50682e2ab2a6d9343fd5715dfc142944845fb46f12356c5f0dd08e1a73cf3b6c

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb4dedeb20d57e72ad46700f2e63d450.exe
Size

28KB
MD5

bb4dedeb20d57e72ad46700f2e63d450
SHA1

c953db3f9ae9029e926cc424514b31bad948ec1b
SHA256

50682e2ab2a6d9343fd5715dfc142944845fb46f12356c5f0dd08e1a73cf3b6c
SHA512

e5ddc5cefe71207f711f183a5fa2fcc60897cef6bda39fe7d43e3148eec3f335512e6d31665cdb0c2dcbb66881a84bc6ceed4a5a3e981898cf762892e3e3bd43
SSDEEP

768:3MlZe9cU/fCeGOuE2f0kdkdMRmxudeVEPK6:3KZOcCpGON2ckdauzdPB

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
4260	msedge.exe
4260	msedge.exe
812	identity_helper.exe
812	identity_helper.exe
2804	msedge.exe
2804	msedge.exe
2804	msedge.exe
2804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4988	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4988	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 4260	5028	bb4dedeb20d57e72ad46700f2e63d450.exe	91
PID 5028 wrote to memory of 4260	5028	bb4dedeb20d57e72ad46700f2e63d450.exe	91
PID 4260 wrote to memory of 1280	4260	msedge.exe	92
PID 4260 wrote to memory of 1280	4260	msedge.exe	92
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 2816	4260	msedge.exe	93
PID 4260 wrote to memory of 3900	4260	msedge.exe	94
PID 4260 wrote to memory of 3900	4260	msedge.exe	94
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95
PID 4260 wrote to memory of 3552	4260	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\bb4dedeb20d57e72ad46700f2e63d450.exe
"C:\Users\Admin\AppData\Local\Temp\bb4dedeb20d57e72ad46700f2e63d450.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://br.youtube.com/watch?v=zFtRSy9D5-w
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6bc546f8,0x7ffa6bc54708,0x7ffa6bc54718
    3⤵
    PID:1280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
    3⤵
    PID:2816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
    3⤵
    PID:3552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
    3⤵
    PID:1912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
    3⤵
    PID:4988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
    3⤵
    PID:4536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
    3⤵
    PID:3448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3492 /prefetch:8
    3⤵
    PID:464
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
    3⤵
    PID:4516
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
    3⤵
    PID:2456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
    3⤵
    PID:3612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
    3⤵
    PID:5336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
    3⤵
    PID:5344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,16029221019609289342,249013926030927935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3104 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x470
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
3c9f9b2e9d92544d70d8ae82b3469da5

SHA1
63d2eed68cb85c2992ad8877072b7c2b57b8979a

SHA256
d7a3a007decf9aeabf756d51889476e048d148c680b98a0a8e2bdab6b01ddf1a

SHA512
095c1a24d83f607f49c52f8fd5b93ff99dd9ba0615a86db29fc1b12e25b7953c2963d9ef3c4436a82a514ae74ea3ae5e911705e05a5f7017e08525d652df6849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4457f4b21346c211353703840686ebc3

SHA1
f1eb95eff4a2c96ea00a6c43be5dfe5686da364b

SHA256
5c76aef56cdc15ac6274fc495b47d532ec010861c7a3aa2ca4c13fe81c30ed13

SHA512
2c18574941735d62a172377b36a3d531f0ca54bc7525e20fc240ee4ee998def50c8dda7011151735ed0cdb2dbbd9002977a6e9275803871eb1825c0a49f23c3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b47dfeba80f8fcca37e457945b532c18

SHA1
f36a643852922c2f57e0a8be8ff8e3f78e996dbf

SHA256
982d5ba5599b03761252f3b0eb21096796683c6c003e5c52239c107abde08260

SHA512
d9eab449af2576a20f655202ddadef16405ba6c4a13213484a2e462da6752ae13ace82c2913068b6eb769637ff19a19d9506c084297099e118b3a3e788b66039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5c24df20d14cc160deea662df7bb08f

SHA1
517102929704b76eea7a2abd104119bbda6e5dce

SHA256
fdbede6dfc1c8fb846e872e1219453efc7ec1b1fab726b89fe7298779f000f9b

SHA512
237787648f5dd31f43b289a0c88c7313d50b60029cee8ba078391bf461bf78bbcb7731a73409da8e11bbcf3b4e416b72b04276d3045e5627c59dece21c4c21eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33ed0ea5883ad940f9e3048e3cacba24

SHA1
db3e6fe5ef0bff239c60afbf42762c5e4fb17271

SHA256
205dfd22ce7e80839707cdef6fd37a55b72f25b8944f9550c4e03fc99c034cd1

SHA512
7f4bdae847e91a76fef7c081940a92a1eb369a0d0907488ce5a3895f5ff0433839dccc35ab58cb7fa29e727899e8670b93e1c1a1b81863e0410a8bce07b10221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a4593532-f137-4a0a-86ba-b7bde514ba73\index-dir\the-real-index

Filesize
2KB

MD5
d5e23f45480a587b5bd034c7c8f6c3d1

SHA1
df77899fcae826d2e39dd39a1623b317f28947ea

SHA256
32c709abf7b6cafc36bd512094a999ae215bada7f17f13e8e6a804be86ea5b0f

SHA512
5bd85f789c00d0e7f9c86832630fba0c43405d4f7bcb449500bfb152bb888aa47a022f75c771695982f3bbda195907a7775166a3f3bd148c9044e453bea9678f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a4593532-f137-4a0a-86ba-b7bde514ba73\index-dir\the-real-index~RFe57a539.TMP

Filesize
48B

MD5
875789c391c4820b8b48a20f5272aa3a

SHA1
9e727629739643abc85f38da7a53ab34e607469d

SHA256
8c8056658d28483a9caa0c43821617d130f0de17fe40a6ffee099184272215ce

SHA512
dd551ea8ff2b6d53fa1715665d323b0a14d0cb04858e5ea5cc3ff37ab8ac0f970afd98e08cbe43c9f87b127faf5516bf6b68744f836ada2cdfd5b6b892b84a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
589609bb5e7b05ad73360d779d83a195

SHA1
7989e02f3baf644ef444bb4881ac724d5e791c9f

SHA256
b003d8cc5acdeda815278c0003d37122475e064f5fedbeb1be25a3a9436918cd

SHA512
fc4464ebb1db4bb5dac405ec04b6b9f41174373d20f4ed2ff76f7443ecb44501985ee913b033e2081fadf836671a15251924035611662cee7c89f6a115dc0083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
cd8ffc82527b320954f9a4b732dad170

SHA1
2d1f623b0040fd7b007f3dee0523a5ba49c9aa2f

SHA256
5e152d3d6dc4f1f046be3474dac01773d8afc9f5a44363e49d5a4bedb47d70c6

SHA512
f71a3f61b0a56049734379fff25ee6ed62e0d6c386f6d8b1ecf710dae268046f1ff5b3ec1d6ac4b57c1e2c55c1685c0b1cafd46d17a2bb84b31c08e4e26054f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
ae52688c950325fe3b06bca01e0b122d

SHA1
2a6451f1171cf7c3075dffc8ae6353fb0c30fb97

SHA256
ac58fa2934b298044094e04de084ee17a04a31969be3591f01a863cb35609806

SHA512
d616467bc4301a557cd95cc5adfe54d4d5c85a31fcd71f9b103b8c62c249bc9787cdca3798546036119a842149d426c533a5c76240c7c6a740ac3a5727e08694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5749bb.TMP

Filesize
89B

MD5
1a71633e359d0456e64b130a8bb9a53e

SHA1
f9c298ce63d5f4ba3f7a557bceeaa6034504638b

SHA256
cb76cf22397fec5b5fa8611251ce3fd3beff891180a4be2a98cfd5c6dd04b07e

SHA512
ea78611b6eeb8602e551c29cf264c3941a8abb1f720571bc0b5d9ad19a0899d88647682a94fb2dca628964fb8ff429684db0a32bbfc72d58f0a621d3f9c32ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
609ef91ad4964f100cb8b4ab90b36d9d

SHA1
c8d46433c4a6308be78939369a9b8b0880bbcf6f

SHA256
e6a4f6b9b8c1dcbab3c8c9184467737478ebe347aed95e62160673b5ee99978a

SHA512
a4f6204ff7564043f05b567f82b26fc8cb4b2cb6a4794258887a6772c85e00fa86a8107cb8c43ddacf677675b8d4d1e33bc4a390b221fd6ca88884ef1db5b096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579a0d.TMP

Filesize
48B

MD5
55d09989c84774ca613cd22e0c503ca8

SHA1
deece2a2f07d2b70bdb10f9d41159bd7c6c44bd4

SHA256
7027a36df478f3d8c7e73c83de0a9a8f58575012d367b0c362dac224a9f1907d

SHA512
703273f7cc00a1a542923b239d523c0b321c0805ee0ccc24563dfbe5fc6c443c7eb108c393ab004661e25c82f031f5dce8d9eaedb3ca8118babe80d24dfccb6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
863331ba09511d3e94fcf034c62c1060

SHA1
618db6f11f13b509e3cc0eab121e932e0430100d

SHA256
a9358b77ea310e29c3de1677e602c90125343e5238772718e64f1288bb2148fc

SHA512
615e095270f24e93f7b81b36601283dab06583f09660c5daf3ba9a91db6fbc9150c1dcf0b0a0a9bf7b0a5d6baa1598341ee093eee254fce6cb07668e54b07b68

Download Submit