b0a3667e04342b4f734e2f64b4112b71f7c44793623e22b730f762c8266a1bd3

Analysis

max time kernel
146s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wizard.of.Legend.v1.23.4A/IGG-GAMES.COM.url
Size

196B
MD5

882e17d630d74b64a8176e38e2fadf7f
SHA1

d6652d568db451c03b73eede688e0124e2d54ebf
SHA256

6d905d76e7d807c5831231d791f2510160dd56018ae423a037e7ac88fd19412f
SHA512

2baac743dabdbf133583c4d500699673e0bb2b2ade89f0a660eb17bfb440f1d74814ade3b82eb07d776f6a7c1b1975f25c6c1c500edc589897bc304a9c9fb3b0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe
4696	msedge.exe
4696	msedge.exe
3240	identity_helper.exe
3240	identity_helper.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 4696	688	rundll32.exe	88
PID 688 wrote to memory of 4696	688	rundll32.exe	88
PID 4696 wrote to memory of 4568	4696	msedge.exe	90
PID 4696 wrote to memory of 4568	4696	msedge.exe	90
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 4472	4696	msedge.exe	91
PID 4696 wrote to memory of 1720	4696	msedge.exe	92
PID 4696 wrote to memory of 1720	4696	msedge.exe	92
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93
PID 4696 wrote to memory of 1316	4696	msedge.exe	93

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Wizard.of.Legend.v1.23.4A\IGG-GAMES.COM.url
1⤵
- Suspicious use of WriteProcessMemory
PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://igg-games.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff3e7246f8,0x7fff3e724708,0x7fff3e724718
    3⤵
    PID:4568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
    3⤵
    PID:4472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
    3⤵
    PID:1316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:2112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:2924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1912 /prefetch:1
    3⤵
    PID:1652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
    3⤵
    PID:3964
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
    3⤵
    PID:4460
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
    3⤵
    PID:4776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
    3⤵
    PID:4328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
    3⤵
    PID:3044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
    3⤵
    PID:1960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
    3⤵
    PID:5464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
    3⤵
    PID:5472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5201008055350857251,1952501038993081486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5892 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
c2e3757b3b44ac6ecc4f257550d31343

SHA1
1a78504a3cb0a87802525d5d706060f30c3e677a

SHA256
1d7be13c514f33b6413cfce8bd9429e9e6175179287a9bdcd3d71f9e8c8c993c

SHA512
4718cb00912dca83db8b026af23c2395074e1f36fcfccffefeee7f789fe9d9f358d698d15a4174ce31711931f352830d92a93c3a5ceb20362f3a2e251ca9c594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6ae0ce4337bda25fef6fe1a2a345f55d

SHA1
11503c27d66e6306d1dea8634d60a186b037de2f

SHA256
3e5195ffaa479086f56af2dd8519543e61a5bd0003b16e07093a356c7b1f4689

SHA512
d5709f813078443fdbbf554d23c47411d9d2b4add48051ba67809a545a5b3508ec39390517f1f2b5ad42918cb6d53072ee911cfa15ad76b5e3e932e4d31f995f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
016007ca11fbdea0a0bb772b90749bfe

SHA1
8e9e4f8a51f62c47398112b2f510a9014c75071b

SHA256
4dd28f132321b9f5aae31ad3e4a0518ebffd7fa51c495f36654c131328f22de3

SHA512
2a86f5159296febb23250439b0abfe06b9dc32902762a5e10fd4c792520ea2a516d75d37b70c135dfeba228e348049daf4b8fd0f6a853b6fdfc99f2776b170ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5fee61473fdb825b25fa45aea980ee1a

SHA1
b55aedb9de89aaf2898259ef080a676e27e091c9

SHA256
f3c92d1629b1cb07a1eb14c5f55c338b6d1adf530b65bae4e20774aa6f5897ac

SHA512
b4c6c6067153814a0b7b25620a56fd560baeb93657399d67d44cab8e9d27c0af0b5776c5bb0d9247fcf8d77d3887f75c0b53c631201309270140ef032eff6013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9b5ef37af8830ccfc87ba39e6b330a2

SHA1
45ba655b642db1a00e8ff4207854df47b1580a37

SHA256
cf28efcb3d1a1cf0dbac615a915c1573622ad225262e05621fe5a6dcef7545af

SHA512
607d7d330202b43f90d6fff59b05abdfc491ea207d2b0a9c0dfe64c64008de210694ed115c6bcc777e218a275d5b62315d8b23c0e4122c2353715226ae8f5be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
389265f6892c9f635e5e2040bc38242f

SHA1
39c82b9be0b47c12eaa9b829e962b16e7fa88427

SHA256
0119573cf0e4e654db07e044f711083d084ba03cebcdf4d993fefdd2f9f2a5a3

SHA512
42b637b32cee1b6c1927cdd894340d6e57465a0d0646728fe4e995f4704342750297ecaaffec53bbaa9c433337c127b1b31072beabedcc45af81b5b12ce14a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5859b4.TMP

Filesize
48B

MD5
36b414cd0af444410e7c01103fcf1a6f

SHA1
b155be6e32fa9958ddd22fe7d297b51eb7223fcb

SHA256
278851bf7035232559d9f978af32555fcc31ea27bcd5f71e1c4b63225bfa2c2e

SHA512
6b56385fb3509b7e9fcfa40d458af6e6272a8110e48606c5513c3c7102e13ccf3df24b24ad8e3376e764f00c8acb35304c3e96ac95d528b57f2599088df3a83d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
866B

MD5
f5a57818ae284f145c7d92580e7aa765

SHA1
40a6f5aa0216546409b613fd07c3a2f63c6a3740

SHA256
aa41d59f22e471fecfd25d354f8567b988ba0d97932b0b47f19771bac7b6274a

SHA512
df6bad17efaf16b09f6af14cddbbcaecddd11ccf838ab541ae14f0512d9213fbe24c34d30290c0ade513707a451253c86e15ea03b023d7f8f30753781e3da089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58197e.TMP

Filesize
203B

MD5
45dd0192a86f2579eb14b5c955994f85

SHA1
126945525db67614e8f5aca20c25df12446b937e

SHA256
8af9da86cb139f6de8f63d6ea65adadc5e5a7ed62cbd63085683770e3b668b46

SHA512
4bdfbd20447b8ac24bea1b0d66a6d18f1767b7f307cffa10dfe3baf43f38a57a54fad9a4270dda0bcb615d720bd6918c29b6e89ae9288b94b9b40e3811b380e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9b061a6777e368b7b07a089798cdb151

SHA1
c11a002273e4533d486e303c629ae28d321dbb0c

SHA256
b0434c5e83bff5ee8358c09ef61ac45e0aa7c6aaea6f1ddcf3bf99a18f230066

SHA512
842b4102ccb190fab8bbd12ef0cb5f7ccbd2c98f3e6edbd17d127460709739eeeb303f237051a4767a4eb67b9b58b33344efbd7f9c331b24bea6119c185e05f2

Download Submit