4e7c224b406e6b9623bd4fe627215bcbf017d7c29244cf86536c702af23ba573

Analysis

max time kernel
145s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Craftomation.101/IGG-GAMES.COM.url
Size

196B
MD5

882e17d630d74b64a8176e38e2fadf7f
SHA1

d6652d568db451c03b73eede688e0124e2d54ebf
SHA256

6d905d76e7d807c5831231d791f2510160dd56018ae423a037e7ac88fd19412f
SHA512

2baac743dabdbf133583c4d500699673e0bb2b2ade89f0a660eb17bfb440f1d74814ade3b82eb07d776f6a7c1b1975f25c6c1c500edc589897bc304a9c9fb3b0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
220	msedge.exe
220	msedge.exe
2280	identity_helper.exe
2280	identity_helper.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 220	2288	rundll32.exe	86
PID 2288 wrote to memory of 220	2288	rundll32.exe	86
PID 220 wrote to memory of 2948	220	msedge.exe	88
PID 220 wrote to memory of 2948	220	msedge.exe	88
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 1240	220	msedge.exe	90
PID 220 wrote to memory of 4420	220	msedge.exe	89
PID 220 wrote to memory of 4420	220	msedge.exe	89
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93
PID 220 wrote to memory of 5008	220	msedge.exe	93

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Craftomation.101\IGG-GAMES.COM.url
1⤵
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://igg-games.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85de746f8,0x7ff85de74708,0x7ff85de74718
    3⤵
    PID:2948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
    3⤵
    PID:1240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:4848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:2792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
    3⤵
    PID:5008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
    3⤵
    PID:4812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
    3⤵
    PID:2380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:2212
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:8
    3⤵
    PID:2684
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
    3⤵
    PID:1600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
    3⤵
    PID:2592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
    3⤵
    PID:3504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
    3⤵
    PID:3304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
    3⤵
    PID:3124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
    3⤵
    PID:4088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4882795510087118682,4567450899448041263,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5512 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a65ab4f620efd5ba6c5e3cba8713e711

SHA1
f79ff4397a980106300bb447ab9cd764af47db08

SHA256
3964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76

SHA512
90330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
854f73d7b3f85bf181d2f2002afd17db

SHA1
53e5e04c78d1b81b5e6c400ce226e6be25e0dea8

SHA256
54c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4

SHA512
de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
293f1056c57a42f2740a65c13258947b

SHA1
628e97b79aae97c0d90942851da72f7471a68fb0

SHA256
b0f34278bd82787f08a4695b129ffb46bf894a0cc36b9c5f0d416791947c9f6b

SHA512
935d49efd95bb8e07fa49243b371d04d6fc33ae74bfbc333fbd578ecb73a4f2c19adff98c69d97fa8cd9c66e66f6c23dd43d50f9fc870b14911376fe3a827b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
2d9615035701b08fad982085472cbf95

SHA1
e100ef61dc59957a7c85c5b1e244194670c1597d

SHA256
a36a51bb914658d29ed54a7fb24250f5a4acffcde3a4f5a3b32383e47cd614b2

SHA512
019f362b5be36d2cbb5fc321dadccb132a71594bbb6270b40532e2064c26127960982db54fe1c9e72797ac392d6fe9a8b5f774bcc3031536a7d2f4b20970f572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b7cf39af31a0604b8d4830a9c707c40c

SHA1
10392ed6ad12f334a976b62327fe87fa7b76d465

SHA256
246bcb28e3fcc1e2cc07284df1262cbb67fd48cf22913b228afe544d4ae66364

SHA512
f7d5e52f1d6b2a8f9dbee2c051eedd64f5f1a7262032f03eb82dbd8b77adb2bf6dfa33dddff2515293a79fb802ae8fcf2e0931ebc8b9ec002e694f382ec8db3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5506cfeff1dbbade3b298a9edd753756

SHA1
6b655718dafcfb2e112334b966656fbb4307532f

SHA256
26bada5b7bb6667c2afa9aa9554cd6cd7cbabb402f22dd8a31d37129b9fc6015

SHA512
051af49ef3837f947c80309659faebce34a596a2ac1fc545ee09cb182ef6ce8b659a97948d9c56cfdb41a2895062ccd9b963445ef4a22e9b84710efa9313e109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19946d2d97fb341bf8173fc13724f74c

SHA1
6d8afae601f5b3f04269ec1d5a36b41f1fcbf3ee

SHA256
e355eb1d40dc616831db3cd9b86ee308da5003e675cbc54f13b3a472bb0f9228

SHA512
537a138fa116515062f87e323cc797b32deaf0bdb04b10d69cf47d5446813c53d1e1a008ba524c8251a456d641a2020f771e0980b6bcb2c26ad891ab23eaeec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f1abcf5092747f046f3b4e869304b2e7

SHA1
ad8eb17aeeb9e2607ca3fff0a1fbf34367a76bde

SHA256
11cb9b4089adab301f6dcbc5f130e31cbbc300342d3aa10b8412faa9cd7c66ce

SHA512
b05e947e107ea8bc9c97faa4f265d6658322dc88e70d6b423566c828a5769f89124f3849daad9c1f0d6b91d5ad4321bc02030affe4930ff6dc1a08d8d903f638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d50501bcbd25caf811fe67cd3f147a0

SHA1
ae7b3b60ea4e3d9ac6cb53d0ea151bc0a2ed9840

SHA256
fe50bfe0cb4ec3c25a04f03506c68c98ee50db88f8c1d24c3048df82072157c4

SHA512
a50389e6f625ac8c62170ab09b1add5d411d6925e61c5884aa52aa21a55e9fc1a199a9878b809e0d43988fb5c68f457a6bbbd339c0db828b32c705d75114d963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f3741a05bfa4c0580883df9fe5a4a217

SHA1
9d5c2904c40a1d904ab9efd15645e456df0c8b1a

SHA256
18552a5bff16a896264c027934395b7c25cf4a9012c48fe4f0112178a15e08c7

SHA512
7b7a203cf4dea0858e21534fb8f64f7e84a6737b2f7e88dc167d0d459fc08f5e6ea74826dd9f9b7430ea6c4620f83c9d9f328108bbabdb137acb7fb6e2224ddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c776.TMP

Filesize
48B

MD5
3258f34ec16afaed05947212e58b6abf

SHA1
4e9b3e3656f7ebabe75aa1848ccd264467eef8a7

SHA256
514b67acbc06e62c61d5596d7a9de8f56f991894eff266df966b9cfdeedc7cdb

SHA512
27767cba3de0c1d33f128ca398d0477799ab4caf016bda4ebba3241ba615aca87a3c3d720662d9274e7b9c5f91547c8d8bf805d03fbd2807668ed4463912e51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1afbb3c524c61d0520b4ee69b09efd96

SHA1
8b2b853aaa30f034593244c4d1eb185558196d9d

SHA256
b24ae3edb2b5ed7b3aeba6a6bb7c3c36b955eeca848c087c1c8f25e6a03c9472

SHA512
b14e9845ee8bd95e988e83bb397952f3436cc428418775cf95c4abc7c7fe1745b603416e7e37152e4de8650414fed55582d5620cddc0aef4647ff77b7c5626fb

Download Submit