hxxp://34[.]228[.]38[.]116/st7au9i0suy8aftsvyuiai0sy8t6at7s80ausy8gaysuhji0suy8at6fsy9ausy8g

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 16:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://34.228.38.116/st7au9i0suy8aftsvyuiai0sy8t6at7s80ausy8gaysuhji0suy8at6fsy9ausy8g

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2488	msedge.exe
2488	msedge.exe
5088	msedge.exe
5088	msedge.exe
3008	identity_helper.exe
3008	identity_helper.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1304	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1304	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 3180	5088	msedge.exe	84
PID 5088 wrote to memory of 3180	5088	msedge.exe	84
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 4240	5088	msedge.exe	86
PID 5088 wrote to memory of 2488	5088	msedge.exe	87
PID 5088 wrote to memory of 2488	5088	msedge.exe	87
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88
PID 5088 wrote to memory of 4968	5088	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://34.228.38.116/st7au9i0suy8aftsvyuiai0sy8t6at7s80ausy8gaysuhji0suy8at6fsy9ausy8g
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac95846f8,0x7ffac9584708,0x7ffac9584718
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3928 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,7217276198025134421,6062887763822789994,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x4b8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
333KB

MD5
b04d868391f0ed954cf8ded2b42dd723

SHA1
5d4c528a372d31d300f3c23097649ecf5eedd64f

SHA256
7a1c7b9e6e8cba22bac788399ad4a04e185a03963321a35abb6246fc5cb94f6b

SHA512
2a2a55d038728b5539186f3160d9f4688ba21f6e606d8ec3974dca885ce57616563c862a1423ad371c122d3188139254a9f3ebf267b9fa7768fbd604906bd055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
308KB

MD5
3b396188e91a90a781104b9d825a8f16

SHA1
594014249030ec7370e530a10213f64e0dae3148

SHA256
3a284773a31c67fdfcdfb55ebe157fc46afb57950cdf15c3d325b6a7963a80e6

SHA512
dd0c006d6150705988e7b0e452a2a6c8dfcf2f5da967eadf2ea60b1569201dc0c6513c3089bd1fd9753f8a6e1fa6f0c9892de8c4e8cda4a874c25415ac0e6ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
1024KB

MD5
fb12bdc79c07c4d24129f431cb9caeaa

SHA1
ee4ef76574b463d60c3074040e7490cdb4cbade5

SHA256
62ff25714a677696d336b1909bc4a87487f6b23094dcbd5a73fade97aafc2e75

SHA512
a1e9f676fb5973a6115fb7551f7b74edce68170bf3e6c2b2bf7021d66bc07ab8af259c28b84198e8ad3b2204f191e8f083b61e4bc6c29e27b0c8ee6de3dc1e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
286KB

MD5
d6c27b6c76dec622ddd87ce07332c771

SHA1
6fe23e960fb4d3497c6b7a1e95117ee8d95d54c4

SHA256
0b0a92392b24637e0adc1f42657eefd3ee7b8c2a0f5d2d59505293358b46ea54

SHA512
10b9a98e0d6fdf2105e4cabd7c60759f5c40056e8edfdf03274b8e819bdaf7196c6ef03da22baad38eb1c56288e92a13955ba94dfe617fbf4f2038722c7638d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
1024KB

MD5
e0c313ddc777904c526d976c9ddb09ae

SHA1
fb9a92427536a65f1f4618cf691d28cd7850f917

SHA256
fd510b9813da68eb659327a9eb3e074e36c528b8d66971b2ecf9bcce6726519f

SHA512
78282b233cac565000431280bc38cdb50075d672d36d7428ca67cdacd26d50b67bcbb6f6284ba67d0d4de82a671e6eee270b7645b6e6dfbe2f2d00b6639083ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
260KB

MD5
41c1273aa43650d63f19cbd3560392d1

SHA1
12caf2faaac69c73e24eafa51d1be31394bf2ad9

SHA256
1611fd86a696f7e80918e2f0c046b5d847d1d169424f2279c17a5c61edf43c96

SHA512
51f821b06760095477ad0d4c03ab0b821f80f5cfb57e711ec8335c265b5c0b06232b1257e1ec273100d2e5538e9d17a43a60f291d703171e34e9af0a52b454d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
1024KB

MD5
c359b9540308f217027f81d65d595336

SHA1
10ec4d2e79bdcfeaa6c617e17dbc58c82da2dc09

SHA256
161958d3e3ddd8e81dbbc6168e810fb6f2d467ef88ee93462ae7e9926089fa33

SHA512
c57690dbe53a30cea78182b85a7da337901c503257ce9077f9fb91736f3388e34c82e74aae4c1905839c9ea3c8da30624a59b0379ab790a92bfb3423e356cb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
339KB

MD5
f5f23bf067f309c1eeb406904030e6f5

SHA1
f338ae1b4738a54d17986eaa71c3bf5ee1f9a8d6

SHA256
2996d040a9ffc81b9ac87947ce35008dc250373744c7da9fd6eb71f511ace050

SHA512
a0bda0ffeb3a9a417e6625b4f160a94e3b1caf1473d75e6f74186f0015e0110fbb47c4f25cc89ff321ce7056635fa945aaf4d301665deba2c67a67fdf85e7940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
d135e7264ab1f308669f507f8fc1c3fa

SHA1
3391cddec5e1ea13c3072a036d135016f03b6486

SHA256
963e74daf62d64d2161907e0895f3eca7dbfaa8964af45f79971c73f4ce24477

SHA512
310528a94dade2454bd29f6705106c6ee8c933a13f9f0cd6e44a2fbe1ab6906dd2d866f6d75e2f04d446c21e2ee6b6ba87344becacf258c261d765214fd2f242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
deccafd5870a6bf9408c2efa6f8a2219

SHA1
8813a436aa6ab977b33e987346cc134763ce5149

SHA256
fbd79b6fab125ae53046599a894b637d3c106c53b9247c33429b3c98e91c1112

SHA512
63d7427f96b58902691a4d99ea551da8e1f8c0e980b56da7e6d84198938527131e605bddcc92152aff6f004749b8906a1b7dc2d1bf613e80d72df58f9461637b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6578cfc84b631e7cb9d27f9ad8172c3b

SHA1
09d259088a2ddf238dbd391e0009919845ad3d76

SHA256
a666f55ce5f519b159e3cb213dd39287c691b16894aca0cfffdc82aeb650eff3

SHA512
386f504eddf51d2fc2e514693315927a899248fe5f37582d1ed8312613836d0a4a0221b2b821fdf37f364d33b8e306d17e9735ac62dc85cbd4c1281b13972e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2813db219e26266551a614e22d8c5a66

SHA1
5ca7a168fb89d3733c479241a9382ef78e070416

SHA256
52ad33267ebc84b10095ab3fc57d015d9dbd0173525679c207f980f5c99ecae5

SHA512
1fd1ae9b5c7654b08679a397296f710d37c4c2fb844827959b6810711ec04dda859d698af5ae933ad86e250066fd8325e2eb79fdaa5525d72e6c13b94d8a8995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8535eef6b96c5f0367fab79e0f0ab49

SHA1
8809706ea6948144e48835a6caf48bb6708a2a80

SHA256
b41043b8bf25613216f1f7c397aae0db6f7c724b4b7e8bdd6471ff9fd52775d7

SHA512
f395919130d5f7df2d62780e274d87b0a59409069eea3ad4a0ab691cb931e445347cfbbf9375ee9582f75d324f53e052756dc49d628350905fd6371671f9f083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d7eb7550c0f83824fd7faf53f7453d1

SHA1
c7f576c1ad9cce6e32e3f73f0a980525a9c97783

SHA256
6fc992d8e2dd16232e2748e1ef3c5d6c2e7ab3d54396ce751a9505eb043bfd43

SHA512
284c58c8c4ada05829a05b63f5c685ad9ceb5a8ac4479667645d13c288c41ba6fba79bceef9431cf6e56ba0c3097b92ec06529fb4039f356ce7feadf2ab8ed04

Download Submit