hxxps://www[.]taskade[.]com/d/mYkMreBgdVJnR2YT?share=view&view=1t85ogP6oqVx6DVC&as=list

Analysis

max time kernel
148s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 20:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.taskade.com/d/mYkMreBgdVJnR2YT?share=view&view=1t85ogP6oqVx6DVC&as=list

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
3176	msedge.exe
3176	msedge.exe
1972	identity_helper.exe
1972	identity_helper.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 4776	3176	msedge.exe	82
PID 3176 wrote to memory of 4776	3176	msedge.exe	82
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 2676	3176	msedge.exe	83
PID 3176 wrote to memory of 3580	3176	msedge.exe	84
PID 3176 wrote to memory of 3580	3176	msedge.exe	84
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85
PID 3176 wrote to memory of 2620	3176	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.taskade.com/d/mYkMreBgdVJnR2YT?share=view&view=1t85ogP6oqVx6DVC&as=list
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe38f446f8,0x7ffe38f44708,0x7ffe38f44718
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,13846458807844334796,18001323442178477501,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4588 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
17KB

MD5
952ec9075d757b709ea4469379e28f9f

SHA1
c2a96e00b1e7e92ddc80b44e08f4a5c6d693266a

SHA256
491a8db58567aef33f3faf9a632059f5fcb915f9ed41dbeef23a9f41eb111f6d

SHA512
4a33cc2a4b8dbf0ba294b769c1ad83a1903c1a151bdd691dc54e094594c90f64198b50b1a2270b3ad79e93e94c9856ff24998c79b4cca84a65439f1b2028fed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
24KB

MD5
bfe899d5100d5084b30748cc9d389a4a

SHA1
6ffecd302fc9a761f01266c234eba171968c2553

SHA256
f491e31bbdbad29456d5a8125f1be3bccdae56329c26d79ff63b8c32a99703c1

SHA512
d7ac825311abb4967a3eb044c044bf5ebb78f4fc267f9eac92b63825e67d9c903c1abaee4e787f96e26f4d31cff3461e8bd83c2b1fafd9f71ff441cc0febac11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
24KB

MD5
9c700e17e974d4ab2dfde82f6451dbbb

SHA1
d5b85e82e10c2d96b36316670c76b8a0112bf246

SHA256
3ec0462dbcae8561ca0465558845da248d434dc6205cbde99c47ae3be2ac99c0

SHA512
1428b7401d281ad3d635eb007e45b6e5798be6b029f270874af2312627c496407ec7440df4a3028f3cd6c1ec587b0805425ae5de4bcb04b90d942145e26966fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
103KB

MD5
f627415b94dba1804638c9a6ea9efa99

SHA1
ca2ba17ef65b4fc215398da21af3196b85ac0857

SHA256
53b0b6fc5b976c91b6c96a0e81c4517c9a81bb572d87000c7f0cb9c25c688e52

SHA512
9a1d68d222b5d3c30b2c3dc134ac0fb0c8b10df2df09d0a15d561e66d4bce5691bdbee09cc6a8f730ba7814d80281cbfb26f32b8e9bc318ca05342baa5596f0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
1.8MB

MD5
5e9a386193a3da0b6ddbd74c4c9b1938

SHA1
5b5166991c2db064a81ce399ef11a87c9cf2b3ca

SHA256
279fd2f3ba013333c14cd32ffb878c9bfa2da8763001ee066a3e09db074f338b

SHA512
7dccbdfed270540a632cfdcdaa7e4fd4ca052935c1c5737c93ab80019ca4236128c60c75b579b944652f68d26a0e37c060d232f79896f396b1619859e31e44d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
27KB

MD5
e0b74824781135d750bba411011f08c2

SHA1
bd1f0541511bb2b999179aa183672dd5fe4adda8

SHA256
11f99626d45c7d0655c8339f107e1998e76f6d562be5287b2270744bd5e25139

SHA512
a6e1f4b309ff2e5b2cb304a6b4736f7eb07e27363c40e5aea6d0e747ccf411aa0101d931486aae4cc05b53642c2df4e0ceccb487f6ff8a1da78a231c347e75c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
a667cf4171b0b9379f2406f9a682a615

SHA1
65795c42523146cdd27ce1405c508e91b528ffea

SHA256
b9d938bd62f324178e0521a55a799fd342736ca387bfa82df33e4d162ccf4c43

SHA512
277f64013f6cc01de65ebc28cca7bafed82ddd21f2c1bf5e0ce4a99e42e825f19e1a2928320f64c603ed8cd1b1bc002cc1bcdd3435fdfcbfbd50fabb9ad79be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
89329f40ef3ef33df9b57d7b459a8886

SHA1
30f59da979946cb2e5ea89041babe67be4fc60b8

SHA256
1d7ce0e226cf07e757f7799f54142c3058eb4137302b7536771276f374a50bbc

SHA512
a5a150ae3dca12e02bedb8d489cf7373dbd3501b68f50ab92ab15eed501b88c885585b3b0183267a594a01d9fb328eef51930214b929771bbd9f340724818c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b75c2638f607dd72b5c91b5ca84c4dae

SHA1
0479e4518b400f0cd8b0f30756fe6a546832e689

SHA256
b1b0264f234b0b5bf5d08963c8333156cbd22c2eb859c897f3c2da8401800c5a

SHA512
408cd376d2212ea4128fe48432a45bcbfbb0689f19ff1dcf9b9ae9456a06382db4b9d13bf3cc36f3ae06352ea053192b4416a68bdb5d9a9f38790ad573f1f730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f18d6c702bd25745abf8bb37fb2e898b

SHA1
13bd839be66cbcc5a2bf3cf8d3f50d81bbaecb4c

SHA256
5710ed3571a97890632878aeab160c81808e20c380bc5428ed80eff0dae83e99

SHA512
f5e12b6dc5e31716bf342045e391cfff6585e96f7ab6bf08102b36891a18b39d81904d1c6e6b7509869a981368b640062115cdfe61d404d1422f7d44559c1b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ee3051e887f32ff21ede57e69ce980b7

SHA1
dcf067463dc9daf9824c9b57b2bc9a80ac114ca0

SHA256
b54bcf7f8a545b20ba49467575a7dbd8abcd2d7e3e5989b612e68115e50cdee1

SHA512
1535cc348d0133ba217962d557c2f69bf747f832a84ec61c7614adb9aa654c407395eadf4ef7b9f1f0a1161b8bb9d76059c9a68bbdf68fcc74d3e5490396f84d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b09babe19cd122b5da885a887770515

SHA1
953e7f9c285ecfc8477091ed37bb14bf806cf28d

SHA256
91cbbc87b19dcb9fcd6f938780bd32b382f9e54bb6225a36afa7ebc338c05314

SHA512
9416ca378c223845832007fc23a0a65d41443327b71993287f328730cfee650862ed5b485955a22735436d24f1db36f43032953a52bf5315fa9e6e634fd96d49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56f6daadf1094f22c49814bd291563bb

SHA1
634ea38b26a6811f7f8b28502a551868c3306c42

SHA256
9aced6259387d0c4e7e4e748f6e519eca9307caead9c193bb46713fe5f6ccfcf

SHA512
4887c7cf3edd01f66a3b0c7e9a413776f4b87a061c6a45a59967e1b11e719385d9401ee9c3e755007361dab5ff2bffddaed950685c23e2bd9b90c6c2581c7f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9b8823d567a932e1bae2479e9632e35

SHA1
733bd34040530e017ee29d2c8fed5278a7f795ee

SHA256
767d185f9d489a628ebf009ddf9b5b9d819854c80a61cd71d59a9f1d8184ca71

SHA512
389079f1f344f3ea203486ed6940617f85a117ae4fd3ddfc17c983fe21e537d6d247ab65bff6b312aab080838440ba594c73c6c17a58975ff7cf37417e895400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
337514c9fc2ce1e2abaab35f327e4300

SHA1
c84fda0ce4d7ba2fe30f145b4cb9381dc65e773f

SHA256
420170065a7644ea106f8975b47452688420dfe9fc7ce7110a0353200de943c4

SHA512
6323cab9b6324a43c09d1b61c24a8f0f6e9f3446d44544c41e137651fa5beefc728a41c931ed904e965e61cda232abf7a4ca3a5d7255005dd59a9d6fa7ce00d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0add6ecc121259bdfb63bb2ee5f712df

SHA1
de61966761d6c3414cbde0a4a6c88e253aa76c91

SHA256
0f393d757666a828cd3dad68ff72b60a181c26e45b48e34bb0f650399a96dea3

SHA512
6b799c6402016a0f12d313c4b1f44a1e3368213e79318e1afdfde507d03e706bd9e2e1b1763631ebcb3bf310efeea623f54752a598c82fd255d9543c0331c5fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586126.TMP

Filesize
872B

MD5
b4294d88cc311c09245a5eb6a22c7e32

SHA1
e3ae23726a5dccd6d0901547369078b9f9a5bf7d

SHA256
3cd545ff4629a6492f46272d8f7dc4d9ba459e7baae14813c93c50fb5aede555

SHA512
c020535e94c9e6a1c340d6cd5bca767761a1b31c96781969a67cbdb31e7cea6a6b165c0d784975e6e827a58f9a6bf37fee9339ca98a58378396621e95dbe82ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c0e8c555-ca7f-43a8-b2e1-1ac227366bf4.tmp

Filesize
1KB

MD5
27856c7270ef448111ade99e1dd35e76

SHA1
d08b0d129f4eab3fa637d8f224790f656063b897

SHA256
059679e602f5b16057bfb3281ee04971e62764746b88db3f4e906b639915b01f

SHA512
896989711f90e83570c1b21095aca2dc9fc5195d5940dc351736a869f1c60e6a7eebfeec6d49d9ecfe70d8fcfb3ea26bbce03710ca925a2a0516cc148d03d931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c683c9b5f94f2f03a4d3aad0d26ff13d

SHA1
5a4e3bf0d104a77d43b4f695bb9f5699b849e337

SHA256
84aa78198fcc9013722567a8ded76d05e159f491ba676cacbe6fd175f0f8611f

SHA512
09d88bf89c1893c1bee15327279b474c8f89f313c4608016b49c8160f20b1ed57e2e194f05896cccf3bebf4710d8a6fb1b3bc7c9cf76cd1db66c3d1af33104b4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a526f459b7878aad5efabf79fc16a739

SHA1
92ae10ff3f8c6053974b9ea9478e3f087027fc3d

SHA256
4db13144e3b7d20a045f12b86eecdfb897ab94790cd0bfae43ab8ce8e6ddd402

SHA512
34f5fe622e69dfbb763798a35f05fe7a33df103eae9c0618b6db6504e88c54665459a5bb32721f062190d049dc0c44de048b8c385476bdd513fb8d51901f6d91

Download Submit