hxxps://thesynergyforex[.]com

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://thesynergyforex.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4940	msedge.exe
4940	msedge.exe
3348	identity_helper.exe
3348	identity_helper.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 3352	4940	msedge.exe	39
PID 4940 wrote to memory of 3352	4940	msedge.exe	39
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 1352	4940	msedge.exe	89
PID 4940 wrote to memory of 4532	4940	msedge.exe	88
PID 4940 wrote to memory of 4532	4940	msedge.exe	88
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90
PID 4940 wrote to memory of 1640	4940	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://thesynergyforex.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe4,0x100,0x104,0xd8,0x108,0x7ffe35d946f8,0x7ffe35d94708,0x7ffe35d94718
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3204089355466662748,5894016538786204182,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f246cc2c0e84109806d24fcf52bd0672

SHA1
8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

SHA256
0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

SHA512
dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
44756574649f89c22e59853afcde7076

SHA1
6bf288608c86dda18181367ad32b354eb2b8b5b9

SHA256
a56462f6c6ffbdb53eb4e32805f21afd7bbe0b51fbedd1f857407c05e66b4e5e

SHA512
bbc4d10cef9a1b32f7f6575cbf629ec56317979d37348648c64994a0fc2bf393a5dfe06df47ef973679576cd0bc685e65314f6bd76b5fe31f824e8adad786618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
ac34ef49651915b5fdb89f6546c27a8f

SHA1
785a17e33a3915a740cd582993999ad34d86acb7

SHA256
284f0cefa97db5dbe55905ca90a74558203daa17ba5e83eb346dd22186ddc0a5

SHA512
d5f9be31116ab7792dadbe7a0141c0f9a85f1f4a0746bb0d1e057e5c0d434b163180a263bfdd4f73f9852710c8c3a036a7726e8b893861b43ae10bf3e891c28e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
51cd861f981df697458c9b62d2bcbbc0

SHA1
63440c564f131a28f85efcf46784bd6d41468684

SHA256
6f1ac7e3751545b60522f20e060a8d20f27ab7d1819500b3fdd96fb372e65c36

SHA512
1ddfa4d7c2520bb4a47722f721a19b8322200b4a3c5a12aaab730ff332687fdc0c17595ea9e5c4295bf994e5528338d5b11e7a940a992a5fefc611964550f77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4380803d932ec0e173c9ccc23a779661

SHA1
62fb6c22e32a59ee86f8b709e4757759ac3ca4d0

SHA256
14c5cd9a1e77b5fb568769a05165c20012eb84a7e1be9f8d0e7673d24f328672

SHA512
d31443fe7438f029e373809a1b9ba7d5b5f909d171a0cacf3e31ae3abdeb55261be31781f6ea7d6539545ef620fb02386012ec780067ab27cf07945b78b71b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8cb7117b78ad17fd701db7c5c0d1dd14

SHA1
65535a9ce90af3250c730b31245b38e730b66495

SHA256
7bb7cd70be1de8b07bab6e4a3b21a271031726d96f30f2a3ab2b0e4386197e67

SHA512
1db54da151486495bec7a0091d0307a09deb9a36ed508aaa83109ba274cb5b3b42997e546a34b64b20b30f8173816de705921707b27fdbb7de76898dda68640c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7cbe50c1411dd5220e2869741c05a0bf

SHA1
24cd33b73e9e6fb6d9fb09c982f9cf2efeccc027

SHA256
0b4e8f14845fabbbc293b0af5d5f7b25e878083d176102e39505ba0a783968b2

SHA512
c3c4be6203b1572a5703f5c27a99212ba58ee45303a6ac76d6f5f9d999c28b1b81cc02b4e90bc758fe86bfa4b751ea7edd982b7e8a114092ec4c841df884402e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1c06aa97939e0b9a275c96666f7297d

SHA1
491ce4ebdea946401a063b7de5c67739417a07af

SHA256
f4ee8fb5a5f6624d367f680da866ad3767f6fd098ec32e1c52d1ebbd3db4b8c7

SHA512
1ded3986305e8c5664b37b16abfaade02dd819950ff63054b077eb22314501a998a16a3d55ca61a6986b1aa1517c65c7d36a0eae5a0e841fe79f7d4761e0733b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e62a6848f50c5ca5f19380c1ea38156

SHA1
1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

SHA256
23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

SHA512
ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3366c01fae964acd29cdb15923f31813

SHA1
bd97b1a7efdc6f6af86b6bc99a6a6133919f0f15

SHA256
f0e1d54a86d1bb0689b03964841d1ebefe71c234b81f468def49665c87fae002

SHA512
12770ec954f71c819a0a054adb3cb076e2e2fe0c83c748b220977f758274c24b8445d3eecf24ff2439b17238503512b65c6b2eb80b1a3b0ff60683ce5b9347b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f349.TMP

Filesize
48B

MD5
638581d56cba14c0728dff8b604dcbd6

SHA1
0dd4d74de573e3c6ed68ac4c9d588525af3eee20

SHA256
caa6dac9ce159ac8f116567fe7c3f55da3ca24afb5a381ffe593f319f49b90b8

SHA512
1c4a0663fe140022d4e0ab54f01d8c52b87c4984fdedc051440d83e3cc4ca789de6bad9e81fe801e102937fd28b5ec598e2642345130c12722d3001da7b5b9d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
50274539114fd375e2ee910dbf579d15

SHA1
3be0cfd64dc156ab3f841e8a05729db6b750806c

SHA256
61beb80d2cfd1962eb29903238deb300cd81fa7d8b0f9269c756d39d9e5e8c06

SHA512
46946bff6d9cb6b891fc6a17a74905038965eab31d47a1b463bf7d89a60a484133f0bf6612cf4e6125051433e2f483c13d54fbf19b57f05af769c33276c3795a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
42209c0ccce2eaeb28c16c0ed32c6c79

SHA1
11215855410be63d008ebe21b5be585a629e4ccc

SHA256
7a2b07fb20437d2ea8ac96b9af9caa5bef0cef3582bc46f8536941670808595d

SHA512
84ace9f1c4988b0ce8169789c7f651eb5e8d699b0220a1c14761ffc42703fccd7868cae42e116aa708b3bcb391ea62e6a54696ee5a22b1a57f0e4049e53fe1da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f52d.TMP

Filesize
366B

MD5
88962b061ca19f52392c17ad51e3b202

SHA1
49c8543e8f8df3abc83344d089cfcfab2a944fa3

SHA256
ffc21dbcca77b1e46a9405072d515f8a2c2ad77f58fbd383b1e9f9493c5e5c9c

SHA512
f8141e4dca3329b63117c7f14a628510174d2275774379fba397dadf6f5a6561ecea2ad6a4ccd3a5239f96ccaf98568d40ede418d227268cca785fad6c1f5048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5f8ec33c61940fa7d8231ea1581cdcf8

SHA1
d8486877bf05f7b2e5a2243041764639439c1b27

SHA256
a87c289176738eaa0ebadcc2bbe411ad143a7e8f1f65b8986089b053acbe2226

SHA512
e3c883aaaa0811b659bf57727e644b8cac76bc4bca2c14dc5c2415654123869e4aeb2e3398934192f67102682140b97217d8513e3fa22dc052c3ac90ba779a6c

Download Submit