cb6792c1d678fc246e6ee88151136a6293ab3d7383e321d48deb9eca98160121

Analysis

max time kernel
146s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d3cf4bad6f5d92ed6bd82210f356f37.exe
Size

78KB
MD5

8d3cf4bad6f5d92ed6bd82210f356f37
SHA1

e652f1f5fcbc83b4135113ef21446f4e46e4a756
SHA256

cb6792c1d678fc246e6ee88151136a6293ab3d7383e321d48deb9eca98160121
SHA512

0e0953628f31e198ca4785ae33d749ee8e65a35576b2b6c2222d75fb1726c9fecdda64b27b46086858123cfe7e08d407842ca1699cbf9e2d0eeaa9139b6c4294
SSDEEP

768:DC5qVQgwBcxcYeUmoL76iP98LhyvXW7yDyUtczVQ4kteCfutPQQQuIf0YNSeffk1:m5qVQyh9j7EhyNPkgAguQQQ4efff0x5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
3276	msedge.exe
3276	msedge.exe
3736	identity_helper.exe
3736	identity_helper.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4604	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4604	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 3276	1152	8d3cf4bad6f5d92ed6bd82210f356f37.exe	85
PID 1152 wrote to memory of 3276	1152	8d3cf4bad6f5d92ed6bd82210f356f37.exe	85
PID 3276 wrote to memory of 2004	3276	msedge.exe	86
PID 3276 wrote to memory of 2004	3276	msedge.exe	86
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 3312	3276	msedge.exe	88
PID 3276 wrote to memory of 4916	3276	msedge.exe	87
PID 3276 wrote to memory of 4916	3276	msedge.exe	87
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89
PID 3276 wrote to memory of 2236	3276	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\8d3cf4bad6f5d92ed6bd82210f356f37.exe
"C:\Users\Admin\AppData\Local\Temp\8d3cf4bad6f5d92ed6bd82210f356f37.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://br.youtube.com/watch?v=fGvApowIu_I
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7ab246f8,0x7ffb7ab24708,0x7ffb7ab24718
    3⤵
    PID:2004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
    3⤵
    PID:3312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
    3⤵
    PID:2236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:2404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:3000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
    3⤵
    PID:452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
    3⤵
    PID:1540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4220 /prefetch:8
    3⤵
    PID:4384
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
    3⤵
    PID:3148
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
    3⤵
    PID:2404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
    3⤵
    PID:3512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
    3⤵
    PID:4852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
    3⤵
    PID:1600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14388871616666279318,3079782072733066920,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2388

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d0 0x4bc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bcaf436ee5fed204f08c14d7517436eb

SHA1
637817252f1e2ab00275cd5b5a285a22980295ff

SHA256
de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120

SHA512
7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
34230ace7d7734fef466cb1b54d02985

SHA1
28a5299a454725c850dfd0959236bb6cd21494f5

SHA256
9f1592dc5dbf48e8bbd5ff650fc8438b50b2cfc5abadd8321d6b287a9dc079e2

SHA512
33007a11986e82c5bd296db329fad1e160406288c7b905d0ddc803c19c9ee006194f06cadf0696ffd5fcb2d2fe01f2596fc7af4749fc45df9f264a2de996ba23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eacd654a23fb9b1014f298638555f537

SHA1
befe45c70f33431c5348c9ffa2f89189f60033cd

SHA256
60b4666bb8245d6b2721adf0a7b10bad2322c277b24f481f62cb41fb57818ea3

SHA512
aa1c02fda44241ae3feb8ca14af5f267bb1be33ff17d228a56e6a89cbd2f2c5b73bc788fe04827d6e2fca28c3781bb0558531170aed3e1d4563901affd3152e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f21a764ce80009db86be8eb42844f246

SHA1
dbeec6548a3df8acb0c9f66f2497430e54786093

SHA256
dc1489b0b69fdcf731d9463bc4fb43b94fa6215979130c8096448f34066941fb

SHA512
e476eb4a7ec629c76de26889c3698faf053af2ad76189018a5223c8b61f7aee86bf0cd2cff01bd117288ad07d7c969a08448176c37a5aae18fea93766f226584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
137f1752802e27b2bc8ab2cff2f1cf4a

SHA1
367a21255b0c7bc9f6459d706646eed804864a16

SHA256
e74fbc6ce77c39645dd5d865920a0e8bb4d9183596b7efa6923b269b304a598d

SHA512
d5a01ee38fde592223cd6ec798676cb50f1da3b1acadd97f5d7ef1277d95d48eb8a0982d22c07a06a1b999846ac297e8613091bfc8674d93d4023374d26205f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c7b8615e3f6ac13f630498d195eb7e08

SHA1
83589c7d4613b30775d0ffb46adf04fd9d28862c

SHA256
d3554c8bb97c529143e2573725856753a98a22c249ef797fade1ab2177228fae

SHA512
190e37a272f432f9b800fcf59eddc4c301f8955c35def461dde8b29fd8f95a21290bdd266b9ddd0b6c03a7ffd729684ec5b2fa5dae270474e7b392482579f8c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b0ba6f0eee8f998b4d78bc4934f5fd17

SHA1
589653d624de363d3e8869c169441b143c1f39ad

SHA256
4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f

SHA512
e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1b14de3b-8825-449a-a82e-3b844bea186d\index-dir\the-real-index

Filesize
2KB

MD5
6f32254b22fe34bffae365eff487a31f

SHA1
e26047fb79dda3f93e53757e1a42b68d06d19598

SHA256
c9b2fcaa74eefe30ee5a5738c4a7220148b8ea5bee1f4bd9045f90107d8772f8

SHA512
fa2e231fbdfe7d04e8e58b9cf54d74f89aceec823079a3bbddb36cdb8f43faa590a26add76f17a12b1ba7687c1cde2edbdb76cc2f2d77cb44a5166df1ccc26af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1b14de3b-8825-449a-a82e-3b844bea186d\index-dir\the-real-index~RFe57c004.TMP

Filesize
48B

MD5
8e01878d3e6c4b8efbbd3dbe916bf7cd

SHA1
b0ab6aaf1cebe4013f819cd64e61bc14b7236afc

SHA256
62916e541ba384cdced30ad3cc1dad3befb752d9ec81c9e4cc9978cf26c27711

SHA512
77da9542b1523ba9bc1cb8a35a4ab6d8a8e9aaa1d9de6b72629dcf2c953fadcf0f29f90e3ed516c6c76e149031c0e4df59f355b77a9e715c62f77ae0d37914e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
e21d28a2a2465225fb290cc6f7dd733b

SHA1
1bd6e984b88852d7076ddcbbec0225cd96cf8627

SHA256
950c95ff3938e97e08fb67a20fafc7af200911f058c997934dae47289b13b922

SHA512
9f3c245bbfe024152ebbf733870901d1b0a768e80547c494db0f1782c1f4ce0fb6b4d321b18448dd23de3d571323833ceb59dd4755018c2d1f63aa232d41ba05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
e5f9ba7a996f056da4373e8a39301b16

SHA1
40e920ce8032e1f7c808f05e6a7d74b4b46258ff

SHA256
5df895c3986257043bcc0e547f4a34e8d95df817acbcfc9c3d6aa7d3306666ea

SHA512
2ab57fd375963601cb4174ad2b2e098d295b1195e0674c39f408aad35a643a9f203d21c363e1d7e4b9f01a0024ba7fff561d237df33dd3353f24687849a2c3ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
aa6073a89d7615d40125c1f58d97f809

SHA1
a0ce4f89bb2a7f9c156c08c5e52cb37bb92c330a

SHA256
30370a053d80efa806fff66ae35759086acb6291e749709be7e7bae2c145a453

SHA512
704559a4dabe85afe578867b66dd87867b1c635ee162f4bc075769a46bdf97f43442ec42752f372fed024054fdc577c4b239c67b8da2af080fb78742fca36d6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
17c0c5d28d060f39ea2b7c68b0bbc0a2

SHA1
4d9f13fbb185df5bb5d26d2241178c9c3fe98d87

SHA256
70f42602100f769aaf6d26753c63903725dc36361f3f1d0309551cbd04260819

SHA512
b35ad557ca7a661988cc12f788fc0e5280f5213378628e6002aadceebbebb3c6c57e01a9a201acb31441329962e0a7e39265181312fc3babec22800d73d53088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
440f76ba5a0b8d35a8cd6afae2d93894

SHA1
6c32f9d678f2a951974eefdb587b590802bbbe45

SHA256
73f0751343ad71bc6f1f0ff439c4cb2ea5a283334e478c94898385e5623a7ab8

SHA512
14b1b21115702af3fb0e18475dbfa2e7acb0c69e5d8ad9b2bf53f631cd98b6a2d02de11413390c30f45edd296610e9e930e9bd2bba75309ed71a15f4a1468a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b49a.TMP

Filesize
48B

MD5
26ca518f93b8c1bf978b9d87e6ff180d

SHA1
d9abc41d663e0a00528b338461e2d44ce2c77393

SHA256
ed54d340d6db78818edbfea836ca3c3a4d62382db8bd60ac6d6efda41f8217a2

SHA512
4c54759a4a0a18c716e9239afcee99a2de6438e5baffb5fc8b13c44d45a9735f168fb29285b75c8241cb6a59e9953fa7212ac018589abe9cce298ea7f7ea1ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6b207caa37c324b7510ede9533a572ec

SHA1
3883d1b0570f8b8a406546aec9f7134ed4cd8fb9

SHA256
93836a3843f96acbb04b4273902495a790e28df9b5f43ae3d06a1ebbe99a7c3e

SHA512
f9b2d4e21cc3c3034c13d46c4c679d740699723677345550fd3e79ecadaa0b49fc1422bf382b395e1d9bf3c7fda6a3705d57e6297b082db138914a2c0817d333

Download Submit
memory/1152-47-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download