2339440a3eed274a54b3e213f46247887ea05fa4de28113bec40736f914fd5df

Analysis

max time kernel
307s
max time network
476s
platform
windows10-2004_x64
resource
win10v2004-20231023-es
resource tags

arch:x64arch:x86image:win10v2004-20231023-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
22-11-2023 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Shadows.of.Doubt.v35.07/IGG-GAMES.COM.url
Size

196B
MD5

882e17d630d74b64a8176e38e2fadf7f
SHA1

d6652d568db451c03b73eede688e0124e2d54ebf
SHA256

6d905d76e7d807c5831231d791f2510160dd56018ae423a037e7ac88fd19412f
SHA512

2baac743dabdbf133583c4d500699673e0bb2b2ade89f0a660eb17bfb440f1d74814ade3b82eb07d776f6a7c1b1975f25c6c1c500edc589897bc304a9c9fb3b0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
1540	identity_helper.exe
1540	identity_helper.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 4480	744	rundll32.exe	83
PID 744 wrote to memory of 4480	744	rundll32.exe	83
PID 4480 wrote to memory of 4312	4480	msedge.exe	85
PID 4480 wrote to memory of 4312	4480	msedge.exe	85
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 2412	4480	msedge.exe	87
PID 4480 wrote to memory of 4792	4480	msedge.exe	86
PID 4480 wrote to memory of 4792	4480	msedge.exe	86
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88
PID 4480 wrote to memory of 4348	4480	msedge.exe	88

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Shadows.of.Doubt.v35.07\IGG-GAMES.COM.url
1⤵
- Suspicious use of WriteProcessMemory
PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://igg-games.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xb8,0x128,0x7ff88b6f46f8,0x7ff88b6f4708,0x7ff88b6f4718
    3⤵
    PID:4312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
    3⤵
    PID:2412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
    3⤵
    PID:4348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:4060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
    3⤵
    PID:5064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
    3⤵
    PID:3444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
    3⤵
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
    3⤵
    PID:4164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
    3⤵
    PID:3548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
    3⤵
    PID:2548
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8
    3⤵
    PID:2984
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
    3⤵
    PID:3484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
    3⤵
    PID:4420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,600185973517468039,5832049626230359796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3308

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f30b8232b170bdbc7d9c741c82c4a73

SHA1
9abfca17624e13728bd7fa6547e7e26e0695d411

SHA256
0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

SHA512
587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
3a61b6210f53fc5051a2095f97b8af8a

SHA1
36a770612b6e38c8c89b1752eab375813fa02792

SHA256
b73934a72bb858978f78096d6de73dc346a3913a311711ebfde53dfecb2355f2

SHA512
b7eb36c7f051cd4b11b8d6c09de0afe95a02a1c34aedeccc142fda86a40f36e7c33b361a56c062ca54d11c2957b0b96f7e015664b07e69d2c94edb77d2032278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7502f30f0913394c1893e440e2bf12a8

SHA1
fab8cd13c559da00543769a045de0bf5672de46f

SHA256
e0ea0be2b54a4d12a1096297d51d8fa930fd8e06c5113ea79784efdb800069e5

SHA512
46ca79b2cd4ce2a37295c4180f8184aba72c102d22e7f96ae087c88545eaba147b578c041c83a46b31e3af8f95f53ef3ea07e20fa75d54cf7a067ca3a485fecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4bf008f537a681a48f7d7704c6f270bb

SHA1
19d34a73036fa3e5b7db22963be10946b2b94dc9

SHA256
09a09cf36fcd50db1fc21cde982e9b263421a70566682a5a05db27ff1e295361

SHA512
0afe1072ea063a717fe73eca1e6053b4e863131bf8da48304c5365d8c923ce03b4161a6ca0db43d7dd9a5a6a4926f1dd8920eacc5724f9f1af487aeac373d692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6fdbc99c4a100630939586a804625994

SHA1
d14c2f5ebd0ae9a9bd02b4994c018f5021350b74

SHA256
235571e86d5b9025897267bf1ec72035e0c229cec8ac43d11e0d87d9e527732d

SHA512
f46614b925f46b544bedd181241854085b95a3213f2f84d349b6c6d40b0955d7dd29e1eecd4770e41b83d5ff486b7ebaed7c5357c9bfd3d634c2c278a9a058e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7d7c357c78d81ac23217d8c20fd5ba52

SHA1
e6e2993f0531dcc495685a0f5d20f342c898c361

SHA256
ce7d0a91e86190178eba0b8ef2ba0db73c46218c1d51bdce7715f14eae028f26

SHA512
defeb8a79d0faf4b7b63f5bf2c293427e1cbf65e0fed472c8ae2fd2e0d56fb784a29b02343d037e16dcce753e64b7d5caf3307198ae81157bb542e60124ae457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b8abe9b2d273da395ec7c5c0f376f32

SHA1
d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec

SHA256
3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99

SHA512
3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d2f9003683480ba1b7da560a7a43ddff

SHA1
66dfce647301c7553ab3c0d78146bd8af351e9ce

SHA256
c6c91f8b6b56d778301069b5d5cd62d3d9726e2f57f4a4becac582296a9c865b

SHA512
7006739f158d21b0bc802609f531f402b9091da8b79537629644bf6040221c5ad2726653d6be80108717972ef713fd7a8663333512a8ead19ad112a050c7488b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ad41a.TMP

Filesize
48B

MD5
72bcd7bd7818c01438cd508e6c337761

SHA1
de3887bad50a462d21f3b3ffd335b559e2a71575

SHA256
fc0ae52e4cdb2ae4e951bcafaee5804bdc5c89d82fec805d69fdf13327dc7b48

SHA512
8ccb9e094d10b216f13452dc23928eff79b97c6a5de551467b9dbce2e59b0527d3f424738915ba41bae8b4037359c4a58be23f3d767a804682e6b524d516f27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
166d7717ab57895502fff432b81c30c4

SHA1
60db3335cf81913ccc0ca505ce128663bc02d755

SHA256
5326b39f20b2cb354666140484320265bc4c5d76e5aa26342b761c55ab994ce9

SHA512
d09db53ec510db81199d79c04a2250c9653a8b6e25204b19af4bfacc55f5dfba774e991fe2e776684f99b4aa8d88f85d7fd9fe4060f15b06f9aaf9443f288bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7e3aa6c3eca3c8561e7aa49e4774af53

SHA1
15a906392e8f879c059b1a153a0b7d7d6fc221f3

SHA256
c98719d1f047cba16805e3becf9aa678e7b58c54ecfa63670814831dd46dbab3

SHA512
1e732ec0de3af7feef16f6e08584bb6efbedfc21d4371173b5f4b769ccd50931492c9e23c1e33ed533804c28a0b2c38a07c45d6a897f45565baf6182845c275a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4c16a422e636de06bdeecc5f7796b927

SHA1
45ed2b03dce5ccaa813370d41c0e80659d61ae34

SHA256
90add8772849c60be752dd059e1f91d6a3842e2c23ce3a71cdbb2fa112f0fdad

SHA512
3717aca9d714637f7cc61310b94fa67296154c04b9d866872c117f28bacbf575e3644f959bb085f80bec45ebf0ffe485337d6878dcb9b270f1f34631c619b48a

Download Submit