hxxp://anydesk[.]help

Analysis

max time kernel
70s
max time network
72s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://anydesk.help

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{595D86E2-F689-4DD3-AC49-CDE5059ED5AD}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
5012	msedge.exe
5012	msedge.exe
3248	identity_helper.exe
3248	identity_helper.exe
2264	msedge.exe
2264	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5012 wrote to memory of 2196	5012	msedge.exe	83
PID 5012 wrote to memory of 2196	5012	msedge.exe	83
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3820	5012	msedge.exe	84
PID 5012 wrote to memory of 3416	5012	msedge.exe	85
PID 5012 wrote to memory of 3416	5012	msedge.exe	85
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86
PID 5012 wrote to memory of 4136	5012	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://anydesk.help
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce08f46f8,0x7ffce08f4708,0x7ffce08f4718
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,6590197897094824258,9181280165334614839,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
2484d7dff2d226c5539709e78d154c2c

SHA1
deb22bb43adedd2af2da76b0782243e8bd819250

SHA256
a6cd48898fcce760605e00b9d48dd05fe3f74e7af344146e4c9caf847d74a0a7

SHA512
0e3d00e0a6fd3fd3725df841de3a31202e0e70c35441a72c26396e9b9b614795572dbe79ea09267c72613f3243d922f01f4ae8e70f527769b954a685f7c813f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
34ac878dcb864b4d61fdf0dd15b25639

SHA1
283072d1e3f0c53d500145bfe1d878e7362d8f7e

SHA256
df6a8b49876be78e41ce5db2e8af5a0de8cbf73847aed1e126cbdb719853e49b

SHA512
2f828a1e107edd02c1ffe144229fbde07f8b892dcbe8fdc5ee7e401d03418eee13d9dfd1075fd069e694dce6573afb1200692e6a88fd439000a8491e352b8a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca9962e2133a6fe4d381fa5ae0edbe81

SHA1
f42c11fd56ab510833793eb1013f386ce877e49b

SHA256
f8ca014b02c2ecae720521436a695b5ec655befa6488c517b1d5919931eedfc9

SHA512
109a4995889ca0d80b7a6116f30e90ca042fe443698b904df358840d28b760f567b9d3c96beff0eb9eee12d8847bc436c917c7e8adc06a5024237620873a24c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
934c425a38232d9fcb212afda6e11371

SHA1
3289de3d9088437ed076db26f4f22f2f2e2dadf2

SHA256
818d68b32113a9efb8b639966f599d4fbbbb3add51062049043d39eaad6c1a30

SHA512
c6aba86a7c83993cc8364b0ca7dea8abff4b557917564150852a361e849b72dd2098d16fca989f880db59969f58153544ccc03118ccf221d2f16d78bbf982bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
79258fad0ef9b70f7d764a890cd7901e

SHA1
b0e1cd25fdeb4363a4abd1a7f288da4676b761f1

SHA256
09e14ae90879b5c3ac3a52344fadb620bf17abd39d3dee45e7e4ad394b77c04d

SHA512
94336c116b61ad6e999cb6d3558fe03e56b6d07d1cede91c7a4e737f7179e656715ab9c90ce6d26fd71d6ca0802efef3f4309aab35eb0fd96931c89b426b67e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e6f589af9509a49472f8fd50584cc2c8

SHA1
24eba8a1828e067011b756ea39ef3a90dba471a3

SHA256
652fcb08ad9f0e704ce3e8240de47c03a353b0724c28aaa3d0dc072e10e19247

SHA512
3f3a6a10919c4714275a175b056986669eae24c8840c9fe727ef7781772c060202110d2fd89bb148576a72c0d6a1327b75e551e03833004dee0c3824e425bc55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
57fd431d9ec5fad4a6d8609bb337bffb

SHA1
484191cd9c942d8fc4bfcd2c00125254cb44562d

SHA256
0a5fbb2ea6978d86a9a9868186b686a59492f1866fdc708ac2b4b453e17cc5fb

SHA512
87a72413a7d988c34324ecfe7e9b1c8a035eb7d1054879388a2c901c20c2793200344192494c297d276beb21d9f067f9f5857b8b310070ded969b40683c264e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ebe6.TMP

Filesize
48B

MD5
a882c5c2038dcea25f942c89309a4de1

SHA1
4f53865b5a905259f71d42977f2a262637a43b03

SHA256
e351fc67c5a016b8142665d9b5cf8df13ba6cf54898b09e3e28f88e4522e40d9

SHA512
f0bcea306fd0e7fae580c1c4dfea1775c6c384396b1261d7b13a8cc14fc2fd6348e9be49fb20fe21594fe1217d95ee1a2b7112174bcd6f5cb6bc8f8793ccf27a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
62703bbb4d60026eab3322eddfdfa782

SHA1
f23dddede143a698601e7fc372dfde2c6bc42cb0

SHA256
3d991abe02ac5177c0f5e8525192381c7984d03f545b352217edde287a33f24c

SHA512
353a182824a28d5e02e23d048bb02f5ecccf97dbfce50ec85f0fed6f14e63107d954e7318813a44895536823dffc5956ba2a7f3472949f91da550263a0fb0240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9d2f6500d04771aa46dcfe28c6ca3d68

SHA1
49e24661aaa268149ced786b842afb0e76b74556

SHA256
8d09c2ce8e5dc32706c80c96ff46d167559e6b344a96aacb3f1c1c020baad8b8

SHA512
ebf6391cf6cb5bfa96b6e247f0e2c381e0af72e1f2dbd310553a65bdcd7401f7d6d2c966ec3572c327f68e138f6147da002cb8634b641d595097edca94d49a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f1f1.TMP

Filesize
706B

MD5
3668eca312fd011aca8c35f9e80fc743

SHA1
6d30f857594b44137e7443e1a594a9a28316305d

SHA256
b6684aeb47b359a46211e18bf4342884a55e8233cb25840f4b8799617548597f

SHA512
14c59fd06f10f404edac3cd8a5d0ddd16fe0c7e45e1b110725376b345bac83f8c5cdd964f32b7bfb9e9d831021307397d2eccc8636c55bdac13b88b61cf54508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6fd5fb0dd9fa34370026565364dc5d9e

SHA1
649413ce6dcfbbdba3d5663c314f88f005f32389

SHA256
c6d6ad768886a7ad87ebbaa874bc3987c0c309ce44a5c4122369ee01afb2701a

SHA512
a6ab5d17fc5ebe70bc8b4bd923baf2a5dd8695a75d2b6b56252bbe5e86540f13a65bf7b9caf22856282f242dacf223c12f7aba4e72058b91b7686f93273ef1a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2393aa478fdc6c193ca05ae19d0c85ed

SHA1
018b145532f9229c0f776296dba3245c88f0ab21

SHA256
a0fe44d5942338c817a16f3c4c90ff2518451813abac45f3e441fae09f2c3440

SHA512
c91621db0e4cff93aaa2ec220833a14a27b61b5af240062771693661f20c9e74c4ca2343a054561e7b06ef0198e01984234c01038a4dcc1c88561236689fce7c

Download Submit