hxxps://ify[.]ac/1Ic5

Resubmissions

14-07-2024 14:46

240714-r5ksyaxbqh 8

14-07-2024 14:43

240714-r3y8jsvckq 8

14-07-2024 14:37

240714-rznmmswhra 7

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
14-07-2024 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ify.ac/1Ic5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\setup_V712NJ5pO3.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4596	msedge.exe
4596	msedge.exe
1640	msedge.exe
1640	msedge.exe
696	msedge.exe
696	msedge.exe
1208	identity_helper.exe
1208	identity_helper.exe
4276	msedge.exe
4276	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 1516	1640	msedge.exe	81
PID 1640 wrote to memory of 1516	1640	msedge.exe	81
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4736	1640	msedge.exe	82
PID 1640 wrote to memory of 4596	1640	msedge.exe	83
PID 1640 wrote to memory of 4596	1640	msedge.exe	83
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84
PID 1640 wrote to memory of 3972	1640	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ify.ac/1Ic5
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef8123cb8,0x7ffef8123cc8,0x7ffef8123cd8
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,4380526741755673734,618292468734757783,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2432 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
afe63f44aa3aa9393e4251b4b74226e3

SHA1
29eef15e4d60afed127861deebc7196e97d19e4a

SHA256
7787181844d106768f78847869b5e784f07c1b65109d59b46932979bac823cd3

SHA512
f0f7951b5d55c2cbb71add5ab0c2ed3617a6fdf93f2c81ee9dd15d9f7c67881b42cbfd97cc4d2f17ba8a383624b23da1897fee069ddcee34233c1f625062a1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b0c53c5fe6ad2ee4ffbde1b3384d027

SHA1
0c9ae4f75a65ed95159b6eb75c3c7b48971f3e71

SHA256
2e9fc3b050296902d0bb0ce6b8acc0bb54440f75f54f1f04ae95c9956108171f

SHA512
29f62e085d685d3b4902515790ab4f298454d0f8d53b6234fae9f9a0edffdd0d4edee57261e8eb0b94a4af8e86d3f7ab8b044c6f259576b89f91183002e58b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
483d7dd8fb1c39d1f26fa10edd50f0a3

SHA1
22c405e3547267e48636aec3ea466d0e6d79cb27

SHA256
ffdd67ce1d7b2ddb6f6a95c7d799542c0168f0e75a4c4945e119943c354bd172

SHA512
1139dea7a31bd9c34023192b33e4dc0690ae9a3c096c89896936764178c8cf7553f53c7103b399d386bdc97e64cb89afb8bf546aa6ba751778ac65c5800ad8dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
1592a70dde1d9a02bc1b2273eb72f0c8

SHA1
77f107da3f5586371b1e3ec67609ba49ebabf136

SHA256
d9a944c6bfb9d6d8d5175a13de36ffd0f7f7ec188c6782a067e68b5c7fb76c2e

SHA512
513accbb94f8af137d68a0db9af6c3384568c7ab1bcbd80d07a09e756aa74709218054372d1346273a9d8d579e75af0e1e79c1722827f6a7e66e952bf74bfe48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d4407f6a32fafb367b1ce126f1bdab0f

SHA1
b984aabbfa44dc29f5c8961cfa0d63b580edb7be

SHA256
f0b00e3e8b496bf88c4c8e9a2e742a80a3c108db8917c2ca27cf804eec2850b9

SHA512
2b1e06b1a7da0f784368fcc9ff3facd25bc17007dbfde280809a22dc6a85e7f3bc9de357c5fed7024ec69b39f245fea090c7070761d59e4fc84f2def77152438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4647502a0270df3dec65719d81f5d6d3

SHA1
d854c56f33124847121a19da99ac995177946ae6

SHA256
c5ec064ca9bac00abb77b12705975c7a5d0cb8f84a0f8c5c40940473190d9468

SHA512
7cece78fd0d81036eeb790b327bd42512474f10ca5b28dfb29aae4b5915af8c90296bab03ae4e0ccf9e7aeaaf6205875a0bca3e8b081a5b6bcb6ff0387ab2702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91f2a6270b4f7f5b2d9eed1c5cf1003d

SHA1
7ec7b879e086d25c2f764b8218e764a6cde293d2

SHA256
b723136cc6b5f449c61afb3a85cafe209fd22da394b3e3a8a17a6727a47d8476

SHA512
41dc67d2e0432ce53d32643cdd9fdcdc3b5a8c03fba91a3c31c02553d8e13783681535e323054d65afcf27a91208e736cc392efe81c96667d5973fd355a69705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dcd5470de44cdeb25a9e5c5246dc92f4

SHA1
e2a30b8d6e1b8966399b18e6ed2dca3ac5686e05

SHA256
bc2a9600ca218d6eb63e157bed7b8a107acd035872e6d316c5c27f3f521ed930

SHA512
18f2209780e3424fe80a223e57b1966db031ba5601bfdc0401f356592c08b79d3bad4cf94e8918b06b0ecee0adcfcd51bb031ed4706f496c3676f7ece9b8bd37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19fb808cc5605efea6fefbd588d412ba

SHA1
0e1d4629a0f20f16fbebb8b47e4c6d2eccaeec45

SHA256
da5312ba5ee9536fc2cac0acb5f6d7de430f024a04ee2c92327fe91c3d988f75

SHA512
2c3bffc0b236b702ed1ceff54c2239a56ac679ce8fb29058ae74b577ea6894415b9ebfcbc37e3fff9f6b71dddd99b7c3e30884241bed6379a6f577b695ed41a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e0807426aae611bf327f632548154631

SHA1
81d2d5a7fa6c1415022f15248dfffaeb4a0444cc

SHA256
eeb2bcfa9a42e50291e6b90c6469f1c1b7b479acda937273cb747ce896377b7e

SHA512
86338ad637f8eef29be0fa669bb97864583ce52be168e588d7e00e945146af10c04a45e56d46569d83278882a8f940e68afa60fc9df73379551a591036bad177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ed8c.TMP

Filesize
48B

MD5
6884fd2b25fd94b54f0799bb98bab1c6

SHA1
e66f13174158fe82366d1bb0d9e1a9122b495ac6

SHA256
39bfe1638ea5c2938a2f1157dbf57094436a9bc72a2536734a3f7947295d6a08

SHA512
7a45e75e213fb7c8a855fa37be3ccdf0f6d12feb093a335e4343ca8ca8b846b8212d43e7479b34518b674d09fb5b1faf101e339a1ba75202a1f7550a16fa1acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
75d2d9c759d06b717e4131f04498f678

SHA1
a9c898bdb795502a367c3dcfc051d7e4e914bba6

SHA256
dc097f829c172976fca07594fa563574989919d785cb842aa1f446316286af8b

SHA512
df346c2123de22e054200184d444747609631bdf485a5159d9461f429462434fe3f7a4d8770e07509c26a413a84bb95b26aa5e99baf75a1f8039ecbfa2262e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
606dd9044a2f6bb915eaed215ab464a5

SHA1
479a8d73dd464053c27ab9b537e85bec271257f7

SHA256
596b865f18996c3885a57c4a262ee7f57515bbc94a977a125ce34544c4b2339d

SHA512
35c38dabc4661ac294139b8a3f4283856f9e771374237a7526c8e5855069a07c3df421b9481851da3908534e25464b2b284dbcaa68141e42b59b1b7f4d63dd73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
95b606e35cd0af6b053450b3ec41de58

SHA1
3f268e14af7bfeca8cc34cf7b49aaa6957fca013

SHA256
473a91430319457bc73f12585b3ab7f99937113f94fc111c7b2e51ff960e6b76

SHA512
cfdd27f52dd2561206a0e17cc9c97ddf01a0e1008c859fe572f2ab355cf36b330fc7019047692f7e958bfa27f07cc784140b5936f1bd74bee4a7a1d9be917417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1a81c3e7b4e181a78163d3ec9cbb6af1

SHA1
3e17c546d2dbe7bbee0c0174eb0e70fbb9b9c9f1

SHA256
0a763ba2eb09bd3146b95ca9a4ff3a41bb87d715e832b6c1d2776f3c63d9f42d

SHA512
d223dcf618c6722b3378734280ffd5cb3b0b172957b0115c96749d137342d8c55e7ece87e96485b2959d16129727bcd58c2496e825460d40f6b899eb9809ce5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ec25.TMP

Filesize
540B

MD5
cc2cbbaa2ccf1e5911a450a8d50b0bfa

SHA1
9f0533384163dd2895b31345b6fdc4a0f19e68d1

SHA256
079245bd4ff5e171eacd9235595f6fa625f51c07322cd9110674061b90cb0e81

SHA512
7075973680607bdc18e2f2a76e857148138cbfeef5cad45ad2737cd43fdcd7ee09719b791f7f41591bb775673c8ae1da2c51b92bf9a4b208b76bba91e06c879b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4e7430d828e632c7ab803f0bfc9cdfa6

SHA1
1023c318d8ad1f2231198fdba552e38bbe63c65a

SHA256
f79c3695d933d84de712a11d9a7893af4ecfde5df0effd5654ab74876fb6dbfe

SHA512
27f093f8e2c085597f9e1b6461e0ffdcae5bc41f4844604fa34a59510b3cecef1bff1c54ae6a4a8e83776f791367074dee4802ce48a1fbf873811d6071d96afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90f105ddf3abc75be769d18c0cdd13f5

SHA1
c66bdce8ea5e732b702b3c5cbbad860edadb3423

SHA256
8de12e47b6eb5cb9f25393df005cd5053a2023024a91ad1040f84ced7ffe750c

SHA512
92cc8148682393070ffde14265a6eac670a53ebff9e35ba7e7e20784092d2ab4613394cf3415eee7147b47edad74392ba90dda6f017b7a77fa76e7baac75b073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
45aef5db13460244b387e5ddeb992f49

SHA1
d03c23031533a8ea9d477188b15128acdc94057e

SHA256
dd5736976d6f10f6bfe3d4cb71ba770cd9ecc1dbe55d9a55580aa0bfbaaab18a

SHA512
30c493e5ace575c767497e4a5506d734ff0252bab774702076ebd760ad99a034d3f222b7ae426bd523626f84517bb6d6ebd46eb5b3ccc53745ec90b6b53b6969

Download Submit
C:\Users\Admin\Downloads\setup_V712NJ5pO3.zip

Filesize
5.8MB

MD5
53ebfbe87f494659401d2dd935a360e3

SHA1
4549c9cda2468145725ef6860c7ccbb5b6e23da5

SHA256
4b849e85028ff9de8a2be0497a19e17bfef1672ae27602c82d8fc172e2938011

SHA512
0f1feb55902248291da05a4a90a2b5c402fd999a8f01325304f0c846dec8b3e27d79859a83360eb8f804e6f27bf1fe1d2821ee756a24330a2782433654d16ac8

Download Submit
C:\Users\Admin\Downloads\setup_V712NJ5pO3.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit