hxxp://google[.]com

Analysis

max time kernel
2221s
max time network
2622s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
26/03/2024, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3300	CPU-Z.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	CPU-Z.exe

Checks SCSI registry key(s) 3 TTPs 2 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	CPU-Z.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	CPU-Z.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\CPU-Z.7z:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO43C1B809\CPU-Z.exe:Zone.Identifier	7zFM.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe
3632	msedge.exe
3632	msedge.exe
708	msedge.exe
708	msedge.exe
2792	identity_helper.exe
2792	identity_helper.exe
1704	msedge.exe
1704	msedge.exe
3300	CPU-Z.exe
3300	CPU-Z.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3124	7zFM.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
672	Process not Found
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	3124	7zFM.exe
Token: 35	3124	7zFM.exe
Token: SeSecurityPrivilege	3124	7zFM.exe
Token: SeLoadDriverPrivilege	3300	CPU-Z.exe
Token: SeLoadDriverPrivilege	3300	CPU-Z.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3124	7zFM.exe
3632	msedge.exe
3124	7zFM.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3300	CPU-Z.exe
3300	CPU-Z.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3632 wrote to memory of 2536	3632	msedge.exe	77
PID 3632 wrote to memory of 2536	3632	msedge.exe	77
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 5060	3632	msedge.exe	78
PID 3632 wrote to memory of 1200	3632	msedge.exe	79
PID 3632 wrote to memory of 1200	3632	msedge.exe	79
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80
PID 3632 wrote to memory of 4760	3632	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa52623cb8,0x7ffa52623cc8,0x7ffa52623cd8
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,4832369181277901230,3832273203901085539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1704
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CPU-Z.7z"
  2⤵
  - NTFS ADS
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3124
- - C:\Users\Admin\AppData\Local\Temp\7zO43C1B809\CPU-Z.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO43C1B809\CPU-Z.exe"
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Checks SCSI registry key(s)
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3b1e59e67b947d63336fe9c8a1a5cebc

SHA1
5dc7146555c05d8eb1c9680b1b5c98537dd19b91

SHA256
7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263

SHA512
2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0e10a8550dceecf34b33a98b85d5fa0b

SHA1
357ed761cbff74e7f3f75cd15074b4f7f3bcdce0

SHA256
5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61

SHA512
fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1cd05568-4055-4ab8-9982-066fc44e8636.tmp

Filesize
1KB

MD5
804318041dd08893ea685034e1da2260

SHA1
c788d81ebabd3f6a8de60af80edb8dca0c65ca00

SHA256
f6c33d89bdf01bef6abc6e3e4fc2a5f23ac948db262270f38d202c3300616c1d

SHA512
e5d89a3f4b11f4fa3d941b3a79ed7223f040fd20c0fed53f6726efcf12a584cbb63268cfaecc8a1c27c7b07c9509cad01727b06e3bb4b19b512054b160536973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8178dbfebe67f4837bce16ec189e2933

SHA1
0d844891a14a1dff2a4ba0759bbb7a6dd237bef4

SHA256
4513d8791a96588a190f1a718d80acaa258ac15f9124f5e71f4656def5800fe7

SHA512
93b3d18c6de1bed07751f9e201cd142fb50138b1fab80a740f057a68e3b2f7db80eea3939d452cb957f4891a342cb6a0ce28ad326a4588692f21db6356729b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3c446be0eae28263fa7572c701a5ba5a

SHA1
80cdf9662f396b4eca33745198c480bedd9ca9a3

SHA256
a44dc291a10c3410636ec641c411e02296c5b088861857be9865651fbf8a234c

SHA512
bd249bc184a35770f320fcaa5d611fe706274492ba4ddeb757bc32fe9be1a7d68432346866cd2e8fc689cd106d18a3eb2111e0bee491ff2490a699a9ec4af068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5629939f8fe0c89235a08a561a5c630f

SHA1
e550727d5da5176e75a7c62f91f8978f7cc0ca36

SHA256
49808784690af21eb20c6770ba7c2bbbf343979ec4885e3171512626e274b4d0

SHA512
6afa641cb5d7c05181ff84cd7ffc0293183058576ec7f6bb78d2e21282f4fe8d45ece893bfedbec10fcf855f36359809f52fd412600d21f81329e57a0817a942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
45b5043b779c13624ebc8343296bf806

SHA1
8e39c7671ea9f83e89a7393568952343d55266bf

SHA256
db0ae0c667dbebf76614665b9fb8e72ad707803a88a648bb4100cfc0bd985c94

SHA512
670ba56b234ec7994fdec4dbe9684dad5a7b8fef5a09ff1799ec501ce2ae35da958f44380bcbbe5ecb69a337fbbed5beb0fc0ddc8dc982da46e5adb740991b08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6022865905f02c1b4edcec82cac057e2

SHA1
8d18ade485e94d17a0d6d035ecfeb1a9506d2b24

SHA256
9ee734db9f7a4aab7c3eb26e669e08f491a647c7d15aee89fdc61925965c526e

SHA512
4664c004f19a5640070af8fb9291eb55c4ae90754caad67d8d4eaebdcb9474ce312324772acd02a252be5afb55f5966274e3813c29fd5cf94e4c4292a1335a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfb5eb99e91be08639eed2666707e247

SHA1
ced3491f9e27d4b244580a72728b13bf97e90336

SHA256
4e78414ffd8bdb5d48c2b5e3969b2a2f6e334735bdcaadd90449d022bcacebe0

SHA512
96127e3705e17977e8e08ec60d6c3f06f1bca50b15f5730ce0b1820a78bedbb2b800b212f7a593ba189574fecc468bdaf76715c1ac4d196b959d01672a4f4e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
163dd6fa59ef5ccedbe8889740016035

SHA1
4a64dd397154f597bb70ac5b3315bee9acbf6b0f

SHA256
8858bbed30feda566f94d1b57a25c2cb1566c122e79163c911dbc9a6fe1f7625

SHA512
225f5e8c8c7d76a5642789016c8cd0e974eac699df14e251e26a6f12044883bc08c02d77cad1eacee1971587b2a2d75837879576d110b33dbf59e9a00f4ee2a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59dcd61fc0fe7bb2ea18c926f120dda7

SHA1
5823b58f1e7568255e7f9ee19da6e312ca8da05d

SHA256
86ae649abc6b141e096e4182e7327fe5aa421877ebdaa32939f716b210be6061

SHA512
9dedcd0f87151e787368ab758f86e8e488052d77280bd6c7634df3bc9d8a3b8891b807478637f144d9bcb9e5161b2d61d74ac72cc1b7a7c109b729dc89982323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
940c56718e45be8ad8c454a462b4ba76

SHA1
c8474d2318ca73b8b6134c9f0f310df8cb6d417e

SHA256
4355f09717043f62d89e55dbede5e98458d4ef9e53d87587865f25f687658f5c

SHA512
01d127a56c567852cd268053ea57d99cd906aa85c199c4a7559c693d68ce2fa1bad27db1591fb2a90661d29dbad213520848fce362c40bf0128f7fc1156de699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db08b002fbccbf64aff3f2781847d52a

SHA1
daa4c61d36f8fb670cb1e3b612054aa6210c2b9e

SHA256
c03a48546987b6f99969d33a46016da870a928fd4e5a40d2219ee3ea0db13c86

SHA512
bd3650758934a7b7166e4eb066c85c6da82e185be1d0d068a7d98ad9aa98ce97c2296e9a602fd0bab8e31932e358e2d6610fb0676584472a8c3200061d0fd1c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c2ab573d9e0f0a900f90aa5df0335f6f

SHA1
ec232dfaf65a914ae5f2341b64fe11d6a86c2ebf

SHA256
520e0fa8ce9bc4c0b84b233fbcccec3959d91a9906968a3e090ea14b94a041b9

SHA512
a74ee2a78b87ff2283a6f833a4a6ddcc4a534a621e894b0d6922289a8d7106afa0fee00ce90a70c297e1125e3edf4089b6b838bb1a0e8cd5d7143f20ed6bcb4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1cdbf3b6422047b549f79551f34c7752

SHA1
4913f49c0d36397bb223d01fd7c2fc3752842709

SHA256
1db3c5bc4ddd9cca6efb5f83402914715a446d7ebce172fabad4745f786e9da6

SHA512
56f059a068e9f9146f73276488ac638cd4efb07168e2e180ac4f52bf4261c6a46d0f184c8c723876315783aa8ec24457e5c2be8602fbc00a677c7f12b1f2ad42

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO43C1B809\CPU-Z.exe

Filesize
4.0MB

MD5
aed8a6fc0e79c6ee1f073baaff2f5fbe

SHA1
2db73553ef811e6e5c9506b3c961de1b3cbbda21

SHA256
e3fd159588488cc9d36b5efd1904aafc420397e3d2857ef12caa3ea7dfed7eb9

SHA512
7f4d8ee25473dd6aec9e1486837c4d4064d218b1a918b0a0de32c7300d1850e845d1730b460ad3a81b70b49ca367f5adf99ae81459f14a923e6f95c5985a12f6

Download Submit
C:\Users\Admin\Downloads\CPU-Z.7z

Filesize
1.2MB

MD5
a5b566ccedac980c44beab2ea6900c68

SHA1
8921f4ed96027823ddbcb26e5862f1cd95f8bbf1

SHA256
21944dccb0c2b91a85eb140f4ff40df7dc2f72915f762c7304f0f05df74f43af

SHA512
ef83e482015753c65eab11897551f177a6a71138544b00d4af02d4d926ae2bbecc83c05bdfe5e8c0cb34dfb4bf2ed00841abcde750998a840886f05f0bad565f

Download Submit
C:\Users\Admin\Downloads\CPU-Z.7z:Zone.Identifier

Filesize
146B

MD5
ed074ba44d36598c5a3ab36c419d77bb

SHA1
98b26ee156708369a105482a100f34552d766c48

SHA256
fc728906db77c17f0d9d0d8f8d805ddff8bdd2e31a4452ca75c86dbc9a4600c4

SHA512
cfb53ee0272aa70f3b4f09666ece54c133d2567bafc2a4ef94d5f01741ae7be2ad6a3c6db670b7cab864fc147b35c78a1aed19da4c1d2f6e8a2eb79ed5dff7ed

Download Submit
C:\Windows\Temp\cpuz_driver_3300.log

Filesize
1KB

MD5
a227fe803330b0440e626100b03e54ca

SHA1
c20c0206207b8db422d8f3f666be16dd150e079b

SHA256
952bdadbf7df87d51e8758d28b2be96135e3bdd07e9c58eb6a5dc63748efbea3

SHA512
9c7d31ad1e3cc8ae855231b994c47e419586e54941fe7cfb33ff7fa821c8c4cb988703e66fc3a836c3fab6560c872fd52597b2675d80495491afddaac7aa8c2d

Download Submit
C:\Windows\Temp\cpuz_driver_3300.log

Filesize
2KB

MD5
89b6363150b2c68c5db80da6b2f36a1f

SHA1
8ef061896286332ef286b024ab5988d832c8adf1

SHA256
a7d3db7919b09e6bfa864b934da50e62fd19874b11a220d3210d6321c6002590

SHA512
a7e55a43337592ccb9d81efb1b530a267bf53f183d62a194fcb55a98d83abaf8240cff2bc28a0e5cfeea70e445a3f6cf92f0237e0c2ae0f5e5e8ea11cea2cc2f

Download Submit