256 | 86301cee42e07c559f6e99eb7e7270015f1b0617d1169feb1310508d4c6e004b |
| SHA512 | c4ae0733870ef45a493685a3871c77dc2f9373d6104b429d38d508b5e6b0263114b0680e46e57ca20dc236cd45a4f6be4a1d1fd54945015f6bcfbd379e911267 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 97a09aa4f4b80dece35061510ab8969d |
| SHA1 | e5a6e838772cb4e8b7bbe73a302f71bb972d51c2 |
| SHA256 | 657caab3365bf04728d83c35c710ed890130a83ed11c20333577eea591a662f4 |
| SHA512 | c4e05c200de14ffd86619f1fe99c78ddba58b22acdd61ea0260cd291a6283bd446b54d882b40427366769de76b56714bcb546330e7de96fe10a8ef49bd7e16ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 52a30eaf6f9171ab42fa2f4e746529a6 |
| SHA1 | d25e9ba467ba0c46e4ecc225ccc0b79603a15f3b |
| SHA256 | cd627d2c91ebd8d52e0d75635ca44f653d48fb54c87686c78d698cf73e2f08ec |
| SHA512 | e6459aae6da09e974d4c12e9e3c0eefaf072042cd8f9c0c6168d4a4494212e7ef4f89459b25fd4e4fe60617c91b3b274e09b10326e031ac14611eb86f41e2b08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 8226327996a67b56d47dbca42620a75d |
| SHA1 | d604167574ee91bbf5a6e0aabed7591fee1cb41c |
| SHA256 | 70ac272dfb3bf6e7cd5869a4099a12670dd6762e76bd73df23858cde219e6afa |
| SHA512 | 959ffda13bd17451bb153225fcd72edea4ba3b0111d0f80d41f46da3e718127bea5f1a1674fe13840d8c0ce3fa5773bb8dee62b64937eacc16248f329424d57e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 0049e2c4454a1b88d7e5232ce501274e |
| SHA1 | 562dff86ef5302b31a35f3335b94f2120f83c3ea |
| SHA256 | 97977d6df3ba89444d76c5a05e1923ab4722e3c4a9c8d04cca207493fd2e5532 |
| SHA512 | 34addbbd3ebc57bf1b6c39d876211d8756bc74decc658c8a64d253414b93ebb7b394837ccd7b2fca7772794f114443548f7b98c8a023cab3a286150bc8fe7ec6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | eb16410f866b6cf5cc513bf6b819ec48 |
| SHA1 | 3da5f40612a7fab27bdc7a549c1620d8c9da1c46 |
| SHA256 | c3411130f6b8437a380157650c0385dd88e32055c9b3c56a624f768a3f144b71 |
| SHA512 | 9e616c3d012740168b3f27fd223d6e8c296a3c2707c6b843ccc043aabc5ecbc1f2328296e68435d0fd52da7de3ecd0ba485e233b53c7b762c3c5f15f3df0cf80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | c3caa237ff99a1e55d7fbdb3f48b10f3 |
| SHA1 | a31ee58ddeec33770613cbfb6f7418cd94e07ade |
| SHA256 | 13a06d8b3e97713b984a16b8dc8e4e80fe59890bf88791aca961e8a54911fe93 |
| SHA512 | ed93ded04db5accef80e0fc3d45197ff8a0e031a23a901ba2cd2611d4ec96bd6208c9ef7f0ba79e3f0b9beaf927b674a7dce1fd1f58b3762fb70476817271230 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | e68c49fd30b218d571e5435773c46d89 |
| SHA1 | 0107595579b3d17c8cc585b8a3b08ca7ad1814b9 |
| SHA256 | d1fc73a52c9ee2f44fe2bb46b0dce37af0a9709bb1c1c2992bf435d3aad7bda6 |
| SHA512 | ebf8476180427406119f6760919be8983f1fa322df3982a8fd7d81bd0b26ebc4505048d4e4cc281aafeb5046211c458637f11e8911a8fcd277019ab7e1c9e247 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 8e0f49ff0058ff253f619fbfbf98e1fa |
| SHA1 | c78b6d53070115a4f8857e8da6ff553f7ac4d249 |
| SHA256 | 124597c56f49af7cffb3ef5af236818517d7f161a0acc7b01ab9ea7c91ffc60a |
| SHA512 | e18e40004505259cc1cce6753d17bd95c4c548484554d5b75183cd7efc52d881516724b2f18854f065b24785ad148bc649ab70264f09285dd9f60b83ee36b718 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 58e0653b41ac9a6c6b0c9c1130dbc4f5 |
| SHA1 | 76e2fd8d83ef892b9e1d7b6499d3c2fbc6636197 |
| SHA256 | 515ab1ab1fd5d82a897f7c0d7401107f83b91ba3e3fea8c47650d570c4f78663 |
| SHA512 | 3b04b61e42063a6c2483ca94c737220ae52270579e659980e968a794b5c56d8658e2f0166cee09d3bf6787b0ad271f8efe37fcc68501f5125bafd4be3cf49f84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 98a40c8c470ae90cc0b4a98f6ce1b098 |
| SHA1 | 1945e33ae2c38f1e9674fedf1ef04be4c38dfb96 |
| SHA256 | 4ee0281d84d19968f80a64330eea984cbbd7e661ef8afc3c88f644845f16de77 |
| SHA512 | a4150fd695f8c585f4a512e3c8b61730f8f278f15e3e2e4826c538e2aeea82c666d80ac78e563393a181376f79f0ff77f2f3f04baf758e824a58fde953a9238c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 037f9de0a742704d765a90aa4b58f1af |
| SHA1 | 348829c107d3eb3b23bfcf1a7e92832d7aec2ed8 |
| SHA256 | 253e4a067210ddbfc056bf61229e579d4727a0cda8e89ac373c87a2bff323ec8 |
| SHA512 | a7b4bedb88c4791008f663842426e69acf98022b95448f62c8f20babd34a46850569a00bd40d78eab79a50b03f67528c26d70af9b0fd73cf999535db99207e70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | cc7ad65e0558327d8fbe8ade40ab94e8 |
| SHA1 | 6c153e9bf971f196db25cb2cb3b62f77f0a1299a |
| SHA256 | 956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30 |
| SHA512 | 0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | e1f6e032096b2924e561c3928b9dc73d |
| SHA1 | f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad |
| SHA256 | fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8 |
| SHA512 | b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | f1cad4800853bba09a023250de102801 |
| SHA1 | 76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6 |
| SHA256 | e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b |
| SHA512 | 4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | b715a5dd019d1b8771a3031ff85c972b |
| SHA1 | 5768744eb85d3137d094458e4b7842c1c5c526cd |
| SHA256 | e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a |
| SHA512 | 22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\73c43473-1ce5-4c66-9867-4d94053931fa.tmp
| MD5 | 0031bc8a904f354a73ee37829a3d76c1 |
| SHA1 | 16bedff6cec0dfcb099927b9b027c1982446c31d |
| SHA256 | f6e67cdd9df5e0c10e87a13debdd8163c71daffe0f08fa32c8e0981fa3600ced |
| SHA512 | 1c984417fcbbf0a8a658e2e44ffe033ada3bfb7b77cdb4b27fd695e4b5d80f9f8fa7b207f6df867c170efbe1f06b8a1c3d6aba7a6b1faac2ced3c013589e7c5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f9ad296e3ff499477219f8db4731548e |
| SHA1 | 52e7920208fa19308c4c98a7c991c02b32a8f4dd |
| SHA256 | 58d0248efef6d667a6c23f4be115c5244397bb8e0909e9e9f779f0804fa09d38 |
| SHA512 | ac4d76092767350deff7fb2bf4fd0cad931ba0468d33a2d6537569dfd409aa461ddaa2493ccf023d745a35aa7f9fe2f8430bbc7d4e5333b48f2ec216881c5833 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d3387e5f03d256523890088f15d8b892 |
| SHA1 | 367c9477291d5f0c7d6ce348e56b3dca9ad298f8 |
| SHA256 | 842ece19a915308fce66389c9c6a09910fe76fe80918f7d9cf5b702aef00112c |
| SHA512 | a96e8560ab5f923743e78a5c79a0431bcdb5126e390f51cb5a0aec747e91e1ebc851bf2593781df89cb0bd68f56725dd2c2b5f3f527655a21778c206065d729f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 65bf8295d4d7f99d34e29d76150c24d1 |
| SHA1 | e06f97f47c808616903d32c5ef693e188c938263 |
| SHA256 | d8492c75aacfa2790238320e2ad6091c59ccb82019437b5fa8ba762544cc2b4b |
| SHA512 | e52475d1bb8c60a171d8307464ae2268dc2ab50525ff7ef7f40607e07c194b55c121c8c9dd20fe5d603773caf43d04ab0ff32268f96ff4ccf7586e1ace390c4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 11ed1d624c897deb3ad2bf852bfa0c1b |
| SHA1 | 6dd925300f35553b294d71ac6385226d1a3f95d9 |
| SHA256 | 3722d341c6000afc2c82bb4acdc59a714944c68fac0610bcd303c6d1a0dc10c1 |
| SHA512 | 055be93c6c617a203eb40ffe08f0d6011c5544da8abb9cbdc6ab7adda3efeedeb945933e0b9bbd4c0a933471cf57c5e406b00b06d7dfd76f4ddbada60c2bff57 |