e51cbe96e3a9d5ec82b78ded4a570093fed54604a21b36707aa3f1dc216abdb6

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 00:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Elsify Universal by FrostChanger.de.exe
Size

18.7MB
MD5

c4e7c21c470314cec48770bdd6557a7e
SHA1

fa5e175cb1dbbbf8ebee99d8bb4795c401cb15a9
SHA256

e51cbe96e3a9d5ec82b78ded4a570093fed54604a21b36707aa3f1dc216abdb6
SHA512

255b8605651626489f3490869db7556348b0d8a880da91c91ebe2f636e9ffd7ce43d254c4d811186238bd9eb396fb5e155adc3e952d4a634005b3ddd069fce93
SSDEEP

196608:ZwRSn6Y/SXTVrlWhERb1ReeVG2COp0NMyrxxAwRSn6wcn23/R0tbz5O2KVBXrBqS:J/SXTVYhDe7CPNhrsRfBXcAidtMPD9h

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation	Elsify Universal by FrostChanger.de.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
66	discord.com
69	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3270530367-132075249-2153716227-1000\{BA13254B-DEB6-45E5-BCF9-27D5A4D3C61D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2532	msedge.exe
2532	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
4860	msedge.exe
4860	msedge.exe
5600	identity_helper.exe
5600	identity_helper.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	936	Elsify Universal by FrostChanger.de.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 936 wrote to memory of 2116	936	Elsify Universal by FrostChanger.de.exe	103
PID 936 wrote to memory of 2116	936	Elsify Universal by FrostChanger.de.exe	103
PID 2116 wrote to memory of 1036	2116	msedge.exe	104
PID 2116 wrote to memory of 1036	2116	msedge.exe	104
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 3324	2116	msedge.exe	105
PID 2116 wrote to memory of 2532	2116	msedge.exe	106
PID 2116 wrote to memory of 2532	2116	msedge.exe	106
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107
PID 2116 wrote to memory of 1660	2116	msedge.exe	107

C:\Users\Admin\AppData\Local\Temp\Elsify Universal by FrostChanger.de.exe
"C:\Users\Admin\AppData\Local\Temp\Elsify Universal by FrostChanger.de.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/api/oauth2/authorize?client_id=760134439472201729&redirect_uri=http%3A%2F%2Flocalhost%3A5001%2F&response_type=code&scope=identify%20guilds.join
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf07346f8,0x7ffaf0734708,0x7ffaf0734718
    3⤵
    PID:1036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
    3⤵
    PID:3324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
    3⤵
    PID:1660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:3828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:2692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5032 /prefetch:8
    3⤵
    PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4072 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:4860
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
    3⤵
    PID:5584
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
    3⤵
    PID:5968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
    3⤵
    PID:5156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
    3⤵
    PID:4540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
    3⤵
    PID:5728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
    3⤵
    PID:5736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
    3⤵
    PID:1644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8462286187588826000,11062552364087894594,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5008 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\62555e43-ff5f-48af-9b86-7910ce0c6099.tmp

Filesize
6KB

MD5
dbdcdcb65f982e45ca45c7a3975ce10c

SHA1
33f06d5cf44ab99d754f46455143655428e5aa51

SHA256
e9020ba39d9c348d30ed1a68302206fbfb38bbedd32c597e42f48c0da666a85a

SHA512
8b9e25e021982b5c30563c7344131da7a797167b574f966dd3a36281b3fe2dbeb89f68156e7a6fe22a87a85bfba2c06db10a873685220e51c31e320459d988c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
eac80575b49b41fb7790c5e92871aef4

SHA1
a022456d1a181a0747162d97a84f839db6f303ce

SHA256
bb6973e66bfead10af0fa39cc62151c327e6db20650cd7e7dc3f8cd49499bae1

SHA512
e681ad5dfb7743a97b00b63037b318ab68dc8f752b805d8a1584119f9c6810e83a0bfe48c7ec3dae7a468bd9b19d0d76a93fb9307a1d557f7c32953bcf30980a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a291f8640f9ecf276f503aa76714b59e

SHA1
1c04bc5687713050cc21bc183a3e820ff3622ab4

SHA256
3cea9001297bf95cce86321df09ef3ae6cba7fdb9028707c67275054185a07a4

SHA512
e29110e3827713aafce0882b25f3d0e291c8c49cf408d47b0ae65cc73e924e83107064da6abda4ce1bf4aaa7eb925dcf8db6f91c414f7ce16533d8f2879b9d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6c8e185f1bfd2e7fced7f5af2de11d05

SHA1
f8d3eff8d899abaa052d096d8e7bba4260e234d3

SHA256
7ed11493ee9cffc9ce0077bd0de742ccb91faa98db7530abf268ba3275f958c9

SHA512
550c18dac5ba79b8ae57587c5ebbdc299a0567a1ba45547dfd8a4c4d5b5bc87207ea17450f8f455148eda69ec5e147c90d9a4c7b62500dfb9afea6f9b44794d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
615B

MD5
80a1bb6ea5fd7161c0a8ed1744f88b7a

SHA1
3b319d29d9edb6d38683b4ecbf913beac0b99362

SHA256
bb8d58dcd576efebd3a6ab07d1b4064ed452c20ec7f1e2bed3429f85978a2a2b

SHA512
e24538119cee97e4ccd175b67bdfc72cf190896a866041d91388c3c09dc4e56fb32fb7812f8433bf939c3af2802e98dd9169d59299b7f859fb299b988631b365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce24f3daa71471c7cfd6c6aaf67f0ffe

SHA1
aa770de0abda1c08b658756cc96ce56f92ac6845

SHA256
28bec460bd19c018ae62ed68f90aca3094d920c5dbf5739936cf42bfa641eed3

SHA512
28970bd39a4d06feda5eb89734f85b4dbb592ca8706649ac3f906961ad7ef781009fdd4b62c1a33943f56c5040e83aad2b12a5d2b47d169916f9624742b84469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c27df70914030dff6291d14419cfd32a

SHA1
08bca1eec4eb7ded89f0d5fa3f68ab3887aaf1cb

SHA256
fc9a1ca0aa95e295acea492e2585cd693a697ba1ab951bbcf5fb834e119d701f

SHA512
f5112ba98093243f7bc23bb11ab0b17c04ee67733e91360e66be713ee66a88f48617f05b6ed322cebac74405594f4ab70c1e35ce2b210e8706c6b45a6f7f8d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa7586bbdade280afd7052ca3f17af3f

SHA1
79c03832905e627e497e28b4600405e8485e1356

SHA256
3f031d8475e6acf11c643fc60d14f80fde84f7286ad3be6091d1624c228bb38d

SHA512
8f42900b0dbbf17f6565d3bbc2a5b948a4a38a647040e6c3a2e99b414cfafe525bb27a6337c573d6aabd2119fd14ec3ee6d91584da0f391111901fa13c09ca35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f98fb046cf001bb8ca7c31861f9b0d9c

SHA1
29016e82910e8a805b95eed1307355f371bfe0db

SHA256
6a30f4d80abd02e27a197b2d103981665da4d69ba0d8de833efdecd83b81e012

SHA512
7b48c106f788885fa9134c4401b6e994b8f80e0a0fb16f952d7a9e8801f02152314f2461ef975500f26f3319fe4cdc9aa30e03b42aebd7f88adcec66864cffe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
39ec2800ce0dc6f7562e34bb272668c7

SHA1
aea5afc6ceda52baa9ce5c0fb564e3d86d8b762d

SHA256
5b37803e300f1ca4d84ecb369e916a5e284aa1aa02f980f34eb8551f590f876b

SHA512
46151bb7ee96499bd221013ac3e55454be4392c280b26aa255aeb9af457780d08180af3094f30f93a687c802ec752d50b50a00c68bb631a9e36fc3e6fbc7ff84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0eb34b1cc2e6a7e0ba598898ecf14cd3

SHA1
9da7b71f25e70f80ee5b66d7b63cef34d05dab7e

SHA256
1c5b94c065f425d0ccc8e7fd1dc7cc0bde602df9270f9e3f3a995ba0ae94aba2

SHA512
2c95aa63963b97eb668f16429b06986730e25a8c6a057694ed0dd2bea45ae54db50592d52b923d0cebb0486e920e879f84dcb00a61c29def70362769ecaf31a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e4e.TMP

Filesize
370B

MD5
6b3f99d8e48ee789a8f46b9413c5558a

SHA1
e4389c61da95fc3fe9446dcb889d820bcf0af778

SHA256
b55a8d53111123bf6031afa3efd82a6d6ac9a8eef031bc6b4ca03e57d1ec0747

SHA512
032c1c6f1c25f2ab8d0eb6d3964f5b9a39eedb82e5af716eb802bb440adc609e069e0c30dc6cafb141f376624c60ca9109ab7686c3572020fcc7e314163f9ca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2dd4df43717b691ff221bc1ca02cdd06

SHA1
b3fa36bd074f26d23f35b42c7876c049abeaa843

SHA256
efb0867b06f013cc94605f395b5415cf01b7ea143afafa3f03e371cd880b94a6

SHA512
32b5c1da398d7382b683b7462749a8c3d5e35e6ff9b1d226e015e0d66186426d164528e918afe3c2b6000c8a7dba8338838399d18df5dca91a26e60e66e7405b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ed0f5710-4ffb-40f3-8171-828401a827da.tmp

Filesize
11KB

MD5
4d282c0ed59da615dabb8586fb73bdda

SHA1
8eb7ff3f775837f8e5f974507e4b5f123b8883ed

SHA256
42870771040c6e7ab22e5f28882625a025e375f55f8fbfbda1996b16a764dc17

SHA512
09b9594484f6887516fd063c3b790d3fa9e12966b65bae9badbefab6928b64bd24c8e6adb39d3932e181d80b6c55619cd1406f1aaf004288c36a547fd979fd7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit