9beee0269b99a1c4f088410ec6d03653d9b8d8887732680622b6b6f6887a409c

Analysis

max time kernel
64s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 06:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.js
Size

80KB
MD5

14d8cabc946bf312ad7fe1b8359f1946
SHA1

de06c63e22bbfbd5bc4c55c603bce7ec3842b23a
SHA256

9beee0269b99a1c4f088410ec6d03653d9b8d8887732680622b6b6f6887a409c
SHA512

a81ba8a53c1445a4b56a91ae503d54ea6ee48ebcb33f2767f6b5a946fb1bd367faf3693d7622c138dc0c23c23fee5fed56ae77e5915cfad6d33d171bc531c49f
SSDEEP

1536:S6QJFL5SwNiewv6QehNFZuSuWtWWxvIBq3/6ajeN+pcXWaEKjpGksAG6ZJsneffW:dQJFL8wg6JIBq3/6ajeN+pcXWaEKjpG/

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3420	msedge.exe
3420	msedge.exe
1840	msedge.exe
1840	msedge.exe
2876	identity_helper.exe
2876	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2968	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2968	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 2152	1840	msedge.exe	89
PID 1840 wrote to memory of 2152	1840	msedge.exe	89
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 1704	1840	msedge.exe	90
PID 1840 wrote to memory of 3420	1840	msedge.exe	91
PID 1840 wrote to memory of 3420	1840	msedge.exe	91
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92
PID 1840 wrote to memory of 548	1840	msedge.exe	92

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
1⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8aea246f8,0x7ff8aea24708,0x7ff8aea24718
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,9162325602660935343,250523774483814656,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:4312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3624

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x344 0x3ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
27KB

MD5
75f1d5724eddb6c481e2e87727c0a19d

SHA1
3cfe079018e25b2646f23e0744bc5af2114ee256

SHA256
751f9ea75e28033193df30031bf3d33e0553e1644ccbaecb26fe7d3bda21b78c

SHA512
a52fade9a438e7896f12afb5b8cccf05ab2cdd71dcc8683ba80001e74800d0c6a6d446d162e75eff573ccfc7106c1beb6f91bdd41753b81a6f5b7510c7c36b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
65KB

MD5
2512fb34749010963fb2c45cd9c21961

SHA1
14899c82810e85b426d101f8e52c3f5fbe8ff17b

SHA256
9e78875a4f1859286de263c8f46138601dc9cd6caf9e085804f7c4e20e7284cc

SHA512
3dfce3908ee6a21a2f90af9ed2b23a35e2863dacd6fcbf8cb22d0f0fa2cd19de35be3e1bbecd0a8ad57148095a4bdf58204a033438d3660db2b1565fc554dc55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
80KB

MD5
319c0383ff1e67d872dc88b34ac40824

SHA1
f09a32ccca7acf0dfbd714bd0564e1ac8b28fd34

SHA256
6265d44cea2b739a103dd88bf803eebba8b9081bd8e840d03403beb955f58b2d

SHA512
cf486b56cc689d51aaec4d7a5af04699c5e5acb58a3a8923dc0d24c20f015a2c129c43650be6bfe3da91297334d0513e6716ca36e3cf3ec1ad832975a47f9bb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
99KB

MD5
88a1a0024772b3123dc790fd885f8c6b

SHA1
44b65a2b8093971c816b3259c90bc723d2702771

SHA256
de47cd8c2d631bfdf7bffd153561b90c2657a32d47503a7961e3003271c2f2e5

SHA512
146f1b1249b9754dbf122efc1d12654b11a7357fbf76483ecf23e5599f7d851eeaff919519d09a13f5f5259da22436cb00127ae8980be5f3f4ed1ce012701bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7d0f8f26bbc08d54b2dd634a9bfffb8e

SHA1
500ce3c5cad6ed958d6458e1df647471b35d909b

SHA256
79343780673e88c31fda167eea6826e189d672f5df1ba1def35a637543af5c30

SHA512
b8c099c1afbc5fa2682c7ba81abb43bc69dc7eaabb2ec259aaea2717d0fc7b5a3dc49bcdc0689a526a26c2d57d58830c3bfc7f776fb29bd6507057465ac81749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c6a4c27dfbd668217d35b1496a75c6b7

SHA1
6ce631fdbf481a0639ba02b7f2d2e5fccc2f7566

SHA256
39878b579fbdc619fc51fe4cb8c6fdba464439fda0d9e0df5d53c1773f4cac44

SHA512
c16c8193ddffa4d8eaf8176feea17c881741e31d92532401fb31d3ca2cb978189aa927143510395d003d22ddc132d13185663d6b2f9a6dd8fc65125c0f6e3f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b4cca3ae1c459fac3477ce8507faf982

SHA1
6f3eebcd462bd9e20e74d390780e8979803728b4

SHA256
5c12a7aaf775908f4e48e5dddbe229e8bed7dc974e2070703da6f5e09b7eaa26

SHA512
5827910a0aa30f1f6d32259cea1c69c01b2c8e44de034ae67fca16555b460b5cb693ffbcf884d26ab34d981cdbc513ff7de0de77be085ca2c8ce469537e06eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6c74ea7c5a6c06f65fafc5ed8b09d366

SHA1
430dac7c13621aacfb0f3b68bba85dab440c2a2e

SHA256
a0a47a7138301753adf44ff55f336b96d5fe9d41497741b935d2f15d541876c1

SHA512
df53b3d2b011bde6601f7f69fcfa2047159fa6d0e916d71c9d287f36d1184eada9373b5e279a45cb44fefb8e0beff80cf6c5409e7a9647da63462317417d7c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b080bfce6a1f872b3838e342ecc86648

SHA1
7bd053388064149258a76bb3d04e57b686b6b08f

SHA256
405773adb07ce56c55b61a81411e8be416dd8613f2e388402f688d6da6aef924

SHA512
09ae48e27a0845addb4e8b384982bb670c9c99b638dc1a72f83ea128a4736d852cf4c870d878a70a89fa40d2711d0b13bd2318ee30f27022c2a517496ff357f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f5aa.TMP

Filesize
48B

MD5
a5025a83e0a4074093b835cd05599d00

SHA1
88c7d4ba652a702771dc121fb4a298398f498bb6

SHA256
b81163778a6d228bf73139db3c6c93af368b689eed9232813ebed07d733a4788

SHA512
265f673da3d026447369bafcc91265f91d53feefb18ae3cc1a9bed2138faaf7e94e53db0fba70e13cd2efee6282bc3458faa56130f07b89169c13e8b20a43319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0095ff183e788a89f4e616f6eb1f9442

SHA1
f099dfd5b26c20657521cee85b24e175ea4b402e

SHA256
518491e5e902a413e879fbe0cfc85548f23ef37ed3a85b66258edc4d95b89264

SHA512
05b81facfbc485dbecf7a3bf796906a45f594a83e0f00d291edb04fb39974141954cc2ff53451cfb8720733783d0f1d5e03dd6b33559576b5919ffba65bbb669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
52eec8c234494e3805114baf78229d59

SHA1
330639ca9967167ab23899a66cff6bf1c95c43ef

SHA256
269bf94db7397f18b4938fb55e5e079be163742e181412993d551faff2712f3b

SHA512
d567f36d6b8659ffc9f21dd9ab87ae3e510ea454033ebf8d83fbe0e21b3590601cd444ec8a372f1f63a2348af5c848f664e031d46a6fca511008a4c39f665516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ee48.TMP

Filesize
537B

MD5
6d6f2a309fc51e0ae5e5ea5e75032b8a

SHA1
a9c7405ff442f15e38414a558e32eb8043fe470c

SHA256
4b88dd69c9e01b9e57e93cd538a6495e31dfebc391c006deab335d227973aa74

SHA512
d2d4fdc8eefc2f15030fa12f2f8dc2405bfacfd2050a3904ab26f8b09724ca446e3931a9b528f870cfd18c99e3c5c542b5ae1d9a4b37e1fef6ade4529802026c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\be4ca7ba-886d-45a2-a02e-0c8962bda815.tmp

Filesize
6KB

MD5
06d20e8719f58edb2245f75384b64bb7

SHA1
16a6b408dd1551a5c0a32b6325b9c80a33185dfb

SHA256
5d7c3c3c21df451466ae5cedc9f74f98a3376ad347f8ea8954cf1398ec868436

SHA512
0bb454e860c2d47382dcdd2ab58b98046d8579151902897f554aa7d6252224aae66a642c28394d2fadaef1714575ad9a5736704f68586dd65bb26a24888c9ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5e3c2c25e3ccf8450d49c0f4736c4de2

SHA1
189e842681edcea5215938cec7b35384fc8042cf

SHA256
bdd18ecc7716ce3d033f76fb3d52307c0d881e2614af606e5b7eb4916fad9b8f

SHA512
d5ae3edad97af211858a6b602ecd167ec28e1af9aa7cb8b385a5c34c5f1fdb452c5ca8d29bfe9b3f5a9229240f09bf06a8716de40c4ea24da42167f8f38dd3f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit