a3d8994c2f3dfd2688aff0e5eb1158e6590241756f88cf21ff4612c0a98b0fb4

Analysis

max time kernel
105s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/04/2024, 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

auth.js
Size

91KB
MD5

e0fd57f2e7558db0d62105500076313a
SHA1

d483d68fc8c9d06f423a486aa2dc1d8708cf26b8
SHA256

a3d8994c2f3dfd2688aff0e5eb1158e6590241756f88cf21ff4612c0a98b0fb4
SHA512

1afbade743323713e91af72a6651ad4ce0055dcb33774d7eaee9d7475a1de4fcf52f41c891667a4f468fd7b1b75fb8801d9d421570c03e87e42b0ca7793946a6
SSDEEP

768:gsaMZzX2fBYLnpUKFCzZPDdBl4c2r0k62j/ESJs481GA8sQaMzv6gj9361LsPgje:lU/iP81GA8sI+whiLsgQNOc2QE/8FRk6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{3CAAABD4-2D22-468C-9016-EA0678AEDB4A}	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1040	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe
2260	msedge.exe
2260	msedge.exe
3588	identity_helper.exe
3588	identity_helper.exe
5236	msedge.exe
5236	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3996	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
3996	OpenWith.exe
3996	OpenWith.exe
3996	OpenWith.exe
3996	OpenWith.exe
3996	OpenWith.exe
3996	OpenWith.exe
3996	OpenWith.exe
3996	OpenWith.exe
3996	OpenWith.exe
3996	OpenWith.exe
3996	OpenWith.exe
3996	OpenWith.exe
3996	OpenWith.exe
3996	OpenWith.exe
3996	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 1040	3996	OpenWith.exe	100
PID 3996 wrote to memory of 1040	3996	OpenWith.exe	100
PID 2260 wrote to memory of 4892	2260	msedge.exe	104
PID 2260 wrote to memory of 4892	2260	msedge.exe	104
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 1536	2260	msedge.exe	105
PID 2260 wrote to memory of 2228	2260	msedge.exe	106
PID 2260 wrote to memory of 2228	2260	msedge.exe	106
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107
PID 2260 wrote to memory of 2584	2260	msedge.exe	107

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\auth.js
1⤵
PID:744

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3860

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\auth.js"
1⤵
PID:4904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\auth.js
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:1040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8507d46f8,0x7ff8507d4708,0x7ff8507d4718
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15936019807810242880,848222699208769290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:6020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
36KB

MD5
9f14ea0730d06cea8c4e542c07d069da

SHA1
d95b1834c791d4e07c7e529c7ff7c743200753b4

SHA256
54b759f53b816b45075eb96606684442e96ef2dc74a586eb110188e2fe796cb8

SHA512
d9746a4aa8846435e55d1241d46b81cac4cc0c64b642da040f2f636dcf815c9886ba7373763fe653bb6f80c663e1ca6d8b69dc8ecabbc9c8297c580de8132d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
16KB

MD5
6f0c63b4763e0b09807c0a4cd8f5632b

SHA1
a156f5a289b0c0bb717d5a1b59aa5d5204fba054

SHA256
74ef1d796de628eecb610d50bcf2d4524d7289fc84a943ecb72b5d6b7ae3ea99

SHA512
c76eceb02c2ae66aff1ad13d8b1c6297418b35a1f5bae5e4a27a52817958495aa58bc3429679f4dd236138730d20b69a13836fa1968fbba1570f4c0f737ce9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
141KB

MD5
185133fb571697b567e205f8ebf3e877

SHA1
da052c72e5620b816897fec54054213c0afa057b

SHA256
b324c08211d36ee9d9c90782925a16060f0b1527b0f46e0631be744fb17642d8

SHA512
929d82776f1c97a1c03e252c467a0ac9b137fd11133f06b5a2ad03d971d343de3f981e3cb04f9f71bf2b881a4ff372ae2d651e984b587a888497719e0b93ee0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
57e347fb086c12ba412b3f47ec912585

SHA1
8d07055eee5581b5a2c0d6fc7f04afb8c4b20b79

SHA256
b7558427a4fffd1c6db326cc9af3b2b3b184f71c60b24dc4b3880c713172de59

SHA512
b48132e8c334559095197222e7ee18c9309835fdc03ecf8ee2b910aa55bcc19beac145b8f7fa2216f8215f2ae249bf21ca68dd9ec65f11a3625b96640d9fe3a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
156b4e248e104dd41ec867cca8575a39

SHA1
02cf53ed1158905311d91934aaa2df9abddd1866

SHA256
613c589ef68c3014645794da13de892dd18dd4f89272b79d8a6afb8245390da1

SHA512
8f1d34f8544874f37089cb77a26c269a2e7f90ebf9a2da9ebd4ced3e0b11a4d338eb564cf47eb17b29f2632f190a105281eef9e2a4d9302d84335fb183b29007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2421089185dc786fc9e7861e1a340627

SHA1
62b7b2ed3bc9427fd756dc7bb3ca74003a5cc560

SHA256
591bba903bcb2fe0188fa4175467964b4a6225935be3ecd02e57dbf9bd4300f5

SHA512
d84960551d44293831e2635bd88f632572e553cf061157527047fdd3d2a49a411d49bb95ae0a1cb28be60c11178ab0675f89d02c5e30621cd3e9b1b2142db995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
920d59fd1ab6798a66664499fb2feb0b

SHA1
e7fd39630bde86817631b1097474488d12ab5014

SHA256
c4dd1305e4de7aa90cb08e34cabe01bf527b26b672ef910b00a740877185c72c

SHA512
6135cd90cefc60a3c5a269f61802cb205324623cb2c04d70a29377cf723c61fcca32bab21afb26e9337153f0a78ccfbd7fda68390bbd891bb1d10ea921f87c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
43b3cca4c068cdd135e748ec9df79626

SHA1
ce5dcbbce9d1295bd05e8ebddcb4b5f4b2d93c04

SHA256
8af606134b6733885b1251c31186df50741fa79b15c0ca17f0855b3c12b0d1ee

SHA512
39931f6203bb27afa3ae625a4f4a442b2bd928165115e330a695ac47a7897aef91340ee42340088c44d15cb4edb4a6b369a2b3eca7094e924d810722adcc04e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ab151b22c7dba5f5f9a3e10062379c96

SHA1
5bad5a0dc77f12f46dae0d91794e61c31ff68a2a

SHA256
695e6b9fd0f10a6967bccd0616b2eb06ae20de0e9e3e0c9c0be270e338d4730b

SHA512
28c3649300005b42b7444e402f47b136e3ae216b70f05a0f1d3245ffb581fb12bb22f7c5ced09d533df6e88afe9fccd5836cfb607c59b4c28ad4697845495689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f08067b6b0d51ce05cf1310587495f1acb8d01b7\924581d1-f86b-43ac-8070-ea6ca10662c5\index-dir\the-real-index

Filesize
1KB

MD5
ef2b9fb25dceb610d4f9c05445d1bd37

SHA1
f6e7e7817b8c3e535ebdc1fda765a703b9a004f6

SHA256
aeb90d454153663c28b0ed2b7d8b680f5a97d3979f84f4abf3b507e60f7725c2

SHA512
7cb3f16eb3c2291061e4f962bde8d55c40e0d6c37e273e1910c2f17c431d6e1d6653c73aa50d61a5d3c952291d2800de46ab7ea1c1e1a7e21404a765ffd3f0cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f08067b6b0d51ce05cf1310587495f1acb8d01b7\924581d1-f86b-43ac-8070-ea6ca10662c5\index-dir\the-real-index~RFe588df3.TMP

Filesize
48B

MD5
986f88cbfe13aba911fbaf69fd671f8b

SHA1
28466a1ddf14dac867e7a4e48728da4ae2e39d42

SHA256
00a84dd76eee637666a558f9f68350041bfecc2cbd42d201a84b91cafbd26744

SHA512
07dac85edaa0655a06b5be166b39c654954059a1c71e13cdbfd0bbf6e37adc64b0591ce7e8a5684d9e2bdc6aff702e02b175caf56cbc022ad33f7db6b1e0a947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f08067b6b0d51ce05cf1310587495f1acb8d01b7\index.txt

Filesize
141B

MD5
75e3fb064b5543504dd43fd368c20add

SHA1
787a94bf2d665cc64c4c387b7175c98439cb14d2

SHA256
db9d792a71223f68ae9fdb5d3cbe5793dbb48d1b0b80f31bccdaae2d8e88f0c8

SHA512
9e712c930776b58a855aa4b2a9d622d0e38b2411da16c662eeafd5e65a052a2b16c7be753963376e01ce11952e7fd4de33c064c7a58dfd24fd5fd663c0a30ec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f08067b6b0d51ce05cf1310587495f1acb8d01b7\index.txt

Filesize
137B

MD5
ad63f66ffeaa56fa9d414f10600b37f6

SHA1
9e84d579f4106c553a26e4e73563de51188d00b7

SHA256
420803a8dc0196237b2e85e87ffcc2ce4008fa01f31d5d28a414ccba5019179a

SHA512
6a16dcbd6e5249e3aa8111967d8915c023115e6124c782d36734064bb428764a2f5fc5d88deefc290c754f73b60d4b13a4a451700506ecf3f96266c76fb46f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
751631ef750717e435087b801dadbecf

SHA1
f46a59c515a8c0923d2b1503b96d378df4da07d9

SHA256
d6cedb59283d42f12d78906ac6e622e879d03f9d6e6384184978f8ad967dfd0e

SHA512
cdcd34875c0572248f5ac35bb96d09838b46d577f4c850e7fcec6fa49911e54b560d95f13ff4ae1c184e95bfcf7d65bce4822577a212590c8fb66f62797d189f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586107.TMP

Filesize
48B

MD5
03fc54ac0aa9e0bf941446ab8dca56c6

SHA1
34df3f375c94801490b4ef0e63365b797498c911

SHA256
66f54d50181d0c11c99f5d3420ed778f2d2e2ee2a3c7726ad436e5ccc8cfdeee

SHA512
f27e20777a8e9e556beae5165ff42f63600e4f10d200836961354210498fb6dfa3a911025d4210d90f84a55a7792889247b0315d6296d5305e34d1aa43e6f96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88d3908ee1c05ec09a82886e4fcfc9e6

SHA1
a46d5552dc69860c2155296d5349f7a56d2075a5

SHA256
fe9b0c1024f36eaca5bf0190f6d9eb848de2290684c9e5867e00fbec54336087

SHA512
f0205b0b90d5076d6ad70afb3735623dd2f92d4faee470f36bfefe86999b9cf558b7edb79004f0bf3be7e81a5599a69c8b9dade04de56a642625c1f9f947fc67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5836ca.TMP

Filesize
1KB

MD5
c2d64e89370da96b64c63c1f7fd8eadd

SHA1
76be26e421e9e2ccfe46781c2a55852a4a6c1176

SHA256
b9402d1e4d3772eeb4328c31f741acfac6099ba79feef923699253646924fc77

SHA512
4c2491956a3b3ceb21e27bdfafd3569d93fa5ce7a44469ac39041bcfbdaa8275d4c53c092e6969a6279fac0951a894bbe04f3373b548be655c94518ee30915c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e925b30f7b35d2ef0bfd5d2e2fa339b5

SHA1
4d25ad7e641e393bc2733fe6ef841987c033704c

SHA256
598f69d2a9bd896e030774a93ba092bd6b3af591fcc8de842d933d67964b718f

SHA512
e9b8dfbac9ad3afab5e0f5fae901ee8914847ede249aed790f99579a220127c6d4d4daeb9d4ba4bf9ebdfd1ba78a81ba3a202bdc8513cce20a60f281573e7c98

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit