f3919ccf06f07b88bc8d30e68667352f336fe26848c02ffb559db374344e2d96

Analysis

max time kernel
1968s
max time network
1953s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a.txt
Size

27B
MD5

2616140c38a76fa1a99614eb46f880d7
SHA1

90f305004bea687b94532c4c819394da0fb09771
SHA256

f3919ccf06f07b88bc8d30e68667352f336fe26848c02ffb559db374344e2d96
SHA512

a74cb235df24f47fbca95810122e4220d443007162adab7097313ecb949286f12209f970c2bbdb6ef579340526b7d830b9c43a7fa6137623ec066d2023c517a4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
728	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
3248	msedge.exe
3248	msedge.exe
3804	identity_helper.exe
3804	identity_helper.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2512	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2512	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3248 wrote to memory of 536	3248	msedge.exe	90
PID 3248 wrote to memory of 536	3248	msedge.exe	90
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 3148	3248	msedge.exe	91
PID 3248 wrote to memory of 5040	3248	msedge.exe	92
PID 3248 wrote to memory of 5040	3248	msedge.exe	92
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93
PID 3248 wrote to memory of 3280	3248	msedge.exe	93

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\a.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa7dc946f8,0x7ffa7dc94708,0x7ffa7dc94718
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,1228649938790525936,4684675429507120093,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x484 0x408
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
c4981a10ee912870776d266b36841449

SHA1
822d85864fec99334f9f0a4014edcb0ba4fb2061

SHA256
b7f9c5035c3de6710157fb09edf159baba5c53d792a5bb2917a3eb50488da6a9

SHA512
a094c2995653b510d1e6f8f46edb92cb545e31e9780e7da0c9d299291bb1d6fcb5a6c8407cc3c60897863b690a6b5791e456c1df69c0b5b34fd38df453c72ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
17916da0510624b1138062eca123bcaa

SHA1
76c0551513ce7d8435cbd8ba43a98908f41d324c

SHA256
f41f830df439a0240f7fde28aa021d0319a9a3d8ea213207066af18619be2c83

SHA512
9938f0a6b41dac5a959df1ae79eed9a1d612cbc7aab536033f9d334d38f6e432459acb69c7b108ee198cd48b470ce7a19f72788692c9095d1e66b5dacf3d510b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8bff11d97430b524c2818b8d1835b38c

SHA1
b3e5b7f8776e35bf4f055e3493f8c29ce907b5c6

SHA256
5170a896fa8723b6bb374d857d058e7811bf82df754c75699f018af5403390b9

SHA512
13680e8696ad7d803abdf1c7859cb6117660d300d8082b576ea525e2844ba91dd31d172beec084c4e465fa79ebf80c308cd3db913a7d4ec984cb592bffe76bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
12cc44aea594e45a03744e4584c12519

SHA1
27605cafe67ac8755a0e8efd23d77a0907f161a7

SHA256
12d2cf407742cf53011f24ee881a54d3f31b80064bb4fb182663ad9566f7d9a0

SHA512
147aa1a92443189b3477c71048f1fc6157e462f1cd15cae5ae3660ca64a0d735ac74323bc47ac0d49c4b3ecb0fe7ffe5d7b2c842415226c98726bba93911437a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
74616087310575e17e9d4b3735b6a2f0

SHA1
676f60a6210f72bb06275b9feac5d05bee5b838b

SHA256
5f2c65ddbea4ce140f6f7503d3fe8a081ec64b49f03a344d672187510c2ff240

SHA512
dece124e0b9a9bf4730c70e1ff494bab1da105f4184eed50ed60c94ab3fc2f8033681fbe5e0a4e37cf5249afe136d77098405ea6968bb27c129f08d8136965d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3d187ca8cdacc2288fc97c714873892d

SHA1
4b4224bd264180600fc496bd73a2e8501c95e5b5

SHA256
686d13f392383235204f8a6ae34eb47f7dadb49651c69c632486eceafcdc92c5

SHA512
a76b85a79cd10f27c6cc4c736e94b9b946f5547ebe3c1e0a6630ef4fe5c8199b9a7777d03be8eb6d3dd9999aeb39bc4f2fe8287c1cbebfafd5a64ec741c1477f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3de5460d96c6eb8d3d8877b2ef20fd00

SHA1
fe030defdcae45eab532a8e3069b6ab0f0590de8

SHA256
990459210ef73f8b7a61a6697ace18d99dbdfa1497ed8ddcc1d70f09de39c944

SHA512
f960405dfe977510f9988e3a03da0ec999547fae2357d6e74cf43103b30d8beedb797bcf50c5e97372fd430caa669ab0b708ea1d187b9644610ecd10ebf8a982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
76e8db3f2fb8b3f96a93d5bc5e14df83

SHA1
c9c21f92b940fb8c5307bdb44c4956b4dff7ee32

SHA256
a63123fecd7e85d1c02a636f4cdf3d267eb63d412093dfdf998a6fce2ee366dd

SHA512
1a2cd3134a0c0cb1629a4ceea7f0b1f32c4ec0e3f62bd9937ebfc93ad255f93e1b8411de8833f2feec3966d876919ccdcd1b8ff9ffe6f507fae785bae14079d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9eddde9e86d227c6cd0153a081b7b42a

SHA1
17068e8ff5678992f149473adaa025d010e5d993

SHA256
11d807a577bb89d794a8c1998447f0029d9a26b79eb4c66385dd5233a6a43662

SHA512
9b045c2ed7805b9ed3de9c73986a731e572874710a9eee9ee9c28b9a3c4ec919cb9f5fbe6529e680c84bd9c16a329c99ba51b3d4e5fe7e8af17596d7ae3690ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ebf1813e68431bf4da2fddc2cb33ab30

SHA1
0dc9e24debb5ad5458633a41056e499863695fd5

SHA256
32a2d2beccef1ccc6a6d0cee5f230f654dd06dcab0eb37766f9d296f33ba8acb

SHA512
aee9962f725280fd1ce3a728746243e264c4a0cee905392c6fa7f0a6551e414e85439acfbd6de1e315d20b872d70f9937844c1672af455a1b7c8fde08f27c489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
15ad31a14e9a92d2937174141e80c28d

SHA1
b09e8d44c07123754008ba2f9ff4b8d4e332d4e5

SHA256
bf983e704839ef295b4c957f1adeee146aaf58f2dbf5b1e2d4b709cec65eccde

SHA512
ec744a79ccbfca52357d4f0212e7afd26bc93efd566dd5d861bf0671069ba5cb7e84069e0ea091c73dee57e9de9bb412fb68852281ae9bd84c11a871f5362296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\524eed0e-0421-461d-b185-e0c0654bf7e0\index-dir\the-real-index

Filesize
624B

MD5
57428857d54322e1e6f22e0b0e6c1f82

SHA1
925ec50e0a93d18a8abda782bc0c8ac73aeb0bc6

SHA256
3b64f6669d6b4ccd8a75b806bdfb8203646493955ee8175d621b816801446a4c

SHA512
48906e33ca99e8354badcdd347b904bf16d1374fc57e5984e5f7b658d7c724a88e292ad8c3473324fc473ffbba860c08f7eb0bd492eac56a03ee6e48d4db448c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\524eed0e-0421-461d-b185-e0c0654bf7e0\index-dir\the-real-index~RFe5852ce.TMP

Filesize
48B

MD5
22c659a1032adf98b0b2a37c8c8e96b4

SHA1
d66f303c517d3922da7af12075c37672f62394e9

SHA256
75beb5a663d08ffea0e2df1ea0d264cf8b8b5b1684e913d86377fd74d33a0e72

SHA512
6f109bb7a0ceb62553ba0b1e59ee79312187a95e3d0a600dc55e65b83eef5db0b4b7a355dd8720274f5b0b085ec4e3e2018cbeb628acd2b2467d1131ee0c5f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\801ba8d7-06d3-472c-a6c1-29da76802609\index-dir\the-real-index

Filesize
2KB

MD5
38041e1fe23af03e5ca6985e6651154c

SHA1
45c2b81d384bef946583aac1463de7102d0e5e44

SHA256
5a8e170abe86dfdf9a7a258569e8e82c6131e03b218088c89ccd468e2095d794

SHA512
cfd734ddcc65dd6a0e98431d9d3e2c35b8ae23aee67cae0d69f8f2df23b78e23855ed54f3f5a369f01c54f92ae684ab5444b5d233949699ba794a5325455d222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\801ba8d7-06d3-472c-a6c1-29da76802609\index-dir\the-real-index~RFe584cd3.TMP

Filesize
48B

MD5
ce1dd2f3db204c6fd1a5da9a1d3ebb40

SHA1
50363ccb6ebda5730a1a2d53c9bb32a093dbe554

SHA256
03fa85ef59985c012929b9b70489a5a1c22d0a5ca3112dbeae66ca238bcd0a65

SHA512
30fd46214f75fce9099c5171a8957cc9a75eeb1b0c93106e6a6d12791298d948beb4798dd439be5b319a0c5f9797f39be9d2df49b05f4d32381142b1796bf22e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
13a4caff3fbdf4468578430f94ecf8d7

SHA1
dbb808e5d87fbd56b782e3b819e95df51b070203

SHA256
73f94e9672e1cfc5b0f3a649a3bc8e336faf5ffc5ad25f27dbc88fa26e63d0e4

SHA512
d473101fc16e2d5584a8ad3712a95a3b77ed38d4b5f4fb125953bba78654b3465fdd6878ac498dbe2759d20b09ede3ea1d42853884ca4df8c0b322e6214529c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
158f4fce1f3091c826c932f11bd47dc1

SHA1
fd7d86aee54e6c5a9e76cbaf616a432b9e06f669

SHA256
ae3d144ac9f8e6f48a9826dc4eaed58b7184b0716d952e206000efebb08c1d21

SHA512
c7ccd8dc3661473cf34e29edd072d6236c235595943f92136be747a8084a0e40eadeba3a9b16fe558183170630e287f7b34c2564b353dc757bc221d4143a441d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
c1a227a1bd7204741b741cc531710250

SHA1
d52784ae61368f4f2a239b990ad5e58f8227484b

SHA256
df48911a652bb975d17f1c5260d1c1c8fb15064d43c2ee2120ab50c0c4c9f7fb

SHA512
99b77275a862949eb58452930930992663ef9e37f92c74a2638bceade05393034b2150bc9fa04f6bd89614ab0ae00f79ee1964454fa2c87995960bcdf2e06927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
568e1db24bc5d060b21b21fb0a85f1b4

SHA1
a0c1ac7bb4fbf90c5080019cecfcaed69c2852f2

SHA256
223993d20558c0d7bec25a34c00f1388dacc2e68617bce8a3557c6d1e2e9fe6d

SHA512
b10c0092da36b68d38c46c30aaa611d3c6522d1edda6ea23a35d1ff7e054831a554e06c7abac9c953c5af8dbad26db40c6d6737d229aa6fdc0fc8a006feacb1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
6e24fd585a779070f2dca2828066a1e3

SHA1
a437c7f44fb10b809ccde01442e95fa61d40b383

SHA256
6ccf8150dc391bf639d0ca1b2a2de1b80679af3933adfc395b05efc5b788d15d

SHA512
5e782b7ee8c61861ae1747e5ced52c1c0315a9ebc9cad461f4bc3ea9482c1963bdc48177b2e1b4d09469a493c282905111a029506b3f82b19442792b729ef085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
15KB

MD5
af13c864a4bf71bf347dce2e1e92d7c9

SHA1
880a44a84ceb9809211f96aaeb025fbebb5158fa

SHA256
7274240ce6d79065ac59d895945b9f0e9d4c494fa4be3c71d79f3a424dbb5697

SHA512
535aae7b861a0a14495375ddea652fba53f2d46f77b960e3e718ceb3a3922e9db02609b9b045d1a0c99be5151aae97fffc1ce9ae9a32f86f557ef511d2c5eb69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
9KB

MD5
eba757922776fa07da475019846e85a5

SHA1
a5616f109c5f1965c0b8fbfbf48e3e5e0b109c90

SHA256
c3bd0bbd4dab10fe232fefebd3afad7b256e3fd0ed193d7f79fdc94df874760a

SHA512
cc539e2f500ff0b4cd27033e5decac902dbc4e99b55d5004b23a8b278f5ede153d24644f18bba95bfe5508862ada6c08bc0a614c537711b403117fc948d94f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
155KB

MD5
e4c406ac51ab907ece21c29386a418d5

SHA1
ff3d21fb1869782ebc84659d443e36851294285a

SHA256
f061d318c48d09a6d644635fe4d5b480affc6a4b5ab9b7d426d78f8459ddb03e

SHA512
7e0ae2f730f28b84fc1a20bb6ae7beb6d49d4b0d1731dba39801085abc3ee38f9c6c79a5374cd74bc871e06c99a5256b83a0f146ae9035a494695e146ed5d9f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
377KB

MD5
4ba768c400d99b76c1fbc1725b31ce66

SHA1
436deb82b560211f0eca9312ae2cf6d29eb887df

SHA256
095834135d3e202f7cb26ec834abdea9fe99efba2a3f0d55804ba0dfb289be60

SHA512
238982cf1b2e065cf9909a604dfa44e77f10c7981afaa95e2d72358d6809ec6cbf0b3f81c73bd2617b981eda88243d1dd853c158b1597236c29058f93e6f9a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6064c7d73d9adeda32f2b39c71c7864e

SHA1
4bc88cf83d37e951248bb88c42a8063da7e202ed

SHA256
59589438c88d0cfdc16a0b263acbd6d80d379127da6bf5f3bbf3b97ce8bc1fce

SHA512
ec3aa6528b9eef5096c96c3e372e8a8d26b19cd59037b9bcb07e2d982aa974ce1d400fde25d9dfada8394951e0c5d64fd6293076d19b709ac268646ff1c59c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5843da.TMP

Filesize
48B

MD5
6d4e88ae029b06c2712fdf9fa78fea52

SHA1
fd6f0ad7dfaf47ad9f0b45448d820007a0d8e963

SHA256
5e98dcc1877482174e2b6778503cf73f367c30a6ff70a896d3e1c042003efe52

SHA512
2bb5eb592fb672eb8389730ca4b1c6e8f3a8ca4630d02221002ecef5eb2e46c1c3e62f7c5fee7db5f9af3b649c989fbb0cc380917a7f64e34873bcd606bc6d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
581db48d92756feff647711e8f13fec1

SHA1
97ff3ee4ac0fa0fe5795398299a7eb48fae27592

SHA256
263c420cf7707a85bca86d36ef1c47eabfbd333312ff3baf8fb1abb9cb5cea41

SHA512
079d52e1ce04be39b2ec2b92b27ba36157a3466534f8022be06d269fdc130748f7b8a197422433679a9c366559d5aac50251b57fddea577dcfd59dd0ea05e415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0fe04cc26e8aa428e218b97daf05f31c

SHA1
96254135caaf89f540ba9a6e10beaeea7b940324

SHA256
5abe9940cffc254c0e600d01e935b662bdd9b392855354864c9c2f09ffb66995

SHA512
d650719049b57a8582a42fc2b4a32aeafa9de676b0d86958324933167492802bc4a67051e585317a8d436e174f4727ec5e28b02155f327a71dba63e1c0ceebed

Download Submit