hxxps://u-nice[.]click/NUNCNU

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2023, 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u-nice.click/NUNCNU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3125601242-331447593-1512828465-1000\{05BF3B5F-BE18-45A8-A6A8-A8A4D40D2BB1}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2024	msedge.exe
2024	msedge.exe
3940	identity_helper.exe
3940	identity_helper.exe
2128	msedge.exe
2128	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 3544	2024	msedge.exe	88
PID 2024 wrote to memory of 3544	2024	msedge.exe	88
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 1844	2024	msedge.exe	90
PID 2024 wrote to memory of 2848	2024	msedge.exe	89
PID 2024 wrote to memory of 2848	2024	msedge.exe	89
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91
PID 2024 wrote to memory of 2180	2024	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u-nice.click/NUNCNU
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb10a46f8,0x7ffeb10a4708,0x7ffeb10a4718
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3152 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14770143714332391710,16313659654552145270,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4788dc11-4664-4e50-a4cb-077fd2927dd7.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6338f8e6fc1b9600e458b002f78a8013

SHA1
b7471a81d9961bbcaf5c8b87de09e58057cb1088

SHA256
87dd1d1b13fad07d0f199f66299ef42357ebfdaed166d4cbbd06a8344099a5e8

SHA512
92703bec69122c6acd323282b462620f2052229027c7e1049ecb55c01d28f9e5261135731f416dcbe49404759042f22e834293232abb040a73447caa0cf37a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_shopee.vn_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4d4a3a860282846538ac1eb21c44ef61

SHA1
9f8279e0b4bc6b926e6860a7bf8ffb28f4eb895c

SHA256
6859b1c85f46dd374b169a6aab5d40d8b5af7f0e86b028d75052a9d066f9ffc9

SHA512
69216cb40bc72787da0876e3261db122cb0b8601d16fc7bc11b5c311c90f8169f26209db45e33fb6b399d999c859ea69cffd751e18f47d4ceebb3a21683a6198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
079ddf0a51310ab6bfd429eead24d383

SHA1
3f07d732395f0a9a29ce4e3cd761089606bac584

SHA256
1c9da51a41ae28f8839fefe132aa4fa962815d53146b0870b49cfd215cda8f8d

SHA512
da5d738855071801d8c3ab6b5c360629afd6f66b37387f91aa37af4e37dc98dd7d9b6c0a0f2a7a4e2b333ded61b584b807c0a556df01a51d03912253102710a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
22e78e578c7662ee71faa1909ed189ca

SHA1
8cd7fb4b16d7e427e9391d3a8a63fa65957e2b7f

SHA256
f09faaf1217f02718de0920bfcdb0f595541b35c829d43a8b5ed0dd500535f68

SHA512
fd2934942f4f1bef28d19bd25926b73ea81e47b599f1a57ec5ebc2d7e594e774b716ec5ffb48b3d1b53b976b024939c64551a2f2fe5ba7be686380c78c102390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76c5f240894d12af165cce568fd05ad8

SHA1
2ee290dd901f6bb583552208442cf149b60503fa

SHA256
3c6a9318f3377d298d7d1cffc9cddbc502e9cbe9db6ddab1a276545f8a76e4ef

SHA512
379ef3f6e7211e4198ef421291c4c81c342e1ea76b00253a0a42df652fcb4757d17459e737d44ca00f8272fc5fdd7c2ebf7f9920e29309befdd67baa7c4bc154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc9c796118978f1cafe088e83c9bee8a

SHA1
5f8a678f637d87a51e72e8b031c5b350c558f84f

SHA256
27019f66248c07ae6954878083330158b4ba6b3bd5a3e5a57ac99ac5e5b2f71d

SHA512
837f6fb45cc5cdf631a91777e0fece97d6b1f00efcf1bf622e6bc95a1a31230b003206b16d1e7b78dcf01d58230421810f92809e27f9eff6d7b5fe364e6ad7f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
320b9aff22d01478ad48d905365349ba

SHA1
307acf54d517e6a74b4eec8ef8b12cd4ae807488

SHA256
b3ea105ddded79b2e8eba4c9b0e87d1812210dd0de1bcc0037d102b18e4fdd18

SHA512
99b79485ed73e9b56834dec0e5e3b830f8badbb495b57603f0c7fda2afccfd1630adeb635613d5d41658561dc411eb06d509f0853dbbd9a75cc48aa7a787ca76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72a731a528341c59aa7bfd92fd39202a2426fa5d\44b7a2be-11ec-456a-9e94-20709aeed1b4\index-dir\the-real-index

Filesize
72B

MD5
fb65fb0109d4812d81d539ab637b4bde

SHA1
3811305b6481c6f61d07d5580b2cae97c46762d2

SHA256
176b24eb8e0b39eac5c81a14143cabc06daab735c4ed8a73b0cc283bfc5c0ea9

SHA512
35015806017dd716a31ea37cc068956d1c5bf4418786dfc45b146614083f96e2b53e1e89debdf3e28c9bd6e7faab41df46355c6ab1c590d4a49052aca36b7930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72a731a528341c59aa7bfd92fd39202a2426fa5d\44b7a2be-11ec-456a-9e94-20709aeed1b4\index-dir\the-real-index

Filesize
72B

MD5
5901f49addd16d06f69b9a5e1cf26f79

SHA1
0e4ec693d326b22e03068a5d05611cb1d654523d

SHA256
754e4fb37b71288c4553e446a09076820ff9c105f7127f840dc5b7265f4b4023

SHA512
bbe8518be6abce3cb2ff825eacaffe1f263a1c312aab15524af0e6d05a7dd28e204c2e133ff9fefccf92ac7b05d4f6d070c25df2ae425294e8e822f6b7ea91f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72a731a528341c59aa7bfd92fd39202a2426fa5d\44b7a2be-11ec-456a-9e94-20709aeed1b4\index-dir\the-real-index~RFe5879af.TMP

Filesize
48B

MD5
dee58839cb3204e9fb4169a4bffee888

SHA1
f1d2f39c4549f3e959537d0afc58c745afbafa05

SHA256
318f1a0b926d3294267f72cbde05d8c42ad5ed53c2df66f1c11c597d2db27a98

SHA512
4293419490358091ee0c6649e01d0efadf58c90cc444f16010c2f2a30d61a3ae6c024236d75953883937d04104f5616dec773330d8cfee7dc3332ccad69aa291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72a731a528341c59aa7bfd92fd39202a2426fa5d\index.txt

Filesize
96B

MD5
9235f5cc07ac01a901ab7f815abd3fff

SHA1
8acb2f2e16d19da467ccbe652f1b16d9f9293f12

SHA256
339681563c59293c7b06eff5df763bfd0f94e1e1022347e37dec3ec11fa7cd1f

SHA512
c7e25452957c349a4d1922588430fe747a8770a7a69201c553303b897962fce95235a71147d510b52615039679d46a98fda6b0d7d2c6a7767a02abd5c8404484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72a731a528341c59aa7bfd92fd39202a2426fa5d\index.txt

Filesize
90B

MD5
02fd66fea36580a6a04c07cff039f615

SHA1
9956d6664ff322a2f2ceda9dd81b75506e724bc2

SHA256
12ea72d2f87a128b61040b7266ce6749d38a8a58e199a430bb0c05f89f72b682

SHA512
eba15f4b7d72d0a3a5e47c39d25bce823a3867cc7beec705c6fe11f31c2d8a6dc9ece0863177441a691db1f2123b5f9afd9965abdb287e51ceadb43949870b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
539fafc9a6aecf9e81baf929480b2019

SHA1
7657b3734bd8c734c75a8cff250ddeef73ad50b0

SHA256
a0021b7e47a672ace34e12a6207bb7f2ea44b52ecce9aa93c145974066751592

SHA512
eb58946b05f878ad685bc4602d6bace89713e95ec80feb87816e21fa186d5c7ac5c440005555dfb6e95cca7df69570cee4dd1fa4eb872b49c20d2cfe3eb69e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589390.TMP

Filesize
48B

MD5
6bb8d7820b9186f1279fae62803d4979

SHA1
1230f9df5127acb62e8742a7cbc548ae67d28d57

SHA256
d9d3d6c80d79d1239ac68c29a6d210956ab9bc15b961a97191f87b53441848f9

SHA512
e3bb5f54b62ce63b6f3b59dfdd81e340019e9612c52d037cb9f427028b07032c7ce9380733aa48bcc79471977002abd125e467f4c6ac419b5d430292a98733c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
d9529275167373955bc234e7b276424d

SHA1
e6f885eb3237acc970aca425a25b9b941254dc1e

SHA256
df35bc6a101119dbce128cc22ba11372745b1fd28e0865a8b6d0f59b2a53d235

SHA512
75a3b6ceb80975bf1074ad0e241a5a5bb945d4472c957e152987d3b53f4a55ba82dc45d8b36e09629736b5ceacf21ea433f67f1d1afc75678faf917bd8dbf33c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd0a10377dab0155d526b7a6a511cb7c

SHA1
ffe814e063ae3ef80493bf4c0016aebe3642ccca

SHA256
b48c7e6de6c3c67b2bf30cf295f988f365f6e0097328f6a44c5743f4f112df83

SHA512
46a4a9241c15f84de7b2b5b19832abd8babad6b7410829a20a0a3fd04f91f49a1bd9a05b28bc513d64afa19c190860b632e6b860be2055dcdfdeb8eb32de450d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5870b6.TMP

Filesize
702B

MD5
fee241c4d594b15639688ba5bd15070b

SHA1
69ab1b6c38f2e5eae26fcefe5c546d107b0dc6ae

SHA256
b86450e8ad88d285bdafc239d757ead83fe4782cabaf07813b7aa2dcfc43a458

SHA512
86d92f754eb783deb03469d106019b62df92a9e77387476bf46134642d7026e5d95b04f99a5c93038806f1771c370e98d95cba80950e07e26417cf60d1d04349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fe9c6c46d3cd9d10b9a1df64761aad43

SHA1
274fedd194db675eca190419a92976da2d6a078e

SHA256
575ba061dab107f7514e7243e509454815f74beb17d98319b9aa025e8257ae25

SHA512
9b8919ef81b5883c96f4631dd01430edd6e3bcf890e3c8c88004356a9213014fef8e2f20da19e70ad5a5b9f8d098c8f3cb0d416c27120144e1e209fd5c7c921f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
492c645f208199a6d3c459c9abf013d7

SHA1
941233a3b0f36001e88f3d182f7182686dfcdf55

SHA256
7c48d6851565c94ce787e8bcda94425aab0951b116e39a17adb219625964518e

SHA512
f50795eec247dff9797c520e1954524d2ac4347c278bef4688bbb1822c46f0debb06f7f5c93304ddc824c27fa7f6deaa38bfe36a00f786170dc6d434444d7c45

Download Submit