hxxp://flies[.]sh/microwave

Analysis

max time kernel
111s
max time network
113s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/08/2024, 12:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://flies.sh/microwave

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1080	msedge.exe
1080	msedge.exe
1528	msedge.exe
1528	msedge.exe
760	identity_helper.exe
760	identity_helper.exe
2764	msedge.exe
2764	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1108	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1108	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2532	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 1508	1528	msedge.exe	80
PID 1528 wrote to memory of 1508	1528	msedge.exe	80
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1132	1528	msedge.exe	83
PID 1528 wrote to memory of 1080	1528	msedge.exe	84
PID 1528 wrote to memory of 1080	1528	msedge.exe	84
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85
PID 1528 wrote to memory of 2500	1528	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://flies.sh/microwave
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe39983cb8,0x7ffe39983cc8,0x7ffe39983cd8
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,11292150350196326523,1957564463085406043,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:4292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1812

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004BC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f731eb49a1d44cf9b7a3d0c43d7d014d

SHA1
3bdfbad385b2a6576a9323e75fc9087093c0a693

SHA256
248e75a7e54398720b1a62e75f0ebb3414138ddaeb0ad277a606425e5d8283c4

SHA512
f8c59d767b3b0259c2c5eda110662adfd88c17e16cc522f5fca6b606fdb50472d86e2377c437962555a71aab24ba8e4e84a8a5e8c0a0efdf30be9ff83eaf5552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
c4412a97dc79b0b43adee6f229f7b078

SHA1
3130ae1ffa1d907b2c73d1aebb11aae92ead72fe

SHA256
69831d1ddbc70783ad9c37a75c2e7e292e85e35154d2b45df2b9533c68e22007

SHA512
246ee11b2a9170438996849b3e0bebf1bc4cb4abde31392f190fc2fac410c96c325a728d2b86dffa2b5ab667a19bf1989e252dbff652c6863d3fde7668335e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
536B

MD5
540b8d5e94c2b693aa3140b1edc7cbc9

SHA1
6b60aab2318fbcf7d8cece9da009b3d52368b6f6

SHA256
39ca8084e6f06d71db09ff5a77164577654832fc018de2156a289ce8b15e513c

SHA512
c564af63889e190e7847028e3b599fe3c2ef94a7587eb8e1fb8546cf81e4ea041115b97d1c5218ea5d5da180e57ee51b43fee01ce58af701a30cc10835cc52c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
536B

MD5
27fb84c5817fc6063b5e30102dbbcf65

SHA1
64f5bb00d53ed135dd726ba1b83385093fe2428b

SHA256
5ac24cc7ca58a396b406d5dc7ebf965f0e76d75050a50d0fa9a61240255f35a7

SHA512
9de5fa6eee74b0cb5c6d42e78f8a06dee74c1c82e08dbde0ce92b8303dbce773b69c4e8ab473bf8ee82cfff64354c98d9fbb1af6ffe920dfad41187bc8164b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b763bd8873d7c8b22a9e4b776288deb2

SHA1
c2c2d1bea1f55b340b7776a91a050498178abc73

SHA256
a2cfa77147f4944782eecf900e4e84942966f868fad4394dc71eda2cabc6b3fc

SHA512
9857ba1e2305adfb3f3cc6ec9a7ece6387c3e5f4bd22b623ac551fe3f8c67457519a43f679920a8a67fffabeff077ae26d153509d19090e44ad4ab741e27a440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
31691defc22b301e4a9e12520bce6bc3

SHA1
37bc169d6d70ef8172429a6b1ed71b27b08fb817

SHA256
f33c38c43a7298c35459ff5a666a3c8987c759b714f58dd0bd314e995fa5a47e

SHA512
1c637c19940edab3c40bcaa6764381f281439efd750be9f1f0a26f146b525c2b8014c2c07430266c6699427c9f1280084efcf2720faf96ace98f686a79a828b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2ef861801beb02a72a49581554fb788

SHA1
2ff2a5cdfc637d9c63009c50dbd58a6eb6234891

SHA256
22ba939c35d1313f4a133f4c921d53d2b78f421d1d7c50c896a4fd3405b5b191

SHA512
e367ceaa76eb7925c576e877de43f7ed367c51b260b6c476086a654a3888419745f018ff51bf936eb4b6025709fee127be5c2f892798e39a0b2633cad1775741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2e83fc37a094cd12aa0c3de3bc6ea73

SHA1
65bf39397209d032d3dd317044bf00d83e2cd226

SHA256
b0c82750f10ce9fcea27a7cdd1a4144010a38c98438ab743ab255b11984f9ef8

SHA512
e338bf11069b3c1f1c950af208ea0596b1d99945b0d1b7df31c5d342c53c9d228994c7d5fdf82c5e44c5298cd80428ede6499f4b045507dfb91daa045bff1a3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1f4af9e354fd0c3cced8fd66da97251

SHA1
62318e26069da144c34aa5a8dbde35ba84c71c5b

SHA256
c0c89840e0cc9be45a7a9e325b15f98bcfe29ac81e7b1aae1206c5e742f3f0cb

SHA512
1ed639ff2d7c1bc266db7a2d7be891ecdb0a6af7d703cc0b86793e8d4ca92ce561d33bab761cb9476da75b08f8d619422362240149b653f3bb5732cf77c56814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\122e0495-ad5b-4a05-aac7-f8bd4387163b\index-dir\the-real-index

Filesize
2KB

MD5
20d75118acbedc4bfe0ebc82c80e7150

SHA1
ab4e0d369b6dfdb2e232002ffaeff30db9759c0c

SHA256
64b9000756b6b61c06daaf1844644dec36178f0864195c55e111d16ab85af570

SHA512
2c4b10b8e36f0c3623d7d07bca84fbb4288e914e968522d4cffbec9900fe221d6081929787a9b97e1044289f5781e7989f94a3cede1d51f937f874b68b2e9986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\122e0495-ad5b-4a05-aac7-f8bd4387163b\index-dir\the-real-index~RFe594a9c.TMP

Filesize
48B

MD5
085656c2d3f58b007d80b5079edf9902

SHA1
e9db81560615b27bfba5a79144509d99e76e6008

SHA256
70cfb28153de5b9d43d27253dbb4850d923cfaaa401a04f30a05e49e3b46607c

SHA512
c75a20f1e9ab5d27ea7d43b58131138cda3522a5edc483b1d4b89d233dcff083e909bbec8261ee06238a869d78c3f53b88a42a655a0a7cd6be73cd5c449eadb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
114b31875878946210f09f84e66dc7f4

SHA1
30b6e812b7983be02151b150a360d9a544c4ea43

SHA256
b7bcddc9f314c0f4db1ff87cbc9197d7899cfdcb4ac3942ac6e29565672bd254

SHA512
eb2c775730d02b151e776ef2c97ed55785890fd6a5a26a248b21497009af08db71985019379b83a82899c57ae0d96e9f42042aabcc00555ae0dbb31abe014134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
eeaa4b62fcfaa880723912bc1113edff

SHA1
284866dbedfd8f22ca7cfc137d480bd861939bec

SHA256
836ea2b05009ff3c821faa5208f52472dfe38b1f7f3404cdefd3cecae8cf42ea

SHA512
1e7e789f5832ee23cfeada0d1cf14c1c574371b8fba522393edaae59c931cff2ce8ef82f8976811d1651666a30865d7722db073bf368291ff80119afe725e066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
eae82f3cae9ae933c2b2d965c72faf4e

SHA1
62d426a799f2972f0dc8e0c08458b46f7573af49

SHA256
4aacd094c4e1ff8af54d8358d6b24e2d3cc99fcb7b451c0ea2ac9c45e974a1d2

SHA512
74b1665db2d5e7273e3c2e96f20ae253b98e5b6588bf911b7ec13af8b7ea2ecc71bba6bd6aaf895b21fa7f0a74e0e790edc1d3ae718a4397dbd754d337740d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
3051158a06faa9de0180780e78887319

SHA1
53a0f3926fc4b6f42bb82a717445a5f4e28917f1

SHA256
bc26006173e0d829e4b3dd8cd982331b0de43471465df84d8ab625e7b82a050c

SHA512
5946dfba830e4070dd7d7105c075cfee36fac57f5385114fa1994f148d1f7bc78a727bd0f1baec59a843b160d9b7f4f85203e38e1cc35d3e89150611f99c388c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c9544053051e565777c7148a47d37255

SHA1
dd036bcf444059a64a753b2a63aa83f442da6f05

SHA256
73d738e305600700e4b34e5964b35817611b6dbc51bf67594d4bea94a8aa6b31

SHA512
e3f46882442b373923c4ca79db275e9eedf34a904ecede575fcada1c8b58a476ab3ef0d378f6a5a3d511ffaff8be15d389262740c451335ebcdd49f677b3a032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
7e4a8341fbd123f1178d2f04531944c0

SHA1
d1f6190dd25243361a4294e6c1652689a97ace1a

SHA256
7686df32e9758545e417179e2d7c3bc008de4c681e55d43587a449311be9e5bd

SHA512
810cefeff0c9f524e79c1f0aa7dd447900feb48c061af79e59cdf85adbc7439b159f56f026e68c3bbcd1c3d5297b68b13a842c72f8dc2b7d3caf8c6ce3e4096e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5921f5.TMP

Filesize
48B

MD5
49eb7da879ccf014b7c2c95a4a8d83f7

SHA1
a7df8eb7997c0a8de62b71a6b2109ef4c64dc1fa

SHA256
0392e539cd1329462d820432d984906c19b1c5567ac4a3e97fc2fa0728976aff

SHA512
d667db9d801b7b8857898ebeeaf3cd87e541d60675260a7afe33f3a3e9563874e719d0eeb180ecacd5f944f1d2064e597b825041632e6e45055513c6d030af17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
0e0c3c5efe3b3be4e46753c0aa4f186b

SHA1
e3d850d67fe0bd6206ad8c086d01647b872bec0a

SHA256
1ea53deb93c3fb2d65a0a2433e0de9575ea439840b874e7df4a20a9c870d9b6b

SHA512
2f168468fab84ea7bf5b0d53fe1a28b68929fcab4d3d8d28d128b4cae4abdbc37cbb8107a340daa5aa0e23f356a6450cc028b82e237ff82539512ffb41f07e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592699.TMP

Filesize
874B

MD5
df14dde85bde73c9e1f5e9393720e346

SHA1
1c74e62331351a332eed7d68ca34654a74be9d06

SHA256
4ba1b6ce5222062cd7ad11806cbbd32484f6b9dea6795c1f1a308238cc67cd5c

SHA512
dd552236e5c34200ebefbaea248bd5163bccfd678bcba4d61c055497a4df3e0170b28752c7d7ae7ab4fef215fbcdd394957fdea6b4e2c0d2bf0657044c783f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1e0410cf7d2896861a093d65698edb3e

SHA1
21d744a481aba0cf1b247497065ef3568144bcd0

SHA256
40430cbe55af6a6fc091ff7c5c3c89dc43914a3c8110b97684a6e808f7c9ecb1

SHA512
66e3aa453c5d49d3f209c1decfbf835d1abafebcd8849047204278c742d00198ad5c4b6b1f95ad8e5d9df643621b529d96665674b2c9e26802cc96431ef6dc8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d43bbd486524312ad2479ad784cd2977

SHA1
81317d321780d03bca735cc392cf2ea866836fe1

SHA256
0f60b5899ac9454ce0447635b8deb7287e6b59d27daf902eb093b9a326a71be4

SHA512
cfa82b5706525d3af52fd5114fd1a7de83f445d7dd0e1fc2926b674cd047175c04da2a41aef606f7f3ed858074639bf5e5a982b2b5b86ffef5aa7f81951a5587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
570fdca00e690a8f554a504c979727ca

SHA1
55254597c689d2571ff13268a3084d6cff15897f

SHA256
d1dbc07346bf84a1e16b707d291d81d27f548a442348a43d6b6b137cd58a2eeb

SHA512
8ea734ee0c8e0d0f25c515b10523dcf94c576dc1c49f4e761f6a190c01b4654455d3749ab1e5aaf2cb1828a9ef416994785254721997274310d11e610eb05459

Download Submit