hxxps://www[.]researchgate[.]net/publication/372694587_On_the_Asymmetry_in_Photo-Induced_Motion_of_Graphene-Oxide_Paper

Analysis

max time kernel
381s
max time network
388s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 20:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.researchgate.net/publication/372694587_On_the_Asymmetry_in_Photo-Induced_Motion_of_Graphene-Oxide_Paper

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
4276	msedge.exe
4276	msedge.exe
728	identity_helper.exe
728	identity_helper.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4276 wrote to memory of 2808	4276	msedge.exe	86
PID 4276 wrote to memory of 2808	4276	msedge.exe	86
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 4064	4276	msedge.exe	87
PID 4276 wrote to memory of 3096	4276	msedge.exe	88
PID 4276 wrote to memory of 3096	4276	msedge.exe	88
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89
PID 4276 wrote to memory of 3804	4276	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.researchgate.net/publication/372694587_On_the_Asymmetry_in_Photo-Induced_Motion_of_Graphene-Oxide_Paper
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd06d346f8,0x7ffd06d34708,0x7ffd06d34718
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10459202175060617583,8455788436150181031,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10459202175060617583,8455788436150181031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10459202175060617583,8455788436150181031,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10459202175060617583,8455788436150181031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10459202175060617583,8455788436150181031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10459202175060617583,8455788436150181031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10459202175060617583,8455788436150181031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10459202175060617583,8455788436150181031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10459202175060617583,8455788436150181031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10459202175060617583,8455788436150181031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10459202175060617583,8455788436150181031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10459202175060617583,8455788436150181031,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7cc50779-9972-4d72-9f25-617b79907d24.tmp

Filesize
6KB

MD5
340c5a0ed1c69228cdae487d184d29e1

SHA1
516c3e764d97bb5dd8790b0ada5e3430189ec9eb

SHA256
64a16349ab1ae80ab7bfc16c22efc459763a5962a82294bcfe5aac850f2bad10

SHA512
63f69a4ec32cf6ddba39603f55f699ca25697fedae2d816289ff275b7950aa4e57afe8f376c426bac305975bef8c1f95ea837fad9a93709d9232da494eace923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
389405efc2f1cf6982d7fb23d9574b31

SHA1
467d713bf33ce5800a63fd7e99ebb994fce26873

SHA256
7b07424914e98495836c7aa289288176685a1dffdace26a6186957ccd186a210

SHA512
9e43cbf74c4aef4b79a669d36f1898524de752f91a81c0dcd5cc7a4d0768aa2e892bac6bafe8ec2da547179c9f3270070a43f429c36a537898ecf2a5251680e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
24d8ddc79a23b94c6e6c9c13696b6a41

SHA1
8be603aa85243ad80da4c3b877bd5388be8a0135

SHA256
6c58883d819106040a4e2aa74012c3d3a3822e4a093258894fda41df7151d779

SHA512
514518d732d54fe4b022b207ab1269e217ed308467c83efd6bac37ce186a4e2d2bf81251822d7bb6fae334570dcb1cab9c3f0649154a8c079a29003fa0f5d050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c3b9f75a253cfeb6ba7e6d62e147cd6f

SHA1
9ce33ab114daf1aedc678da5e9dd03e319a09947

SHA256
04c54665d15c4d0a0fea907b630f711542ebb49b46115544cff676ac91a18588

SHA512
94befa473815cb51516f325d43f75efacc1f6988b4281481c6a61d5a444ef571f2bbe963eb045132be03a11de265d0511949686995533153cab5e1e63d64aed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
89c357954e6723c7ebe0bc96f576a648

SHA1
d3fd5e04355db182d209dcf3ad96f638b96ccc49

SHA256
692a527ffab0b489f00d5b46eff4ed487a820778bab5a1c63906daa75648810a

SHA512
e62f28a3f971a09804c42fd73d0345cb6a560dcbf991f343b35abf0fcfe989c38d1796104446a41e2f426a60af5509c00c1e89588802b2123ce2e2992f6a4188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ec210e28576ba779021cb2748e0564b3

SHA1
2f5696262cf08ef8b71f82fe9b8b8ea19f0fab11

SHA256
0a5ba34770936818e002bde704fca2e7b0b11f5d1be6b032faf5dc17a6f95b00

SHA512
aeb03fe433a84d97881855a3e176e73f36180773a0b70175f93992e58e2b22790499e451920bff85aedf92851286a31dc19dc59d4ce0c40e68aaf2f4542ae05a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c0e53c5436af413d274af0a733388304

SHA1
e941487807d6429895f74c5c540f1c9672f636ba

SHA256
7e71a49821d94363ecb5aaa13987a51a6f3e8a6a0a619a06aee1510513a717cc

SHA512
34f019aee3383db2b672324730095d21f3bf4df0d588dd4c7a7297a65f5e88f8da05a042942c0430df3617a2900bebf54b71eff432b2890fc1f38191e4dc4937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f1b8225737159d13a6a24b2d048af3a1

SHA1
4fdd8df99aaf39c45f3674241966d251494f75d7

SHA256
bd385d5e8639ffbc75ead05c421771e0616cf6f3b7c33a29aa87f9f4f288d9d5

SHA512
10d77a6c586c3871b38c95713f41a1e93f5f1b3a379a371a86e7d31318d0bd128abecb4d20625b52937cf045826d80e5ce644a184b8d2a1cf1564c15c7f6bee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c960fa7fd89756514fbe0c7d8daf1ac4

SHA1
3f269d79aeae67e495be5763fb83ba5a7cedb89f

SHA256
ec04f8d84d01a24630279300c0783709d37a321c06a7b714d6949e8084ca2047

SHA512
43c57a9f44666be0d98f8d32294a4133e3de6d1623fdb562eb7ecc6e3b3d7b56c6dbc0219c5ca4f33112823bcb9764f7e16e69a68fcec334a14447918490b6cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6f5293522ff592d81974023e13d65224

SHA1
2533d433e397f845f701f9a81c626f309fcaf68e

SHA256
6f2170e89b37220ac57022bdcac484f58eef27c260c2e132dae46939b41cdad3

SHA512
65ba964151bbeb216400456c62011941174da1abb9350d47ca0a0fa8f84005409cdd639cbdf92a8f83f8f69a27744b8e684f51d53385888292a7253baec54bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578e46.TMP

Filesize
48B

MD5
3efed46461350f059e65ea73a8b4b9e0

SHA1
4a8d012d8d36f53f4e5fbbb5705205c2f8deda45

SHA256
020b7aea5fbc32eb7a6a98059d5f4aa2f1e8ddc63e3d4dca13b1de6f433c5b11

SHA512
13164ee270cc8d43cb171342fa6894a99f855eebe4bfaf5fcbeaf49077463013c16ab5a6abec8a4ad965bfc6b34f03f2e01789bdea6db4b1ee969a5d15e22aec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b50b8a4c36ad3f7f92b7b985b588b3b6

SHA1
43b00487df07d6925a0e840eef21833f7195d9bf

SHA256
46e4299ab92767518ab5efbdeb1eed22cced8a08360fd60514f2c320bbaa23c8

SHA512
c6b766857255339af994953a822902e26c59a0297f6b2e8cede44cf89c5c0b33584f82dfa5daaecfab244ca9de5c94f169e0a10136173f8a1f1cf8da58558936

Download Submit