hxxps://1fichier[.]com/?xtjuh4zonb96u52ovrts

Resubmissions

09/03/2024, 03:38

240309-d7jf1acc89 1

09/03/2024, 03:20

240309-dv2f2sda5y 1

Analysis

max time kernel
121s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://1fichier.com/?xtjuh4zonb96u52ovrts

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
2496	msedge.exe
2496	msedge.exe
1968	identity_helper.exe
1968	identity_helper.exe
5296	msedge.exe
5296	msedge.exe
5296	msedge.exe
5296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 1272	2496	msedge.exe	88
PID 2496 wrote to memory of 1272	2496	msedge.exe	88
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 3948	2496	msedge.exe	89
PID 2496 wrote to memory of 4416	2496	msedge.exe	90
PID 2496 wrote to memory of 4416	2496	msedge.exe	90
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91
PID 2496 wrote to memory of 1636	2496	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1fichier.com/?xtjuh4zonb96u52ovrts
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff86b846f8,0x7fff86b84708,0x7fff86b84718
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4160 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,14853286574568962458,16732130447055184114,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3736

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
37KB

MD5
c5d1d94051d0dd5595fb9272ddbafcbf

SHA1
68e451f408a7d3562d693058dadca83c2f829c29

SHA256
66b9c59ac37d172cc4a5ab07e8c8a5490dc9c191e57a3725ffa0525c6e53be70

SHA512
65bbe6add4b513ec4cd68b3c8e6c27f70824b461a1d29f80d9eec81d48c006aa3188fd102384f8c2f8225caa4bd78e2a44e456707c939ea9d7d658f4cf2d8d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
27KB

MD5
bffb059f66bf71c890cc5b5ae438989a

SHA1
e13ab1e1accbf64e3e430f02f7c10ae09d413ac4

SHA256
3a87dbcf5afda3daf93b5be8979affc5ed1a14c1050e004cf4c8897f2d96bd64

SHA512
cc7a0e52bc9278d4e69923eb6ead9da450144797c5aec7bb479cd68203221320341e271f2be120d7fabd6b8a9d0ecfe48c870c7eb18fe687d96dbb20ede9488a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
39b2726262a39fe4f3cc8b63a724c210

SHA1
b8bd0121e99bb2ee269463feb35b782b31bed722

SHA256
5b00784c52ce5328237c77baafdfb28db59b6e2ff6c45cfec355fbba9acbcfaf

SHA512
d545826fd0cf5acf47b7f30282a01aeaa181a396b4e071c7bb3b8ad2369777593fd5b7332f77323050b3d65788a4595427c849c8dad7759686f704920f7f8470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
5b795e668f69b94711df874568842870

SHA1
9fb1eaa6b684f2f4d577cc39c4095fb9fb6a7762

SHA256
ed1e7469efe584d65318b5ba999cdbd48c1e4bb6f8c46d0aa7bd006f88f41dd8

SHA512
71a82fc8bb4da5ce9e5d7eaf5876657d0cfb2e48bf6449bf333dba1b7792bcfc297838673dfa97fa51836ce068616a6e1f469272fbaf107b6b64fed7edbd5ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1bfe652b898d7aa3685fe39cff69972f

SHA1
a41e415e706cd81bf19657908a23b583f14ed399

SHA256
a1b645b50d0e306aaf7d9edaa3b8d32195a5961969c2ee7a46f89f8e6c8e1b94

SHA512
d7ebd98c049357127479c487a64be36c4b033c5d6fb574ce863e22a5f3d4bf7a294a71934133004a2cfd0cdf83ea3c1e7afb7a55c00e5529ff893d96b60a0a23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96383e8f8478db03b8cd539fdf8c00c4

SHA1
8f22b24ddcd54886d01cfb56257e780d54c4f50d

SHA256
bfcb12c9464dd8013448e49f09487852885879e682801c9750996ee641b72aa0

SHA512
9c9d656cee50e938b930310492d47f4ed3d061db85e1fe187acbecfe16add3de6f95d07388daf16a03b5101971adb64bd3466c536a7680e4256d02b36077ba97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
88fa9cd9f70cafee8207c0e3120a869c

SHA1
217e4bfb34f9b938b31426970b7ad7633d1c575c

SHA256
01bfb1c2cc8f4d02389722e77fcc444a79ec67e980d128285e7428b981d79e05

SHA512
973a77cc6d3cee1a001f8f1d162db0cf9ef15b28fcaf17cf543980e3ab31875772c6333297c38eabe091fb989d67fdc698206a547627626e6c0fc1dd94cac232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc6775ace8841835a6c4eed8b14ab673

SHA1
c7c84e735be8141622e07c0325c28051936e62f8

SHA256
95d4f1f94a999f32f333875201c82dbdb78f785208484ea0898d1c84fd1bd273

SHA512
1e1aba1d86f043484c9221e4dda767f00fee14af54f4057972dd20c5eea5dc4a717893c8bdab1ef7b184e4e570f0ab56d7ddc5f1201951a4adc797d78b6efa15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
206dbfdc3b9e62cbbed0165c528e748d

SHA1
96d30559b53d3eb762a6dc345095b72d24563d70

SHA256
1df313a4a804dc6197efa9a0a65737f95b4bb4993926f536b5a049cc07b7d043

SHA512
6a3afa52e30adeeb174abee2143e188fee6ee5c88b45ff95f85b779d723d9effe59458658e957894e0d30794562dfd69857feab09c5c6967c0a8cfc53ef093ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
55966f34ecd79970ca1c39d192ee022d

SHA1
9855ba7548ba6e179af2836175e654f5e95d92a4

SHA256
fbe615bd4c4ef70515d36a6fbea320331f2332896bb0016a89980f06de0b8e90

SHA512
21219b4a7a2ca485cb00167b00480f17720d274b9dca39e598556244fd233fa4b0d3065cd1adcfb48f448a7abcfe1de7bebed9cf860f54732e97c444269c92fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
bb4651c6cefc4b44a55d82d12960734c

SHA1
7eb811bf8d2fcc92e87099211aea27a0409d306b

SHA256
5ecf99f963586874e7676b1965e6132655b147ee7eaa356dd4282249f23fe5fc

SHA512
9c0e9bd1e2b61598332587360180c5176def6243aa83ec65083afdc7b6e411a3e1075f6f5f2997105f501a24d27eaa8e6f67dd95062109f8a5a6c387d20ed41f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
7da3f24f3fb0970bf13f084543a5f5a9

SHA1
11d43a71aeb68d338c54f69c8647e9bce0b5a866

SHA256
94031fc0b1d7dc11e3cdf3cd0029d2f10f3254514867e06dd5990da4b46bebfb

SHA512
d6c82b522794ca6b416df12d51ea8a24231b876dd20bd526364c0389dc00869bc788b6be6d9f01d3928b1fef8689ab96ddeb67cc731baa2f22e716b18f33d413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
e0b269441dc55a3c85c78dcbb933d562

SHA1
3a6ce025f3e4f43e36348c9a02ebed0c805f7ccc

SHA256
948c8f6ab81eb15265899c4f00765ad51fb326fbd62e7e3f3d0d04e82566aed3

SHA512
bc88d375c9ade8030845c3a8f51837443339c7c430dce00e2eda679fed6cadf9cdb37666b8b1af6cd6c479a76a915aba587fa1478b879eab45b59eb8f683b73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
698B

MD5
2edcc9022cac5300b855b2bb3028100d

SHA1
f90662befe4ed6b02784a08ff7d7c5cdbc24c450

SHA256
df70ac0a10d0c948425df149ad780508b9e0df7c53773a2bb4bc0a1035e8f951

SHA512
5aff9c0a899207efca61d379244883891d5bb8a3e0c7b709c41c79989998c2ca04836f89e02305063d1067d98731ed9db1d235965e7e4509c767e30dfec608b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b93e.TMP

Filesize
704B

MD5
fd478dc950b9395e86f0e261f2eedb94

SHA1
79c72cef00d5fb690a7f0dcdfddb50a0c1bbec2e

SHA256
dd8a5728eb6018ba5d0059b1a78a4c4c567e0e3347cafbaf3a8d8c673e953123

SHA512
b9f7a5024b8e5db54498cbdaab7319bb70e71116e8925f423a3b6bb56fcadbd466da7658d3c1d4ec2dc220428b43af52d15e37c0d201fa4f03b54be909362941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c5f7f80fb97b429028671fb4b12411d9

SHA1
1aeb391b30210a10747e98cb70fb0be3c500517a

SHA256
2f112c9049e55d6fc5b6d74a7df7fdab266ffb80de3b76ca943c26bc9d586da4

SHA512
573856237c2891dc8998b122eca31bcf5ad1aafd05f8260ba5e9cacfb5ff58d8f25b496964e126c24e97a8ef20b2f1cf7df4da24b9a05e6971cf4af5e76abbff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0e8f136ab44f095816ffc9a2c02e76b4

SHA1
7312e4cf8dc7a51a75e8c4431d78315ab6052e91

SHA256
7b9cd52e5bfc93548bdabd606a08e54eb990b9723d1689b2b0e9af600f82838e

SHA512
74f72d45e0872db0851db52c7c8c9b3843035ac23a79edc10a5aae42db9f895c3a3926fe72a1dfbc3b88a608da85d04d318a1317230121c1063af059ff188f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ce84f98addd057b7bb89bf0ac64bcf42

SHA1
6621c3813efc64d478cc158b104f5c88e4a5b35e

SHA256
5ca76c8253a5bc8b1f6522367c5e3e3871ec9c1d1c86ea9f3d7aa1eb36f27cb3

SHA512
02b1b8570c04ed05c75a68b4ac70f82765179597ccc3644eceafaaaf65fefdc3b287ab6ed2b21b5dc03b2fe2a9ca7761d7be2a57a8ae9f4b137f99a92157ef96

Download Submit