hxxps://free-leaks[.]com/s?eaW0

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://free-leaks.com/s?eaW0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3424	msedge.exe
3424	msedge.exe
4068	identity_helper.exe
4068	identity_helper.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 3916	3424	msedge.exe	84
PID 3424 wrote to memory of 3916	3424	msedge.exe	84
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 4520	3424	msedge.exe	86
PID 3424 wrote to memory of 3568	3424	msedge.exe	85
PID 3424 wrote to memory of 3568	3424	msedge.exe	85
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87
PID 3424 wrote to memory of 4472	3424	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://free-leaks.com/s?eaW0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91e5e46f8,0x7ff91e5e4708,0x7ff91e5e4718
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2866293081441406179,15102376244428769955,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x39c
1⤵
PID:3208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
26fc01c202e1ff411eb139a0a880a2a4

SHA1
1e21ed9312933ad03423fd27adeebddb165efb42

SHA256
4296553cfff57a6bccc777a6427431846d3d7b2b14bdcfac3cdca4e931851d4b

SHA512
5c9aed2692a7566468138eee1ed80a4864495d614cbfe4c519815129c159401712298c604fbb94e8d935cfb2a10c08ad488b8d7ddc7daa3e6c316d04b418b865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
50d9870250134667a19442097659387d

SHA1
36b78ba3725fa7f3b6d4de71e7c12246c6addb88

SHA256
25d0e677a43a3211b437a2141c1111bf8adf87469d55c4fca77d132efe78876b

SHA512
57ad840fcb68b5416acd48bc7c10c08550a66a9cb756e12f11520fbd5f5ae13275f306acb3f9281f640c4566d733919e3dc9289ca147b44a11a9fa844998610d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12cb7eadc4abab53d97a7c21598a24b4

SHA1
936c4776d515acf4ab753abde6c79ec047388c52

SHA256
0eec57490823e3ec80f7036949d626782296cebd0077e73f8112e679646ab0a1

SHA512
fa633e16da2417a4a78bd84071acb719058994798f2f3b30a5a8460eb7107234ee8c18c306548f3fcbf4ed875c1cd4229ddce3ad93dfceae770e309e831e418e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
341172f300d28d33e672ccc3cd05db33

SHA1
423c5b0c88156bbd72e387412e8d801f54e5babd

SHA256
091b18616b7c3236b78306edbba3f03f4be9b7593c34e87956e8519f4063a3d3

SHA512
313e626de6ca9e83b315b82fd2f5ce22c96921145f552ae792e5dec3587883bfe671e8021f9aa1e93fd8ede0fb23dc633980960ccee9efd13959405fd130e999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc41fc74ca3708cca0c773e9904cad27

SHA1
79436498a067682531f9830fd658f209d1944b49

SHA256
ba958bdad69b7c37324dbededefc5fe41590a883e96ad7b67820a95033f64c6d

SHA512
5e820bf7b88c8745d6adf6319e3a48677120db61dbd88cce262e7795b28d37dd93db6e5edf7b50627590d5d3821879bafc5162ace013a252df09151282339839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b60d7f6629382d5478057e581b9157f

SHA1
dc8a7b24d87daa12bceb0cf8ed07a4aa2ea6a894

SHA256
aa41135f69b735c8ca9e926cc5a792d5fd425ef80a084e796d26e9f2d3a08fa8

SHA512
15197d4480fa3fa4dd21ef43e6928b410ef54f5d3b95cdc9d9406407f8aebf71a4a1ab9e8e2791b2fb6b5743935d2361d7d728c91ab2388558c9cc5845e985d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4f784010968f0367a2758f5ccf9ecddb

SHA1
84ab5822cfd9caf8c99962107593cbf611c06c9e

SHA256
e87af9a5d9d261d3ca505797f43416a9b33aa699b27457849a2db01ce74aa83d

SHA512
ea062bb32fb79bda5f8378fe227bfc6c92800fa1ddaef6c06d7ac161a94b048f32f95b3751393e437283ff0053f0ecd3c73725d02fcc6b51c6398e357e60ce1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580eb1.TMP

Filesize
48B

MD5
b2189ec6c8aede434a9dbde10791ecd2

SHA1
44861629b836c8f23b8c1ab19b7bde8253d0f056

SHA256
e0a626ebcb0b7a418b1db7ed78c8f572d254ac138d2bee2ea9ebf4905eb509d4

SHA512
c05e47c9336f765ac319da1c354c0f225274a746e0eee063830d82c79d63c041f1e8f6e8bbbafcd8bc5fb683ae9550728da787f3e0c366f7b958ea1590dab305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
4893b8458af0a05cb0711a1c48fa5bc7

SHA1
f084bb9941cb0e12cf79544d85a66dadbd029bfd

SHA256
e534f2337f213bb2463729c6d7512da4b2645da2dec32f4b4766fe3c7a21fb3d

SHA512
faa1a51e18d8eee5bf9cfc15cafd6859d09c0bd8eb28f398b635cf707e5d61c67369fc7f83aac65d05a06352c8141e12cb16ae206c27bda2aae70d7e707fa50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d810.TMP

Filesize
204B

MD5
81e38794c780c8d6cdbbc776d1576eba

SHA1
2e3ef8255f97a8d344c79a1237c36285859a25d5

SHA256
3b058584f25d4af838162a155328f920a24a25e868b23527ca68dc23f7169f6f

SHA512
60c9774dabc9051f8f70182a16cacf4a7414a3a8ab3ec75b63fc01bf45114ce8beb2e4b8cf37d1c7925771330b1a2655a2e0976cc9abe1dbcc388e07ac71a3e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
14bfa5cfe726bc6c8df51eb0f5a12923

SHA1
dad6d3134532060e64122bac645c80d236428fc3

SHA256
48d305c5568fe03c95906ffed7a20e125f64bc6d14624c683071d3b6b923f9a5

SHA512
02cf05173264af72ff650c2845c5c56d603f318b8cdbdee39e70a206aac9b5a984b718fc61a5abf06f94d861af9e816105434aa7dda4a34154e7b4589bda8fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9bb90b33d83267bdb4ff98c9f15883a3

SHA1
07e1100c8ab6b7dd755b44d9addee352d51fd207

SHA256
f6bec04de5d76b6583d9c89a845c610f1ba817bf9d5216e35cc79189e9e6f646

SHA512
711c3c3f5ada5d6c885ec4ccef787b3d878916f9392929944596ef175c34376ae7ca23e4b92a8ea00627080479fa02d28cc973be853525227ea7b5e13f501327

Download Submit