hxxp://virgilbennett-realtor[.]com

Analysis

max time kernel
253s
max time network
288s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://virgilbennett-realtor.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2524	msedge.exe
2524	msedge.exe
3752	msedge.exe
3752	msedge.exe
1364	identity_helper.exe
1364	identity_helper.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 4568	3752	msedge.exe	89
PID 3752 wrote to memory of 4568	3752	msedge.exe	89
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 4476	3752	msedge.exe	90
PID 3752 wrote to memory of 2524	3752	msedge.exe	91
PID 3752 wrote to memory of 2524	3752	msedge.exe	91
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92
PID 3752 wrote to memory of 4720	3752	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://virgilbennett-realtor.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb073646f8,0x7ffb07364708,0x7ffb07364718
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3779129384274156831,2446107485928011935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6ddf1c9f-3c91-4d97-9476-42ee5475e0fd.tmp

Filesize
3KB

MD5
860b38634a4bf9acd86773fe93f0653d

SHA1
efe47bf932cb55f565815439f36944e0907ba573

SHA256
bf823da1d9ebaf5f72d3e09da68b45cce0009eccb586da285f380a34b8335c0b

SHA512
a5cbde8f74c27d21a96ee80283fa7696f631df73b523aa296058c6b0d27f8bfa4e327efd18ffa910423d66518ef282d07a0ee61fa98246efb3fea521bb118038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
4092ad0ff21ec41714d713f643ea7fdb

SHA1
59e2140e9c3d3516ba6c7236e1359e4a5f7dc73f

SHA256
d966e570fdd00211b8d63c58852bd89e7523a8dceea94610f1c1c739fe3d796c

SHA512
e02f1a6e7ced132458c351e3e07c70b9bb4547b5278a01af8d7e824a16e6dfcdc576b27239926e48d87278bf9ed33f75bf91b9fb2fc982859eccb897062cf7a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
f1c55607202c739cbca60852eadd5094

SHA1
114d67438a18150e3bf578a89670d5c2238c50bd

SHA256
3f92f8d804e1a8a1b527caf27616ca1c545c2388e46107600ba27d8e33c4dfbe

SHA512
158d1b389ec13935478af2538ee4b70473ceb5fc056a007cbd4d5dfc6b1f272b6120d8fce076d2933285734fe68e1d30e20ce994a0d773f24a39e9ca20557491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4c1735b924366e771ab732c60ea7231a

SHA1
f1cf08f0441bd59e296df2a5e168a50cd5e7fb2c

SHA256
63317f75dd559b393c4603ecac53a09bd9b0cb172b386774cf313e8b95d014d4

SHA512
a7898431483910ae58cd0850c495cfb18cbf80198066cf153f38ff30a0180d53e5826b680efa5631fe8b34e4bdefa02f054d06cbe16fa6266a56901e791ca752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5f392e150650ac5a103a8204a2fe5e5f

SHA1
a24a79aa57d8cf2a2ed3517a462697327235e1c1

SHA256
b05e2497981904e3d3f6b9b7132d24b1f4d7aa19370ce55176da39308f6b66b1

SHA512
cd12b548dcdb762aa69842e67e05f5c95a548e36d6afb1a80f73e185c0d1b528d642997c81b1141390a7c933456175bdda0802c48a361a05050a909235c930c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98469478381fff62d33a7626d65dd4da

SHA1
16d6cd49c89eaeee80ae332b84038a094592ea3e

SHA256
3f7e79a4c8b3f61e8edf52292f9652217c44ccfe1fe213b4d4d548fc1e9a5b07

SHA512
71e460e32e6c169beaf773ab063f297aa48e85c7cf675a0fd06f221eb4db544b43fa3edbd1b6b16be7d61147c44837485149b534b258c66bb134282abcc06331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5c23a092aae90f81d90dbfbe3ecce09

SHA1
31b94c079c57c63fc3d17e50ba139117d2d0f7d5

SHA256
f495a50653851d9e1c7534dcae518791d5d170d79ccad230d71c13452806a876

SHA512
2a0eeb11c087c27994fefc12ec20ccc21771bcf5343d136e1b117f882abc154ead48b4dc0304eeab5192618b77f67bcef451856cee9afc74bf892b0271d730d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9f1235bffd8b72417d68952a5aea2ea1

SHA1
8de52648e079ff276b86c669ae62ec8852dc5ae9

SHA256
571c6c91816319f981b4f4a01453a50b569120b8ea38686058ca11ad5567702a

SHA512
558b54fae87330999f026c0915501ed0844233c6aa584294aeafbfe4769ae349dbd05b3a53cfa4d42d3d8e077373d26942145db51a7b109c90bacc7767e05cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\7ccc7ac4-1054-4db1-b961-76544e73be4b\index-dir\the-real-index

Filesize
72B

MD5
4beda1d10e59d8e9125519525497f724

SHA1
8ed4e26beb8db9340e63ee10c3f88ecb538e52e9

SHA256
5e4130c055f37cb78dabc16b3432141ea765a26abc6ec5daacf0c763ad0d8929

SHA512
df3eac0e66235d2d3efea79353f5996b869fb4856e66f663a8af13539cdeeb4f0e3125346304b476350edc77781d4c9f9d2ea47ed6e3c10e448f647cccd2667c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\7ccc7ac4-1054-4db1-b961-76544e73be4b\index-dir\the-real-index~RFe57cb10.TMP

Filesize
48B

MD5
748981b99718779b1a9b6c685a405316

SHA1
6b1cd761d5a5fa293bfaa3415dd9cdb63acbe3af

SHA256
5aa8c15d2f886e7072c160af1866f3fd51053db3b47753507aa5ca5dba2fab4d

SHA512
0d2234ab0a677629fd30e90a981be5e4295023d50357cc99fc16f6e152715b9b968d5deba18c30723d82a7b5f2e513ee29343662908727fed12ab2f2ef47c9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt

Filesize
90B

MD5
e96f7ca3a71fccfed86594d22f8df20b

SHA1
61049ddf681fe56d7bfd94e45a27065d47263c16

SHA256
ce5eec352ec39fcaabbdfd4336ce970c454e50b1c9f67390b3f8cc2895a72025

SHA512
13b5bfb6faf9d75343c846a1870c9f685a85301a4b81f6f657b83396720cee3fca37f818df1fb2b3133f5e1d3d5c26f8a5574bf6dab0995d5dc1bacd509ad303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt

Filesize
84B

MD5
6d5770be808c791492d0e15aad31260a

SHA1
b72be775055c88cfeab12efb35f60bad1fd8440a

SHA256
d72302d7932a70ba567ef5452336fda6e8f6117399d99f1a612bd102e8363f5c

SHA512
6f7319d4ac0dd0c88a77cd72f255754d6980f00b6e22f317a36ee28b654f192f68ada076b384e4e9094bec2a51a020da3b8d0108e2a2f889f1bc633cfeed00ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8d9c599167085d7330fa3acbbf41b0de

SHA1
bd0a552987646bb1ce0a709ffb78646f767df96f

SHA256
fccfdfc819fe0d823f132f3c4fef6a0c99c1c4df087c6af5e96675451d57891b

SHA512
47d5169480ff9577fd68a0e4b86f2d462cc65cbbbb8575d875f070ce906cb524d02fbbc2e86c4cd921b82503bbcb0f8a3579bdc14367a78f7744fe3a0d20cf57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ca84.TMP

Filesize
48B

MD5
596294b4b0a9b7890e60c1e8cd7b0c28

SHA1
cbc90adadf6fc7fe43c1433a7181355cb478ed1d

SHA256
aca0f62f70790fb1a4f74c1abb70cce6d3a21649401deee455c8e98bbfb45d0c

SHA512
dd65abf0f0cb37a613467e953ddd2cb855b3b9a0a7f357e9b75e62d784ddab5956527bbc92798dfee0a18df394383308ea098f0530a775d1e91c6d5ed6b39d53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
30a461709499f26cb91fb04000ec70bb

SHA1
ed33c15c0cf97e5510182c27d97f750acb4541ca

SHA256
3c05a46fa765dc7b8f12d4d40a109ae5c0a9ddf822db33575443e4dc42368fec

SHA512
4361f746544932f142971082b1bb6911154984a746310a3e3546740f6d1f0629a75c1903a813b3c0ce031575841711a03e39c04a25675c2aaffc16c9b41f26ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a587.TMP

Filesize
204B

MD5
fe6b7b6c613fd0b69229ce6a86eabc13

SHA1
2af4f6796fea165b86fb653be7f003e9ea59f12d

SHA256
113dea0615724fb70decda184dc724fa2cf644514452f1df78a45e5c5d828262

SHA512
78912da6f5ddf2f5e72c3da5a814cca5c245b88c5948ee8d59cff90357956b6819e0c6b31fdf0cf122b9ff1e3a0e2e9258a331caa4e25750efe6d3fad0197d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1acbf457ba90903c261e6ca407f3b112

SHA1
50364b7d95bb5714cac71cee2089ddb84099b96e

SHA256
818207e502574b962f4256d6dda023e589678ad6df6add8465dac7119cc2550d

SHA512
3f1e4476189b933de169db89864540b4601dcad8218f02451d5508d10324578526f96617566efb83332e8a2a087a09a9dfb587df038bb385bda20c89d9134bc8

Download Submit