hxxps://we[.]tl/t-i53RpuVcv9

Analysis

max time kernel
495s
max time network
510s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19/02/2024, 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://we.tl/t-i53RpuVcv9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1328	msedge.exe
1328	msedge.exe
4392	msedge.exe
4392	msedge.exe
1848	msedge.exe
1848	msedge.exe
3224	identity_helper.exe
3224	identity_helper.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2148	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2148	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 932	4392	msedge.exe	77
PID 4392 wrote to memory of 932	4392	msedge.exe	77
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 4288	4392	msedge.exe	78
PID 4392 wrote to memory of 1328	4392	msedge.exe	79
PID 4392 wrote to memory of 1328	4392	msedge.exe	79
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80
PID 4392 wrote to memory of 2516	4392	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://we.tl/t-i53RpuVcv9
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc339d3cb8,0x7ffc339d3cc8,0x7ffc339d3cd8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,9836361279430045044,3297245585127953558,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ac94e49addbb0b2b78b1cc0c4fdc41a

SHA1
41dda9076097a81d24a814805f80979eb5736a72

SHA256
259e79a3a5696dd704f943a3146b6622715c38d269751ea5b90c4858aeecaec5

SHA512
9890dd31736bf96b3669a9ba135e029d02a0245e31795f71f15bdb79066e95f8d43233643a78e1a36780b6983d88a5a82f71a07eb91133d9319c014e935fc9fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
35KB

MD5
8487a1dc99763b0c7315c89dd844ef39

SHA1
5b1f72d1c1cda2e3013a23df75d5d2f821667d3d

SHA256
c2fd5fd0386b7465248c8c0dccf542696cb8c6123c5f62e154eb3a45150a9993

SHA512
4e841ed501c46af86a12805d1d6bc3e1313138bd148af1072a82d5c042a55cb55e5201405da2f4df608dd95f82c1833e0254c25f418910e2073d1e2406e05c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
58KB

MD5
1af11675d974b8bd4fc561c93fcc58f5

SHA1
969ebabaec548a02551a004e278cc4920a109098

SHA256
d949920ddc22a742cbe64e159fd9025ba6a156c4cf0f336ccd715a437dcfdd69

SHA512
1cf7c2c5534cab07b11dfe0485bae4529c00a20e09ddec7c09e93388d8516ce31c7adc805ed7ffe0279b66c426600adb9c9825bd60de9fbdd5943dd83bcd6c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
108KB

MD5
d8c5f02fd5eba36446f8bf18617fa358

SHA1
903b9db51cddc192f7bfae039781ae07fee367d3

SHA256
11ff5e789c11cac82db5b70b1279c2ec862e63108df7821c65d093835c87c79f

SHA512
4589485c23481f5ea682244a69d61476c45ede5806f5c5054bfb9ecee54717f900b48d679d73c7d65a202a2b702b07d4ef695bb56c80d74a50edb217de3eef6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0a7a6c0c4656c054_0

Filesize
173KB

MD5
ff182757a7545445a7869a504e19efa5

SHA1
d84bb90c78e8354d06e08c8c3c6f196e126af43b

SHA256
aa2a9ce0c83b0bb703d34efa071ec535ae0ca3efefcba43f8aabcfc429164876

SHA512
e0ab3b424610db60b964bdb00987162915b3297cbb3fe2c5c3186c5e69806ab7e45ea48758a5deb97e7ee940015b4bae044effb358f51cd94f2b242f18d8c510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d2b39d954c2ed5b_0

Filesize
414KB

MD5
e2ee0d802a785ee884a990a6e00c540f

SHA1
9ec8c8a7631df815a6d126ceb282a0110e13102a

SHA256
4512fb6a3d20ae4696fc479910ce5ca0c179e134c130a87b8283557a7029f6dc

SHA512
12258d651284360cb8f8bc1c3affeff90732d5da250e070b6d5244cd6697986f7244305fdf592691cbef0432ef2ca3ed074f62d0d532b23326966b140d481778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ae01db7bdde946e_0

Filesize
269B

MD5
db272274e1bd1e4df581264a66b98a5c

SHA1
f11681b3b282a07e3540da7390e259f9570d1359

SHA256
84cdf7d65b2ec0e2a320e62259311309c17fb9534e4e51a14efaebe341616226

SHA512
992d31593d03027300ad54cfdc0158748fa5de8ab58e75dcb1a148ee5d3aa79833622e48e10fdd1dfea6fb8c17be85d8e8c927ace4ea455e56cb379f01e6a959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
ecd01d9a3f7ba192339c3f368412ba32

SHA1
3c0aaa4b61784497211c51143ee5cdb09433d4a3

SHA256
8cda3ee040990c2c4a4ce759250b9e2bc18bde6e35ba3d3f24ea4cdf9fba2786

SHA512
bc28b757134383caa825085bf6fa9813c14ae41ac6094340d37497aeb051fdad96fdc5e632eee2b7b6205537372a0cc377a8751cba02527d658489ebe5cc3b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2540060c7b1244ca02fd324b66540d8b

SHA1
78679a83037f7ca5294fc605df4dc047170f1eb8

SHA256
c1d0a4289324d0183d016d566497edae2eebe65f99431812988ff338c1752509

SHA512
67d7902e54b013488d7006cd3c45ee7ce76bdda56997534f7eb9a044273b79aaa9388b00e280d6981873b9d4ca604da1865d53ce2fb2b91548ad4395a5bac39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0282f305b2167be47ff9d9b23f475adf

SHA1
bc705485d9b91b18c253a7c0cf6a09d588a25f80

SHA256
fbddf7e0cb1aa729ffda9f063f4373a2c858ec21a31f054ae536239b2fcb3748

SHA512
8561b46760dd4b427fa043d9f21a2b48a03fb06038d93d6ce746375eb6ca3d0eafb225e3d278be4022cc75171abe8b9678f7893c0a7497688a5932895577c1ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bd1a89ac9681082aee456d677261e5c6

SHA1
9decde9ab0ac9e19c20b50fb9d494bea74037b11

SHA256
40baa5b38aaa6e28ac0731ac031272feea4e9dc6934ce508b49284dca6e924b5

SHA512
6f3401fbf6b075aa45491800fab12a017856b28832f91bc4773964e2d5ac6706b12f69a1edc6c20fc5f03cf5131e77f56805a6db5c289ebced6d86404ed39986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c243cd81f6f802acc33d46a807fb8c79

SHA1
ddf3c93cbe8563ca6fb4120cd6bf06fca1e21c6c

SHA256
38880a69bae533ea75a6af0fbbc512bee134cabe80d08af926a063d1be0f4642

SHA512
fa4773041c77b44e86579269abec19b569fc1bf6b65f260a3ab6a655f28ca96839143e86afcef86e5ed9df7b16568cbe30fef399a8728cb35e4092f7ce69a79a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6c5c7a5f2dffc63ea70c5d4d8df65c2f

SHA1
56c4565a6c40bf29a9be3ea0360d6fb5f1bacb74

SHA256
bdb6161156944bddf541421b0fb839babf8d4cd50f969b2105653543921f3ae2

SHA512
6919471b33792705eb0f93039b4aae364767a5ee68041efff43a9334e5913fab73dbfe9bf3b8417cb2ac97f976ed500a4f1a0503e7f5d39493da16d01ac76b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fb9807c920c238ed0f91a2a2d515f8c4

SHA1
def928be851ac1a7e1bd744a3cbf3b86d0aba894

SHA256
0264f5c11ac1bb643f7832d22b8421e0c8832828e9401c0414a450707a29ee4d

SHA512
5e7010f3b3c92ee3bd8f62e9ad8f0fa478b2b50580da0231f7f2e61604f6407744c678a52e0503e14f603db0038e6dcec546d112aa370834dbe902243e4e983c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
26f7db756be5a94b8d778cab40f36de3

SHA1
24d88ef06672d47e7578f32e2508ee94968b8e06

SHA256
fb66c345f122883c598254517d3f90c5a362187c6291af3d8a19905d4965c2b1

SHA512
8c80face76ae98e4df9af9e9640daf4be6632518b7082a8358caae957784548c5dd7b7455d46e326c75b964d2a9847081712f94296051f84553f2d02e768c4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cb1e808f525be7c7165d9f7ffe6a0bf6

SHA1
253994113668426b888b4cda0afbdc90b494d772

SHA256
30cf305f57a9930095971854fb515627d1c4546fb82cef2fe1eb83d3a37b791a

SHA512
363c4d92aa61fb8e5739aa81db81252a8e55f96ad3adce45ea8b0093c93e971660175ad1ee7b07639a0717a22cbc88efcddf3e75a33e5c16879464410681f2c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
131dc85f6522b44cdba22b0255fd5491

SHA1
7c881ba882a3e22bd26cfa0ae94c022ed637cfcc

SHA256
b4d35baf9ba3490e4c92d2d7cea41decdc5564955fc559a079e5ffb212471b13

SHA512
b7aaa1fed58a210fd719a83f9b2aa38441d4e8e4ea31cf76ec5e0444b4cf33595082718cde8bc6e3773b45a1f7fba4e286ffe9a97c956bd13facf343df4a8d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7b02a293bac7fc0dc8860e6c49e2f440

SHA1
2f8f83a3d3c9d7bf7e6c430ea4777e93cf3d30b3

SHA256
4e55caacddba6a0b7e9906d17f58982f779e011187da58012c0a523f76995c45

SHA512
ff8b36baf7731a28fb8eefed87cc74fc18ccaf829f3bd05a837cb11f6303d59d5f8729c2bcab6bf2f926431155859ff29e61e95d676b5432cf9e1e606ba27daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f621ce7618fbe399e1be4b18f079448e

SHA1
6ed7dd85b298e743a2cb176a68955e3c4a41c3f3

SHA256
34752dbe01b91a5202613c1466cc74479577535a54c209dfe27dbe6cf54b0336

SHA512
ca3ca7a936a66274f29f4c3a903df31361ecec106b662faf8bbbbbc7dcbe7847e5422f7e127ca1a5ea9b814c5c35451e127c579e6ae225271eff134446e5ade7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
75b8c64d5218e38cb88a07998d17b121

SHA1
12ad5920c1ef496383c82b0ccdce74e6e2dedfd0

SHA256
223b34ecca1e3f3fa9946e7806c47b4a455a9335d10a06c8670de7725b0d6717

SHA512
e02f8d22e96a59763c48679f0b7561b22ebb958e783a4af7bd7abc4ab015625ae180a7fb70a96d13c03724f33ea5670caa759b11a9c0312732249456071449e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a90e35921adbcb45b0219f3e95674262

SHA1
c2dbef4839514f9e8db742002252c9a74a51526c

SHA256
78b62d4262d608a94c9617db3ce2a7aaadf220805ac7f6cebf0d156124ab15c3

SHA512
44f9e08c95c2627c2a41ff3b3a1e042c959d5d0c970b2a29ec8703ddb038da7172d0a47dd5fd1a3ce92612f9030153af26d56ef3ad7a79f5bb540b4bfa149742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
282dbad4238372ab6f996414676fa142

SHA1
b1723345cce076cdc21b60d48045318f079ad9b8

SHA256
fde08cc9c69e547eaaab0127b4752652e104dffd965a6f9f5e39d61d00e71fa4

SHA512
f642c9485673de013c7eb7ad0b8368792510f939390713de7cb47cee55025a3648bb89a19e244e91f1bcffdc412f32e19c1449590da7f34e71e807226277bbf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
41d4b951c130f955cb78c11d589b921a

SHA1
24d4ed8aa0be030475f81144b36455e3931c4048

SHA256
4c310350fbcc25036c711a862636bfdfedb0dc5ec8897a019ae4e7bafe0d581f

SHA512
a3f026f10bc00006c417af431cc82ead2f26bf93217fc571f3037569cfd3c44f0dc2a9cca417d0883eacca943c454057d27daabbcdb065dff058511f89142a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c0950fb586180b82425af86d6f6debcb

SHA1
481b50bb7fc08ebf60387727a497faedbea7ba55

SHA256
e6cf8f5ffc9e0df94423243a1957c0cbccf17b37e3497b9bdefb3dae42039053

SHA512
b9f8e9c87e67d41f95391024c97ccdc7515f513c8756b430d7c413f0aabb6709746a148d4ddd56e88e0e3113ce3e55f796b3829edab92e075645925273316b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9762a58998e4304ad44f4f8b1e5062e2

SHA1
769e436b2b449c472839904899a5db7b7ce1d945

SHA256
f38966cca274755518ffd3082efc4b34e3fe5852f01837c30651f92efc5c48d6

SHA512
e19e7ca000cf1f73f6dc28b3042f0ef9e824ae91b9e18a79dc777657b9579c505fe04abf4c31e7e2c3ed8f860db8af586b6358abc053a166df2e1c0d8a43154f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1492a8560fc3a5a2ab362323321a97a

SHA1
22a5661d490b90a095b7c820033852eca5599a1e

SHA256
25f6153201af703eefd8ae0835a26186e086f667e171a1a9df93e03caca08285

SHA512
f3c821ca2b7e18de94d5877e7849c8d5896a68ad98de4b3e0aa574ff19b5d1cecacd4d5053bf0a644ff1f565eebcb1260eca769a9dd0c286b2c92fc4a5825dbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f1a6e7f9f9df6c6c1e4aad27510bdc38

SHA1
d1519dc36fd8b25b1fd134f1659bf6c722650027

SHA256
25067bffeeaec75bcb7727fa1b10ba3e91b8f6f73b4a6e9c2b47ed61ef731958

SHA512
1a333a894628b50321eddd6d7e823fb85c2dec84194d3b8235bd894e96c4c07a486d042ca04d58405cc88d4f425de6c50c679794f873b0bda5328538e90d1377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8380c3efac0959634e2ec32e18f62111

SHA1
428a03bdf8da3ac935fea316791e2876a6e66718

SHA256
a01a050fb4ed8443d20b29c95ac6c82a351ea140bc78143369b1b37f994bd89c

SHA512
67148a91ceb54dfaa8e1155f9ed90f2619bef9d64c3fa58eb2f1adc5cd701513a00868cc2b3328d8705dd3dd304f645fd7a3e0b16dccc551e48b8f68aebf7a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0ee370fd0b36aa248467fe639b6efd62

SHA1
8d05ed1594e797f3b884c0640b394305cca30521

SHA256
7546533b63e8d119b7d4d58459a88b1bfeb060128844de5ffa9a2800a07505ba

SHA512
9f36083d5068d2b293bd459c8a03e7d79b1f005f7386dccd2df7599b8f94875bfb7bec715e8141d02dbcd92043c8dc621493939cae7bdfa96763927487bc261c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
01c4d530fd7f20fc20be6ebcdeb08749

SHA1
dae3ee4de89d3f5266761142a701884f2d17d224

SHA256
303c3a5acae0133eff4300ff6821b612bc0e74d6b33eb6487eeeafe08afb8075

SHA512
d76019806c7ce97c23855f14035e8d4c2180d91061a90457529202f6d4568cae4421150f4d0f1a3e5f66bfb034060651e6f871995d2bd4d8ff198f02a8e618f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
de21c0864a4a584b03f88db9e3d90ddd

SHA1
dce08e958f3fcd290fa6a370a7748f0777803434

SHA256
b57f41cb64da6c0e82dfa79c0f80c4bb8bd73ddc0dca8eee94bd0b7eac3aa0a3

SHA512
f3487ecb40ec352592abf6734d02226b52fa801c5b4b521a3b7d536dfe8294bd94d2a0a7b40c9c26aac79fe98ff0790f12093b3bfbb4099f2eecb0ea54029d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ffa95a9dfd4cac17c0061d81fb5f1061

SHA1
1c9b2537c12fa5a5a0cc57594d430fbe03dc2e94

SHA256
cd2bed264391809a2722edd4c1323a04754f3a0a660739547a525897aff6d399

SHA512
af94982415726ff07ad71b3f7a4143e1919c44288397d87d434622e2d8753d0022757d85fbc03f6113e3e1e1d4df3e77bb0ddc50b2aa7dec5c07071af1c3342c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3c1b1dd9a3866029b6a6b5a60729b5e4

SHA1
18a8e87038d78878c242cabe08fa0ef49acae962

SHA256
3b42e8a35475a453760ef017a215f5b5828ad2d88ad43abf2d8554463086a9d2

SHA512
665fa0eccd10c2f371d4f1ba3a925923c0f47638397e456cd5469cbffd2bd8a9b92b92df2773e21b3f5a2bb14bd306f02a5c0f27313c761df7157c5e7ba7cca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b16d641949f98e5b974df7c0c2ebee50

SHA1
6623d88bd449bee103c5d505e117b97057daa5f2

SHA256
bb0959c21d36df24bf94ec03cfd5a5d8eca1c403cdb7a5908857002ae67ea246

SHA512
ff83ee2b9fa19949fe1c97c6c971b0b368302c492517678d98bed1cf8788580d377e1ca0aaa4e04344619c9562bceba6d38da273b932b8295fcc6594c056f7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
90f6ddc2ce8f54b2eac5bcc1429200ec

SHA1
c52151c27ef4582a8d1ef30bd13c164300c023d9

SHA256
2979c7a572db18207773740febc73ad17a64096a4c76b7c426909331d4249878

SHA512
29180388875524e80cc030659f379188d364d0d5fbef859db4943c3d6fb3fa9e81a5a0c4c0641ed55b2e3d9f5560b4692dfd3b64eb41ee106456259aacc9dfef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ad830eef551f6748f686cd7d75b091f2

SHA1
cf7c69b93013928e70b880e06e65189d16e93569

SHA256
acb09f27fa684daec3e06ab979fa6e7fc28b4057eeee01a7685dd65841f6a358

SHA512
6cdd61437270d4f688c203578c1ed69c2b9b284278d34259ebaabe9ab808ba189823765da3450f8d69d6c78776020ad7aa595301e4eac0f704655c7c4b2423bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ae5dcf3a6ebde0bed8de84bd0f01f017

SHA1
c49de2e2b6736ee110007f3b7709a31a1643c513

SHA256
b31a14da633962710c24b6f215e41f9ecf6d3e8f19bdd3ec6203d4b4bac1bbb8

SHA512
fc316a14fb8c92d4da560322e257c61808f7b160d93e8fcc5cb0b80099a102a326b1f568fea2f0864fc913a62e9b82cf0d0bda0ce637e927ecb76880e3db28a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b0d329391036c345f1a39dd6ca241e36

SHA1
9f375eca31fb00f3e10b2916b69018d4d0d6210c

SHA256
2c9814edcbc351b92c2081c2cecdadea3e0f22282a0c0e9e23af88ca845e26aa

SHA512
2cbec93aad41e7fb8e73442960ae684b29b9c3c74e3cc514d8c2ecea2c7c7df21315f82dc66b2a30ac7eff50d5ef14a90fed0ece0181a738ebab3395f620dcc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
051ba145481f570527d0b4787a5afaa3

SHA1
11cd0da136ee14090aca5cb3a8eccbd008716a9f

SHA256
065b979bc71c7241d8a8411d94c2fbecdfd709a8f771710144cc9d70604791e0

SHA512
510370ff0b90247732d442b4d4492e317c3f55aac7bc6958a7019fe5f9072f902fd659f4bbfed77ea27a5a94f11fbb5d9e09cc42a23d4e3428fdb82c6e0abfd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a5daade55e4775b2be36319df88008e3

SHA1
652ff95d9baa34f92afb3bbca51870af8d26479e

SHA256
9f6e9fef97fda9eedca7f388528074e4333f1f497dfe94ee4581b460f9f62f83

SHA512
967d5b0f14a109fbe09955e2c98091a9d76cb86d7cabb90e8c3f77774b630653b4377efe5cff618c3980bba2f26079fcf6695e066cf1960f69335fac3f4d6e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dd75d01c801bc4b952a34db1d0e84919

SHA1
75f74b8570ab9188ac41a8929d966b8dbd1c5ca7

SHA256
4b29cefd17407426625d5925b5245c0913945a830fcc7192b27facbd4d72dfc7

SHA512
1291730f7a84eb4f1df157c61455a742167d20cd02328643ca2788375df0e0a9a85ae1fa6bebcb4039b6e5eced6ac86522719f199437c021323c83d917851dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
835fba08cec296e2e24fbe3000ef4c31

SHA1
c89eaba8d9a7119849f619f1e07cf2e57ca53560

SHA256
76631d4b81778912529b3e01a61455cafa4f481e4a256a65d84d5ed6e892de69

SHA512
0da5a926c8b825c2824b448092b283db6696229c419559a25e49845ce1ff6fb62f170f8cc620030212e9c92c2cb35063f4ae29ff53a9b2ed7f64bff077c0db95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cd96262967a551d27a1d641c4411e954

SHA1
5743735bf8d123c7ba8b6810e039a59b062c973a

SHA256
cb3c3cc0950c9acb0be95cd1769904da041df7bd740f4561ba9dec04caaea4d4

SHA512
8391af17d000e0865eb34d993cdd70dbbd8e1777b622e0e3a04dc934ef7acfbc80aa428fc02f7166984d57e306c7f7510159f5b1f9ca78b93430c62041d24aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
178665d27e39a402e164cc88eecdf6ba

SHA1
415e3cfe229a0545bb9f7e8e3cc2eab1fe10ec86

SHA256
88a5223622f026627bd1a6fb35a28acd131b0379f505b4b3c10fe2c7c92c32b3

SHA512
c2b7171aa1a17551e50a8ceb78a43cfef60d9ea928801b5d25861e9700bd8bb8e9e15400ab2efd4e2f9e4a24fbb28803317edeea60fc9ccb968ac9c0eb725179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
08b550e985c86e1f9856e6a96a38baf7

SHA1
dbe3010656531a1d317a25ece48e70a5194091d0

SHA256
6053034409d233de6d6b83e43f3f589feab8ba54a4cab053acb93570e52a708a

SHA512
2aec24df3858bab8e6d43d721ddcc30ffef36dba85bce5195de0e9fe5dca2edf0d8fcca31ce44604f07c1b0a1218232fc7863a8b0480e6955d47f26b7475e833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579e34.TMP

Filesize
1KB

MD5
84f0728cffe26aaab093e7407cf5f976

SHA1
0ad6e32412467c93931e5f56a50bc00ef3cce771

SHA256
df0f76d88a2fc555527fc494ee40c066ec8e5da5d38f8c20f1f23e94e6e93b45

SHA512
d948a3ad7986b49e5d38d08f917de73cc93eea284190cf64a3ab0c99247a2d1e3e27600d5806132b1196b4b78b6435822fc1bde5f6292018f8baef822f18fc3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a9a48c841594ff63c1472fbdb5ca3975

SHA1
36408e96fc31a13a6986ef71f4af84a30e65f634

SHA256
e830a7c97a641ce25209eb51ac989ffeeb7335b60d8a89ba4d6d0061884b0cb2

SHA512
487c3ae0fad8028333f7ca4ad56a29646fd6990d371c8a3879abc455b6ed7f54e6643c9925f22cae2b905c00fde68b65add6e8d28a3d84d67c20c27a633e8ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
da03f20471d22b9399e694d74dbd502e

SHA1
92858e76af8137d5ea8f6252ade6e208918dfb86

SHA256
8d19148016c621b4b57197b4ea39e19cb4d69e0059cea6b29130d5bca2f9d002

SHA512
6e1b7b566c2996012097f7b0da9ef48a17f3fcc300edfe0575f63e1fa252c2b49ea5956ded01a84d877c46a0e285aadf6df28d0fcf13e2768edd5676b0b62cf0

Download Submit