hxxp:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on

max time kernel
707s
max time network
661s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
31/12/2023, 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1184116928-951304463-2249875399-1000\{9EBDA1E9-E75E-4841-823D-71665A5847CD}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
784	msedge.exe
784	msedge.exe
2920	identity_helper.exe
2920	identity_helper.exe
5068	msedge.exe
5068	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 784 wrote to memory of 2104	784	msedge.exe	80
PID 784 wrote to memory of 2104	784	msedge.exe	80
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 2228	784	msedge.exe	81
PID 784 wrote to memory of 1188	784	msedge.exe	82
PID 784 wrote to memory of 1188	784	msedge.exe	82
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83
PID 784 wrote to memory of 3644	784	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff828373cb8,0x7ff828373cc8,0x7ff828373cd8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1736,1971569709025896085,15472945869785622674,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:2520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dbe72a1f5827efc08f70d06ef815d46

SHA1
6aacd61519fce53ecb92e5e61207a6c29c01f47b

SHA256
dd673404dd6deb2d2b331316370fd05e47c01b9dc489640f05b50898d536a6e3

SHA512
2e6115ca818df5f5b7985caf3ce2324e266b376f6180f84b44e9ae725e037a8456c2cd63e22b9750e2ba27f4c7460dfa429ce9910517a728b056e5f1e730e25a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
c33c3755c9bc5c370e51bd72a524da35

SHA1
7b4d2ef2b5e0188562afcd4c87060a809a7d2919

SHA256
e30aeba2b555fe999989e290128024451d7b1bccd13060ce16990a39937a3113

SHA512
7c656b1f7e9806208c87b1f22d27f07f400c5bdd3fd258056a4046c7999d4f83f6c473800b09e36450eff9ff9dd86d045eedead515aeb4bdb55e9d9889e90de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
23KB

MD5
b7f2753a2d9eaa78ab31f64052a1e132

SHA1
0f67da6d1e4e4cd474ef4168d1296d6a55de0a1a

SHA256
6afda9f7927a4986d4b4760c1da41074295fad1232b5130a9005474a0f5e3e4e

SHA512
587794699751514a0d8baab34a898be8cd5bec6fbba246adcb27416c3762aa63099e2dc5780669c09a7138d2eacce550bc5f3776b45f44fc2b676dce4dead432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0cae4e2989250371566f12960f9d89ed

SHA1
75a81e023ad921776095c0b6e9bb752a0ee4c41d

SHA256
4424c417659e3aa4921df787c3f1829427601c5d3e2948d14870426fc0eafb71

SHA512
a665c6ac642109a633cf59862eec5180ceafda2df7dce5473ced3800dd935f017de4055693eeaad0143312cfd86d9ac3212aa7007becc8f8cdd33361ad49ae8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
484B

MD5
87d1b1ced0bf1b32965b0f8cf31e2f2b

SHA1
4d50c2bdf16636d4fb8a942676ec7da3e0dc9ec0

SHA256
f5755f6f3c4921ec232bac3fa6cf9583f80cce5da4459cdda128ad42109885e6

SHA512
3cbd4612be598d7a63b4e2755b7497d4f15a0d797b80337862f95affda3ea40805c7ad766f3e9beb38e2e221b5973b7ae26faec68b3d6a92070fd9641f6dde2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f9a343f71508dba08c614a765d9fd02d

SHA1
4e194e6e2df65b2bffa7a9292de3e228eb7e949a

SHA256
92936440d2d374140d585c4da17c7bd07f5eccbd2b227ac64e072118e8538910

SHA512
a6795514a2e1a9470f3ce0898b4c7d99b838e596ec4eae7e022ecfaff22f448bee678e76312eb4302e2a805c6261fb24afc426eb5be2365d31c83c7ed1797866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6ce03c30a6a36c4f5dc35a8e3bc110d5

SHA1
5e5baa5123bd4c06847eb0877db4f162c862fcd7

SHA256
989e0cdf8eb46f3b8aa132ccea51fc8e04c438ae59f1270d37aa2547c22f7055

SHA512
e0bebcdc1eacc06b186b08354cc50bdc72ce6cf61f6e5fce1122bc8abd17cb93fde41291b7b0e863d5647cda31190ed8d609fbc86da9677a9e59dba71b13d444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99a02e4731e34fc9909a62ba5a2e8a76

SHA1
d52eb5c0b3eb385219b83273a026baa5f19dff69

SHA256
8c2647ddc5b601318e84b7e535fbd6617b44c10025e9988b2a87a841eb5e30ea

SHA512
ebb66454dd7757b4c414d48be1af3fb6e18b6d1b5fe5bfb88d914188c2ef0b4b56a217486f3aa7e1e2b2853d75a779ad8e3906cd2facfea5f5869148e4b549dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6d403ea7b3ef622e71f650a60e05fb1

SHA1
d10cc13af1c7057dbd0593095ebae3a6c51d8e24

SHA256
4c90a7b361b32dfdbda71e9f78359dfd3d9779d9028f22df283f8daca8ed0d0d

SHA512
dd0a36e0f6a2ce129cf4e1e6828e98010bb7bae75850bf9be5aedcfe95159a64c6accf5209c8f7f32f44f4d9a4f1617030cd2a63590b40a4c885d8290ab66e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d70e37ba27c409c637a70061a53df2ba

SHA1
75ba76bb57568f6f673728487b10c9fc8ebe95d2

SHA256
52d9799375d7aa46bdba05929da2f444bea2ca8ccd2420d1ed4c0c7ca7941f4c

SHA512
ee091cf99e1a981262340c96d9be7abb0a8d0c2442ef95ef7675ef16625e61cf9cf0ae19c021692f49ea4bb2bec166137a8b25191e9709637626b3f2ffdf75dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4803c351cbcc6bede4115ed006e85d78

SHA1
a3ef989968958551fc6dce2ae82391b3aa194b02

SHA256
d99b0679f4e49c049f071bd47fbd8c4a866a52dc1aefaf6313c91a5f9b5f5baf

SHA512
6fecd2af633f6f603961bd236d2d555da2ed7d262c55aaefda2e0834f6c0e76d82b10f4ce7b52fe9c2861d3a9c42afe104843ceb357debb752fcdf8d55ad7149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fa943134bccd46919fe814baaee8a6bf

SHA1
af41ce6d3b8a76c04c619eb7df46e4190f189eb7

SHA256
e2f69a8d08966e82388d2383cd956f1923d391696b88db42287143e7febc8f46

SHA512
e227ab3bb041d57b78fc6b50bb057909a06c7075af34f6d205c2210b06d760fe8c874455b63d7d3d5dc9a4682652663792c43894e844f80d84210105d3c17db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
e5477be1e6c4cc9f570c69a84dd4f681

SHA1
fdcbdc83ccfef1c270b927c6815e641f6d96a132

SHA256
f06ab204d1d24ecd2d13e473bf807a8fc65ed09114a227966b4a308bd7eaa531

SHA512
24eb3338f0a7be6df183c5d5f22831bed07ce0779dcc124e805364a128a08f571160a6809556cd1de323c9d3cc64299855978967c8693b8324cd9bb22f5ffe14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
06c3ce232851e08a284f22609523eb8c

SHA1
f53404a10366f9caed3937749271f0eab9dd09aa

SHA256
553e1809d16a0ec5af7d3456f1a52843aa8b3f84bbcf9e6e5079027be7d5283a

SHA512
0c8836abbd39263d8635538432f403b1ab4ae7fc36afe549da4eff0517fa5693a0f17ac19b45e2c8da1f25a493cece878ec7d332ed58aa4e2c2f9486c4c9e40f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e4bf1be20e3105078a684d4899cdc8cc

SHA1
6e3dc3879b463ecdee265f5ba287e1b10f00a7e1

SHA256
2016f71743b34a3a44553048af31d5dbbd9b6d7395b6157751155cfbf84d69fc

SHA512
21146c1a0e40a565248f668e72705bdc1d840aee8a8358b915084d52dd970f73f1205a770025d2252458257f110f612b2f82f90eedec85e5deead4d75fdb625a

Download Submit