hxxps://replit[.]com/@RishabJain2/generation-calculations?v=1#index[.]js

Resubmissions

19-04-2024 16:07

240419-tkwqtagf54 7

19-04-2024 15:55

240419-tcykfahc6x 1

Analysis

max time kernel
102s
max time network
105s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
19-04-2024 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://replit.com/@RishabJain2/generation-calculations?v=1#index.js

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2104 msedge.exe
2104 msedge.exe
4296 msedge.exe
4296 msedge.exe
3556 identity_helper.exe
3556 identity_helper.exe
804 msedge.exe
804 msedge.exe

pid	process
2104	msedge.exe
2104	msedge.exe
4296	msedge.exe
4296	msedge.exe
3556	identity_helper.exe
3556	identity_helper.exe
804	msedge.exe
804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4296 wrote to memory of 1548	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1548	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4844	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 2104	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 2104	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 3308	4296	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://replit.com/@RishabJain2/generation-calculations?v=1#index.js
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff94dc63cb8,0x7ff94dc63cc8,0x7ff94dc63cd8
2⤵
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
2⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
2⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:1028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
2⤵
PID:1032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
2⤵
PID:1708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
2⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
2⤵
PID:428

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6852 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
2⤵
PID:5240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
2⤵
PID:5248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
2⤵
PID:5492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
2⤵
PID:5500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1872,3245571692443356647,2752957542584750636,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6028 /prefetch:8
2⤵
PID:5908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f1a9c7fa806c60a3c2ed8a7829b1461f

SHA1
376cafc1b1b6b2a70cd56455124554c21b25c683

SHA256
1eb39b1409ce78188c133089bf3660393ac043b5baade7ff322df5a0ca95380b

SHA512
e1cb2f84b5cbd86b107c0a9ec0356ab65a54c91208f9f8e83fec64bf17ae89356a09b0cd39d2726424f4041d7b25b962c23672b8645c2e10f11ff4d2075f4afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f3f6e86c8b7bdc605f5559df800bfd34

SHA1
862d05bfba760ae8adcbb509216dc18ead59a6b2

SHA256
5dfe9be21d4916615025055f1a70151362bdb404b40f074685e39b33ad545a78

SHA512
de576ebf0cbe1c5e7639c42517253796cf4b5770298271ac2e6958404998f2d6b8e3378a535f2f316f4020fd8e60b5cc9c1b6b5171d307ca3215afe8ac47a7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
70eceb97c5174206aaf6ceba72d4ce33

SHA1
a735664a025dad3a188c1c2e68d23bb57fc284fc

SHA256
cfbea714e3f4d6e4ecb3e048851d787f11dcdb5fad9d33e0d73cfe93c1042251

SHA512
c684620d07e9a1f7a1893936666a462205f52398fd047371dc9243ef12697b37e2cd5f8146355907960fff2bab73a1a31bbf05aaa89ded3b45f5bc0648af5063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
fcfb1256713b71cc444949bd39c513fa

SHA1
18b957ce401bc16a4d21f2afa9cd5b27dfddf323

SHA256
f346ece78975d57fcb2dfc85cfd13469f352ebec37c273a0ad1c0c46eaa25ade

SHA512
05e22b1489d96d280cd6cfb393e1f905fa17d8b0039275fc54a88a1957571ddce36cad5bdaeab2bb84c8b4d824551b12dc83a14d59e327030dc6369ff9f773b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
a719c6b212c3405256a9f8f5fe31a3dd

SHA1
d1ba5a856d1f0a23962046de8e053c1b8313d510

SHA256
5814a3a27a1d73c8ab0522dd1e79fedec90168339ee2b8b390202170a712107a

SHA512
72b0fa185c509b17d6858752700eb9717e9d32403b8075979d1d57ef660a2d8fe2eca8f57616f6d19191cdf9f0b19673a6febd5195e63c235d83d872d6c7741d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
662c171e9e0e80fb2cbb7bc65c20af30

SHA1
9473c754af23576b206672c012fb384d81f15b5a

SHA256
02a400816e86bb0f0de29a184455eacbd939999a4210946ae39969164d1413c8

SHA512
7c1adc4e0f08460006babf969f6058c690fb8a1a39b4000ed888a03bb844bd6f3c3d8874e61e6d8d98273df31a888fdebb400039e2c326eb58f392b76c5ba1f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
e181f21d5dc59a01d54ac009c248cce4

SHA1
5acec73039d0ab32622202e3da54ebb7706ef593

SHA256
1c1783798b62e1408feda5e98b5cae6c073844261faed90fa11518b411078854

SHA512
cf58a28f35aa119b75f31ecf0c394a51c8ad32f8d27a831311c883d34c2dde682b467629d7ed200e5348fd3384988afb02a48b6d93e975a6bd5eadb22f639b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
b64eadffca8a35384037778b94455bc2

SHA1
2bb7cf666cf582f77aaff91fbd5a860209f4853a

SHA256
1084183cfe0ccf7ea0da4d8db22c776260b5dc2cd8b76a682ac4a4d04fea277d

SHA512
3c69018b76f1ec3c3c8049a6f0ee7fec4bb4c84add8594b3277be9ecef823a54af4e2aa5add580488a1d5eae815359f274a4afafb9ad0473529411c1e4b0ae70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6be27f9a76aaa1276561654ec81a8078

SHA1
b8b90f6c498b3bffd5648cd1619330cfbba83656

SHA256
e8b62886ec2e83b4515ddc91aff52caba29b9cd9a39a3f6c801103776c9cbbd3

SHA512
e39febb3e744054786f05606174b4e348d53f71bcc68e844cae1ccf1a065b4ecb54a9f587396bc6c8443515530687e6ebe75b893b425df5e3879afc84f6e4fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\475ef719-cfae-416e-94a1-99a32080601d\index-dir\the-real-index
Filesize
72B

MD5
02af23b7c05ed79ce34e74ec803ba3b0

SHA1
1800ae6605f31ebc7eb50219f7dd8914f62f1787

SHA256
580cb6c38fd516fbbba082ecec08833ba4604f33fe0647a83f63ad79927f7170

SHA512
000672217f24300ec000b1b7260bed8c70f6501963226716e83aae1d3df055b92e1ca79b6e763aa744c2d77a5363ba78e6e999420b7aadc5e3b114d88f390af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\475ef719-cfae-416e-94a1-99a32080601d\index-dir\the-real-index~RFe57e7d0.TMP
Filesize
48B

MD5
ed4316166d62acafd507d0cc2ee92572

SHA1
99a503835293aeec435b2a35973b83fb38a10bbf

SHA256
2a416c62bfdc14b41042cfd28394498a67caef9d3b17fb6dd9e65028cc94f53e

SHA512
e45f5aa8c0209dfedf7c2232a44cd12114cc6ec5290fed237cf5b9919d6da64343589acb4477be26ff26924fe484058626e78d6c51c509086e429fc01e738d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\index.txt
Filesize
83B

MD5
2960ad7adf78d38498ad1b4d8be4c24c

SHA1
c25a2450400b959d2e5946b9cab679ba8d76dd15

SHA256
8e80ac9146be80acdd296134258b667bef231338da0039a7839dd535a226417d

SHA512
ca2b36efe441e6448da28d24925a330c6049882791c1395c72c4a19f348ae866807b51dde7a20507bcfb6d9beb1556cbe871b30312c14f8592fe0be869931e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\index.txt
Filesize
77B

MD5
e0594ddb94a351d13dfe416d90971c37

SHA1
901a3b6b1807f99e7785448e42d859257fd3d653

SHA256
02736981737eb9b070d8f81465160d6839ca8dcaa12f36e8352fa6688b104946

SHA512
73d708fa4b66b10db5ba870fffda10cf4b0eca072edfcfe4cc7d597072c466ff1af29b200c7650ffa52616fcf5e967b6222b43e278b3935a29436223d68a2978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
e70a3b20a384fc2eb4173fa895dd1382

SHA1
39b33973733a53be3137d4256c744378c9f6fd83

SHA256
d36ada1e2e32bf3ebc33262cdf340ab9a5cd4460c91615a18b570f06665e039a

SHA512
0eb44b9499001c029a97cc76bec12c41799920754a88daa162475965ec178df0db49c9aed35f2cb1d01033bd521cc27281fd2ccfd8a7a163563466e057d0e9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e649.TMP
Filesize
48B

MD5
0ad84b4ddfdcaa8bbf08dfd4c30a1454

SHA1
45d0fd41391e2f0159b7fc5445658e787cfe91a9

SHA256
e43f053148542dccc072d6687dbdf423f5492c4533bd2623dbb3d49e73f0a39d

SHA512
3334893175d1358ae4dee3593021d827adcef2b4c9f52e206278915b8fcac58dfe99f0c0d9ccf8e4e371ee9b0eae7e5e24c89309d6165618d341052dfd467e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
5a19fac193721332844a313b22def516

SHA1
893db1c08f3e748bd1463afb4bbf25e167b3180a

SHA256
b493ac32a501f484f9cd453c64c1c9aabb5da6eb8699031c93abb5d60df361e6

SHA512
f3c97488a1a541c57157083b34c89cac7356aa61edefe81e6023d1e122cff5fd7667fd686fa8919e38d837b60f562a3287f4a82c033b2be30dd018d4ed6a41d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
376bbac074bfe0e08da9d4d17188cde3

SHA1
bce4c282e09e2ca28d4b002255a2f4b18a25dea5

SHA256
212c931eb4a442367a0525e350621936f364ebf63fe3417d3369f5324fece6cf

SHA512
5a9a7a65ff3d05b97ac4ca64105d0ba8002980ead9f95b14e47d4210f7bb6dc66a73de60443c23b8cdf2cb883760dedca3feadd3559c2a59d1f9bfb728bd2291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
ce95c347d974ff62985b44383c04139f

SHA1
cc2f167ecc8f89588a7a03483907048385c7f6e6

SHA256
960029c11a62eacb8fc3c9f6bd298bb68d01c843fae433ec9a99e95d499f2b92

SHA512
5a9e20461bd7db8a115be147fe6af467b3c817573e3a79d5d34ce8f64a18a13c4a4355f2513e0ba783e6dee3e333d668828a3bac780e97338b5f81d3f1cf58ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d169.TMP
Filesize
2KB

MD5
8cddc47596d1273ebc3a7434be3591ea

SHA1
3b496ae800fcf4517eb80987b230cb93eb0c4256

SHA256
599c5bd359d4dd245f91538fa689554a773f6aaa8b2e2d3cfe24e11ce36e5a11

SHA512
57b3374b4bd1d1ff10727b31ef758b3fd2e121c5e77a717b835042a60483ef3aae697ade996716356c8aaeaaffe9245321157fb45cd1592af4732a91d5bc538c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
b7bf9b6e6ba8cf8ff5bcee6890c203a0

SHA1
0d243112bb61ec8b9f1bec16dbb84767eb93741c

SHA256
eb2956b2e9cc75beef7db96d5855a52e5b97947c297301ac206be14debdb5ba8

SHA512
64156baa2da2352be256764f33bb935521cf3a44d23c4e35d59ec9ba46642b9ed8c929dbbcc4d0bdb3385f84b18e2d9a7622358173df89789f7b2b31890825e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
0d849dbe5a0598b56d8fbc45b18c7653

SHA1
30413ee1f617492a8201c747b4fd3f966628c07b

SHA256
05ee425ca0286fe7d064d8d088172b63879d967de401268086a457e7522e4eca

SHA512
a445ac596641b09f3583dd5f233f733537d637c0b2689cfa38df262a91bd8c55199e1555f1e41b837c9542308b6d2d9a89e2b097483c1b14aa238b65eac2e44c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
47fa6c20c762591e7d504ec116bddf7c

SHA1
1195bda17460653f6d1f2a189a10cd628dffaf3e

SHA256
73fcfc7869ceb08215ccb14faa2310fc842623823e0cc907e36389a46e8917ca

SHA512
207037e24b5c10214c29ae4b7bb3844d82d06e07e7d6c51f46cf13f4de84e44a5231412d741f46115dcace50702d2317b01faf2a31a720b5fa23accba9155ab8

Download Submit
\??\pipe\LOCAL\crashpad_4296_LUMIXSYHECQWDFEM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit