c3a2ceda18115e0fe64d8cf57f412ade8e170fe9d91c1cefca2a2e216a4115b6

Analysis

max time kernel
420s
max time network
435s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SweetScape 010 Editor v13.0.1 for Win x86 & x64 + Keygen.rar
Size

38.7MB
MD5

1ff86175880a302cbf57d7de1e4a1f31
SHA1

8337830f83e718f2f6c99727dd06c5b537aedff3
SHA256

c3a2ceda18115e0fe64d8cf57f412ade8e170fe9d91c1cefca2a2e216a4115b6
SHA512

bba7afa9c179bbc1f12e21253dad92d3bf504625aed27cd79525f9d122526b60a647bda29d752ca9a25e3ed0cd65a82e735ca9f6a9f22302955b689a84a4a505
SSDEEP

786432:jxAVtZrB5MRssJzO0vMEW3LOR5DXqh+a2ki2I78ueyXjzD:VwBivMEadhsObyz3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3803511929-1339359695-2191195476-1000\{EB55712A-8476-4360-85CA-87DF7115E9FA}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
3860	msedge.exe
3860	msedge.exe
4200	identity_helper.exe
4200	identity_helper.exe
5012	msedge.exe
5012	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3860 wrote to memory of 548	3860	msedge.exe	104
PID 3860 wrote to memory of 548	3860	msedge.exe	104
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 4724	3860	msedge.exe	105
PID 3860 wrote to memory of 1896	3860	msedge.exe	106
PID 3860 wrote to memory of 1896	3860	msedge.exe	106
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107
PID 3860 wrote to memory of 4592	3860	msedge.exe	107

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\SweetScape 010 Editor v13.0.1 for Win x86 & x64 + Keygen.rar"
1⤵
PID:436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef90f46f8,0x7ffef90f4708,0x7ffef90f4718
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5810479555872609445,4423820994004118726,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0864bf1e-7a32-41de-9bb2-e544adc740e8.tmp

Filesize
6KB

MD5
c5c6d9bc6ad4c1da2f863c5a7812779a

SHA1
f0bec209f84bb7d8b86b10d080bbe666dd1a1907

SHA256
3db57b632073bc7adf4e9f5284ac83b2afa1864205b9a1e15974cb1ec8407794

SHA512
d407c3cb36942e09386f0c4858fa4d31ab57fdb9d7ff796dc9c900715b4668fc098776619c9baed3ad56ddeb9d0001731408e4b12ada703fb0d385ca5e3334d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9cb2b5d1-d234-490e-90bb-b89dbf7dd317.tmp

Filesize
5KB

MD5
e4ae6bf188cb5248e06d258be28ec9ab

SHA1
a93fabcd5baefd88d2f5e57565dab6623329bfbe

SHA256
3bee620394f578d00fde32a8c8c1091cdfaf2481e7205a3d10ec61399070ef2e

SHA512
ea824d2615bb2e7b595245aaec1e6ef2be836b3288ffb7c48fb3bb324de26a1bb7b40f8aefab177263c3a21006215e68c80913a65acf18cee8d1976fa5bd611c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
201KB

MD5
e3038f6bc551682771347013cf7e4e4f

SHA1
f4593aba87d0a96d6f91f0e59464d7d4c74ed77e

SHA256
6a55e169bc14e97dfcd7352b9bc4b834da37dd1e561282d8f2cc1dbf9964d29a

SHA512
4bee876cea29ad19e6c41d57b3b7228f05f33f422e007dc1a8288fd1a207deb882c2789422e255a76c5bf21544f475689e7192b9a8a80dc2e87c94ee0bc6d75f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3a0dbb45d5e81beba65f53c09fa962cf

SHA1
7444be94b00438854445e666708ed2d193707464

SHA256
3bc205ab026b202d6be7053e0d188c19a5266e2ba99f366f32a0d84c074726aa

SHA512
698a373111ab369efc65ce649e37e3e690f459ab7a8d48bffd41cb5c9e1ed654bbae66ab627aef15f5f36b9eb9a92450b373463aca4afd98872a30eba6780825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7b28a76617e7c784e2d986dedd3db0fb

SHA1
474074dcd60d7b60b41266d47004b2977403538a

SHA256
981ee2b3038e4279ba33249796a052c326d57d0ef1f5ea4ac42378c87fa3932e

SHA512
d436242e8e971efd234b6720025d1972c9e5e23fed12505deae7556234c66afb180c4bd0d3d397ae74151ad5e3a5977e8dfb4fea0031e270daeaca7491a2f839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
20025eaea63d76572921cf6f41ceee70

SHA1
9f9ad96a003099190d34a4cd87828702297b7b0c

SHA256
6c190de73293072ab79d0418a6e4aa94fefa3c0f8c59a64c8c416bed93978a93

SHA512
3aab15249b3219723ed2ef5e713925d8cd2d64bfdd7ffdf091a6c16bd22a5d97ee60c7e66a78d55936ace94bb359501b1faa33161b980fdf15abf67a7cfd5049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
77a98b10be79c338659332ab0d2f7038

SHA1
671f4e3b74c67b2fcd8ea5a3874934c0f3d03cf4

SHA256
cd1d1dc3433919698c0cf3ccf0a21a92efd3e570b4ececaf0fa08bb1c89bce2f

SHA512
1eb345ae2120bc4d79665f38fa4345f1e9a081dea5171d1a190c5b6d223299d14db6c508cf7b965d65071b38ade26b194e88c872b4a2d0e996e714d8fd1ce804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3d95c1f94e032b445f7fce3df73a41b

SHA1
75a253824a431c4681e7801004082cd129fa02cb

SHA256
6a8a34606bd0b679c037ce551a0406141814a3706ec0227758ea43d14489e36d

SHA512
4a364f2b121158837008d67a74e9eb4c5fe735f5eb37772528ef0316465786bd751eda50b9ae11297398fbc2001f685f08b891263575896454beeea32dad45b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f15f5d6ab2f73fb222bb9a01daa3f28

SHA1
e6c3b0604181c1b2ed3d099206a5446ae7cef938

SHA256
e560af62b71be56ead1865ebf59a55949c84314af0bf7cfdb57e38aa6e057e4b

SHA512
d92076b0d9303f66614894178f1d36248da012d99e61908ad6a809a4b4ee8ef53f2324d3f0219e716c0ba6d3ae99a5639cf8baa492db521ef438d6468400d9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f7148af50ffe732325dc65689270f6d9

SHA1
3a732dbeefd01b96ab9619a03dcae4ca94a94a8f

SHA256
0a1ca6c43b88e0513a00767810209c0677c509b53e9e7def39e2bc248b41f3bc

SHA512
b88a7f6ed923cc7b5ca7bdf8660c9f692fe1d80a1391075cc84316205c7120e0cdffc6c7faa7aa72d52948d62fbd38d09f6835611155d797a46017b2b022ae23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
00e3ac336bbf9fd54053a629816db29e

SHA1
bb9784bd8a3d3a78e3acac483336c1fd5660877a

SHA256
96ec25084c5bea93bb432772defec368f3ff8a915d074e6a5bc2cdf4b1c9d3cd

SHA512
611d61294a1d452f99debd1fd2ff5297871b5e5ddbf5d61d865f1ff3da3f9aa2aeb0313b4e95a0269f6215e728b5e80ecaf5644a94f0b525cfe8f5efd83778d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5923f9.TMP

Filesize
536B

MD5
c5b47de642df3f3fdda9d8a51ec9c47b

SHA1
5d9572e9e1c3284990367c41a86fdbdbdb17b858

SHA256
79e7bc3039eaa1a075639a25c631d58cf97c20028440329c56b36ec994ac2c7e

SHA512
1af042fa3f2c104efb02e72be509e788f5aefcfd0bc2269ae243bb6f4f44e813871246837e7744bf56fb06fd45cf9096f8eb45ae0680158152a9a44c39ba2ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ed7f327ccfd9c67289b6bdf8a924309f

SHA1
8dcd717d723752f87ceb68882a8fbe86ae491182

SHA256
c1b48153f63efa0813c17646cfab3a42476177cd26fed05875bbbf863223e3a5

SHA512
5fb2f72a58cafd7b0ac12919e63001a4311504f1b4b3302eac54f0b1117fa85a3631336fd6a8f2c1ef1de5d95d9d0cf7bdfecb2fecb4485015c216eadb3e25b1

Download Submit