5a237a3cf4cbce8b78ad5a7d59f22230bc9d668d9aec141c0caee16741157115

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
24-10-2023 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Вирус.bat
Size

123B
MD5

96eb649c4244d58c86d59f065033e2b9
SHA1

ebe22fd7302925c977efd60548839893e6371861
SHA256

5a237a3cf4cbce8b78ad5a7d59f22230bc9d668d9aec141c0caee16741157115
SHA512

89410d2a0d392feb1dd5a0fe3d983a01a1d54e0f9b7bb02a38056da9169e98e5a69c7f79877be9300105dd0fae91115ca0befe403013e562f9b907f9b09eb91f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3350690463-3549324357-1323838019-1000\{74EE123D-AEDA-412C-85CC-709A72AB3EC9}	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
4876	reg.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
4072	msedge.exe
4072	msedge.exe
3504	identity_helper.exe
3504	identity_helper.exe
4240	msedge.exe
4240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 4876	1616	cmd.exe	87
PID 1616 wrote to memory of 4876	1616	cmd.exe	87
PID 4072 wrote to memory of 928	4072	msedge.exe	101
PID 4072 wrote to memory of 928	4072	msedge.exe	101
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 968	4072	msedge.exe	103
PID 4072 wrote to memory of 2220	4072	msedge.exe	102
PID 4072 wrote to memory of 2220	4072	msedge.exe	102
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104
PID 4072 wrote to memory of 1524	4072	msedge.exe	104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Вирус.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\system32\reg.exe
  reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:4876

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff657446f8,0x7fff65744708,0x7fff65744718
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11530905103056171356,3928334541540798575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
d94e0e0a05b178d5f668021e14c7a1d9

SHA1
d28e00ff7663ba19bc80a379643ef1cb20b4d2a6

SHA256
ce471ce8016410f68616f0b1f122fc43f2dbaa7fd747877fe19955f492c630e2

SHA512
aa62a9b26850343db5b05ba623b1db75281ffefd7d5b168fd1a4a85c28655b1f3f900edfab3ac57ee7c4ace83769265c9a44d7b19b1b0e9c7fd3e11dc6267831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
c7bfb3c5c2e5df506de1f07994d37956

SHA1
895302917a2686dc0c2672ee3733b50f569559c9

SHA256
e1b5144c9833b269569b39c4a76436004ec9e0421033a245fa939013af4afac9

SHA512
5b28421ddea5329e72f9f226982ffd56058ba621c57269a45a4f4999d573399f2fa7e373d199508758d39892199694b037290010d48a88cfba16bd0f4c784140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.0MB

MD5
c4a3a3964d56e3610bd2573f72d3d5fe

SHA1
f06b606e529d7896e16cbb94058ea1f039c79c76

SHA256
9599c6c98dcc64daa4e3f3717edd969c40fab48b8813da04ab555a063391a8d8

SHA512
10e1e43323077d7aa85e5620a0feccb8837cfede159ef9cf4ef345ef8c1b856c4ca07a124bbea8c3a72482eb79cc08908baf2c270b859ae6456c3661c25b7b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
33KB

MD5
cdb96f20b422043e9460e6cc4af023b9

SHA1
6f6b4c30697114dd66190ab5973e3a9ca909c227

SHA256
0136715647e31040eb942a5ea27265a70b1fa6f05acdfd8384195647295f1cd9

SHA512
5b15cc0c9a64bbdc987367bfb030ec4a7418691a3c58d93877fc7974834877db9158315149680ce734f2fcd836ee34b15a8ee9a62df848f6ddee1c22591c60b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
05c0b1c4422a44d855238f9d00733298

SHA1
dce962b41b8c6cab31fe237f2659f39270f596e9

SHA256
241515f7e16bad6800ddc1ad5000f43c2863411b8ed6224a1e6c4563a30b3c3d

SHA512
0feff7733aca576e1361e2d65f18dee53618f1be839f9d4c1174572e036b8a0b89f2fec6c7ae9424ed20274fec745ffeaa7c4aff9852ed46ecc1fcb70c7dbbc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
396B

MD5
022e2ea4f3ad8922c2cf2a9aa95cc7fc

SHA1
ad8bdeadd8dc7931b8e4702ae6525f5c52f53960

SHA256
efd7c8585c0741c6d63ff4e5ee7d40e327ab22792945be4c3815414ce878c912

SHA512
b4610ea6ae58a7838d8cb290746061954f4bd6ed0765f9579ac58892af5ee41857ccb3851718d09847a5114022a2a7187c10d90d9baa16e1eb825a9ccd8bb3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
396B

MD5
836da9d09f7b43127fafef59e0c2e7c7

SHA1
8518d101c7c82ef38c977101bec65b7724d9c08a

SHA256
51a808c834d00bdc91ffb56945c301851b0bd073bef016431e490fc628aa71f3

SHA512
fd541ebf3f9bebf38e7836a468649e8fc01c8148f43508337e98e2ab00bb33b5b9e925b4ab7e42bf18c9f9788afcfae3c712b683c5cecf53b5db3b42d6887d92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e5d0ba2f42ad9145a5b35b56955c85c1

SHA1
b7afb172b747c16141959063e51b0ed94f332001

SHA256
625640df4283d40006e26b3a1c81a2faf2f61a951698e57a57fdb1c244e623de

SHA512
2d1e2532cfb23c6a3f3c1e88036019f7aca44662eb9ba3b14f20a19cf19b56ac5221b98625ec4296c50b5026867401cdd834b5c6ae669eee929648ca6988f316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df3074cbf693aa269bd40f58b587b091

SHA1
ca919ead2301501606f94cb91234b2cb97158caa

SHA256
c34f57159975fa6b140200eadbc1a919a6f3c663c9a6a36a681ed7922d8751f1

SHA512
767b95ac490833945a79b295aa0a92383e58e3366f4a61acdca1e7447c55ca3c9a5d6bc98eae12fec266c835152da531ac4187f2b996ffe7de882e372b2521d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e29eb83f373ff8523ce3067172829dfb

SHA1
26adf493e8f449e47a4df9a51b9e4c023021fb04

SHA256
553b87e43aaa68dc1170def2e268e66664ee8bcd9a26da8e97914111c992ce3e

SHA512
68ce3bedb14b359027ddf7245dddff88491babb02fcd47dfb00591cb45e4fab46cb4b633b316a35e9e902159663d82d90a384607cb84a0a41c58b6831caf27f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0e90c75a51de31c2b225902a7f0add5f

SHA1
4771ca0167435d2f7423608a5bdf05f22ed9cc1a

SHA256
94286af3fb7e32aff82be06643866a7475529fb04487823f37d8d58ea1278853

SHA512
677c86779f1f0187a344022ab9d0c7b08b4af487039a7fe8adc3a9daf47a1412896bb9fdd9722184001cab3ad6a247aa875c25f531a791b9b9b84ecb8113c0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab4716b5368e032439ef1e3f111bf0ec

SHA1
efa7f5e31fe27a9e139bcf76a9f898f316b2e271

SHA256
5cca7842e198d47f1ae6fbf62d7f9bf55f4eb8f600b6fc05c078836a9c8a9427

SHA512
1bbc751f392ff5cf82fff4f67405d39ed7fa9f24a7b8c5a5976af99b306f5d163be3cf01ec4f5e3b330e615b403a7dc46609120ee6ea8dcfc8932297cc966ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34815ac76c4d3ff3c1ba8c345eeddb60

SHA1
ea18bf3fba5ddad18b587261c47159241c9c81df

SHA256
e46569dde12db90b4e958218a52a1a5dcd46bfca38a5c63d283d2741fec2fcbd

SHA512
14a968c93bd20e6bc4cd2fe21ef32ab663b552b07b234f2a4e47903f32ee123b274e48254e31313564b859f4f242cc05564b6acb50a05a5916b939df725b7a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
4be04cf8732ba22744cdc750c6c9d2d2

SHA1
148181a28f8840f0f156eb22e809ba2023dc63e7

SHA256
3287825fd2a1b1a2878e040e852cf5adc706d6bd6be9a60da7ac59c79cb4c505

SHA512
bf05e910cd1f56a3a46e7a0ac5ab70125eefc837aa87f3b5e5d6ca4a3f7f2b11f9cb02af03e6aa80ee9a87833920b4972d78efd5bd522da043008c3dad0f5331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f24a.TMP

Filesize
538B

MD5
29cdb360a7f31f1e5f177b5acbbaf0d7

SHA1
7ba6f530b08fe6f60eee4839639e23c8c5f2c644

SHA256
614c65b7573790ae393bebf6b3e008cee9ed741bbcf13203005ea4584e0d89ff

SHA512
60ff6f588c7a1fbbd6d5f464c969d6bf775d53da5afd31182cc80db7f6bd18ea07e181c4a6c0cbcb7716258de3e58c965bbddd12c15e8be196223faa79a09f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c407bac3-aafd-4c70-b12f-06df67ba7d70.tmp

Filesize
538B

MD5
feed0a920cd27b07348a0283885812c7

SHA1
15b0c1bc3cc143c9cb0b1b2d6afaea02c8b1c1ad

SHA256
1b4601dc31025eca8b9d60b3c379c147cc6d67f21af5f7270b96c427d0164fc6

SHA512
bd23bab9e6304f53aedf86a9c32954b3540ac681f6fa4c50d0983d9fd46f261be9b1b58671081f2597f1632fccf8f24924fbfb1c921719e1098e0eefd8560d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84088ccc7836f01f765d3f5dc4333103

SHA1
fb7d144f354de2a86c046cb2e18252ecad260cc4

SHA256
d528edf9fa4d526f1b0580e51457b2be048eb9ca942dfa355f2f2ceab9eec042

SHA512
19901746e040e7cfdb97fb0b1a92de1b98b55e06fc1fd00c0a2947bf82db8f1c9675ea5522466c7110a22702f78d15f46a90db682718b00bc8844960e96b1ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
08200d296177d1b18b4e5220226b2579

SHA1
ee899fb156d228d47eac8cd16c7f75504556f753

SHA256
e843243b526a00810f2fc40be14a7ff59bcfd09c662c1213683089583f7065fa

SHA512
992d76d0661e4118670fd5db62f2a05fe3a1b4ea4e450c677c9e91ce91297ffd6afaae14a024a74ad8710f44458852cd6553110a7a48c52e1164495eff89ef7a

Download Submit