hxxps://bazaar[.]abuse[.]ch/download/267ce4785bf50413832611771a779f00c9c81eec65cc0ac2e8a4ff150bfbe2ec/

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bazaar.abuse.ch/download/267ce4785bf50413832611771a779f00c9c81eec65cc0ac2e8a4ff150bfbe2ec/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
4940	msedge.exe
4940	msedge.exe
4344	identity_helper.exe
4344	identity_helper.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 400	4940	msedge.exe	86
PID 4940 wrote to memory of 400	4940	msedge.exe	86
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 2412	4940	msedge.exe	87
PID 4940 wrote to memory of 5104	4940	msedge.exe	88
PID 4940 wrote to memory of 5104	4940	msedge.exe	88
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89
PID 4940 wrote to memory of 2476	4940	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bazaar.abuse.ch/download/267ce4785bf50413832611771a779f00c9c81eec65cc0ac2e8a4ff150bfbe2ec/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff129b46f8,0x7fff129b4708,0x7fff129b4718
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,765012975706814395,5768118610000013639,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1bae1f23452111342ad77090e361a910

SHA1
b82a4f5bc3b5f1f842ec530ed090bbe7c341dfc5

SHA256
4d1211f33b8486b6cddc5e02ae3742ed981cbcaf7591c358b7282ee1e1cff013

SHA512
f5a64a9ed0d43d176b4895afbc5060e80f7445ddc4b2abaad50b0ff5de8a405e72ec90846dc70cb3c9a750ddd6e2ee74da3bf9530f82dc0879d0b9923b87011f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
424d5de84ca580c7924aec4335247cfb

SHA1
1db61103753d2a7fdc2feb705a0d31971d6124ea

SHA256
79a43bdc761f18c6a92e388a0f2cd9f5d8451963892267eb6632c8034be335a0

SHA512
ef31f8fed31cbf72747b4660f2ecce7319bc8c67396fa1bc484c7b5b8f529c075c55d6c512f306fa5aff1a9413f42a61c62a3ce1b8e630b03f355a0ec8b1ed86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3866b77e23b1a2609ce92d354fef0c49

SHA1
b5c483648c6ad22c5446e1eec7cfbd41dcb29f8c

SHA256
629295718045e19d49a12e676f6d6fa8f7a2e3bf6212a579a1c179b4706a96f0

SHA512
253d46c6d75c5aea3524b89c135d462a9e1a9dc13ccc78c467876545378367dbdd5b07effc862e884f6d9897b1b2b70a383140e7e9d53e09b85a09ee320f9d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_developers.google.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
76441de3eb7132af6d0a3ec39cad73d5

SHA1
0cc369f7225b5c773ec7d64e4579c3112cf67c51

SHA256
d5a8460ba1c7cc46dfb9d6c70a343d76259f354f68d1d2a97bb05b213a0014aa

SHA512
64979b983b3b09d0063f25016bf9a50f9a10981ffe1d4e8db43834512ae46dbf07c7dbe8a2ebf09bb04b643ec9046d5219a9dfc3e72ffaae8ba36342f4261515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d3bf249ca2e7b6790d81839e1a9e6bf3

SHA1
232b4ef5397a3a9560ec3522c078cdc2d68e8681

SHA256
4ad6a3931508fb2710b4e46f0eb429d2749010406e896a8d41317eb0f1c9f6b7

SHA512
632c21fd331f30534f09b2a68f4f4d7b5e9b8e46d8522da3207faaaca5663febd7c455f622d15d22cd68256e83e5847343adfc186f2d24305b44f6a996a82960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92f77f569ef0cd5a639501320f1b43c2

SHA1
e9429e9c94489e1ce77f3d845dc8ca4bc9ebba2d

SHA256
d82a108e9fd2b4facf96fc7e0cad2b759041ac1483f1214bb95d7b9d61cce4a9

SHA512
239be8edeac885def5564a7c4c91cb230f7e2fa8f963539144a8332f789f942dedf603747899b8a566a98bc002157b3465ff4b0c695356a400c8ddb365ce39dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6fc4072dfce00c947dec4aa9e4898176

SHA1
207d76741fa51aee2f7b156cabb404b881ee6cf3

SHA256
cb1c6b63cc94a4533cd160944e40ac31b5bfe5b09135a24d08a3a681f7ad3a8e

SHA512
f7482e3d5ce250f46f2c8f93ee3f4404a35975b6ddd78627e6a472d3c23f053e2395184ff1cc5dbc20c629e4aadf760d7d60a25e5afb2e9fbc82d31d8e9fd311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\d88b8ea1-9f11-4fc6-a024-cc0e096a8b0b\index-dir\the-real-index

Filesize
1KB

MD5
ccd80beef736101eb3abe26ebfc58e64

SHA1
c24404a1205fe90d21f5d058b620ad95c0428a22

SHA256
9ab0a18ea4c12ffce7b0e73c81ddbf43ba66e02631a6f41027f1b223ebab67cb

SHA512
34508fcaa10cac8b39c1d3ad7f062243c7029468c0d7a97e8bdadf1ef54669d239ecb86c7061c9b265cfe3b02ac3131a49e4bb67d3503b3cd03c95a63fb5f8bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\d88b8ea1-9f11-4fc6-a024-cc0e096a8b0b\index-dir\the-real-index~RFe59361a.TMP

Filesize
48B

MD5
a609726f38be84b85058e449c69870ff

SHA1
b59df88af019d97ef1727bd764beef9f7394777b

SHA256
e4df7c1deb80c8572e17da3a7099e5c65e073be5055a74afdaf0c8ebad16c07f

SHA512
f9cc7879e49d99d41cf4473f4f8698e574c8a0b171423746a05cb54613c2c8af5cfeaf58c6824e2f220f04e5dd613417166a91dc8b490b29f4d50a0a9bc2896b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt

Filesize
111B

MD5
f2bb518f8ba3d0a0916c952158a4d5e4

SHA1
9a7c0058c46cb8a83505f1374736cda7ccd226ea

SHA256
8cf80fefa645d5880ebf002e16768b94ecefe83f175691cbec05686ab8b2ec83

SHA512
f82cc17a94c831767db22423f196c6ec0addea6c51cc595e10a6488afe04abe8638f4612314d811909e194e9aada5741ab6fe5949f3029051f7446bdaf2bcc1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt

Filesize
111B

MD5
a58a895d2276492b57ac15645724a245

SHA1
064c17171b281366446ee98d94acced0e7579b3f

SHA256
2b2122612a4ef342cfdc94a5a1cbda38918ae1b20cce9a0073f1778bfc15c362

SHA512
66678803d010ed6ea393e635cc5111e723b1a4e6fb79ba411b209757fd8401c9debf73270abf2f656fe8544f0c5bfebcb68ee759f237018ababb867f18d61e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7a2aa31d0c16896a413c62b75f4fef87

SHA1
64ab06d232377a6b60c92f8fd3c94bb66bb46c00

SHA256
32ef67de0f6a89a00facd751c76d690a64ca034b20424575adb915826a2424fe

SHA512
2afda236890caeaf24640519f379b6cd30f4f0cb1a3627cb65f574c10691427279a06091ec7faa46c9650d40ca75619fbf55a7466b9b094a4124435226a50125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe592fe0.TMP

Filesize
48B

MD5
a1a5542e58876b43270389223dba97c0

SHA1
1061a3158c410f4bb01b2cde30e1cd72f55abe7e

SHA256
7e681a871e37caaeb0f7ec08ba4e186ecf57d6561dbee1ae6351982a3c97ffa3

SHA512
010eef1a572719f188102fdb50cc08f56453f1ce079db4287dc90c6a232f1b6e25bed328622d6185d0782a5b1e7cf014b83833b5b650041bd9ba7722d992c2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2448c48fb40ce4e955badabd505b7a1b

SHA1
eb97b53afe2ba5696d6072a47c7df76b60aae00b

SHA256
06d71fabac40a52886b4be91e1cee84bcf036833ff7da5df0a2f172edc5e7d6f

SHA512
08464df7202b25a386907961616c5760202485ea199fcc6d11f5108a8830cbb0c2adc21df7213930e4275e5c3fcb85c6ae886e647a75fc586bfa990db17866d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5904d8.TMP

Filesize
370B

MD5
539d727dc0797c6dd8afe8c6558ee70f

SHA1
5ebd9afb1749ba9be5b3d6cb0da826c5e71fa4a9

SHA256
b13f76bc382ec1cc19fdc71e47073c019d7d6f9ced620654ccebe1740ffb1df2

SHA512
7b9b93037804a3b88cd12f534e84bd0701fbe2b1a3a8c24f50b52491d9b08841c5d77d79198593be77408fef8f91878ef676faacb05e8d5ea1baaa8298367aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6f70aee256cf14bdb68f9f058354b99d

SHA1
ec5cfdbcbcffb1218fb05904a86e827083688a3b

SHA256
1f33019c241dfba7e30e9877c460ed41799dcd0762d63fe93263c58dfab80aab

SHA512
1fb17382649b96bc9389f7a69a5cd5b07414d9c7754806ef2d2a21918babced9b3bb12e292ef951c1641553c7e9bf150754692a403f7b78ba6afe3b3c19a30da

Download Submit