hxxps://mined[.]to/?ref=94814

Analysis

max time kernel
148s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mined.to/?ref=94814

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
996	msedge.exe
996	msedge.exe
3400	msedge.exe
3400	msedge.exe
2272	identity_helper.exe
2272	identity_helper.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 2924	3400	msedge.exe	83
PID 3400 wrote to memory of 2924	3400	msedge.exe	83
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 4560	3400	msedge.exe	84
PID 3400 wrote to memory of 996	3400	msedge.exe	85
PID 3400 wrote to memory of 996	3400	msedge.exe	85
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86
PID 3400 wrote to memory of 2688	3400	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mined.to/?ref=94814
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0dc446f8,0x7fff0dc44708,0x7fff0dc44718
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6879220863102836630,373361190039196596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6879220863102836630,373361190039196596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6879220863102836630,373361190039196596,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6879220863102836630,373361190039196596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6879220863102836630,373361190039196596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6879220863102836630,373361190039196596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6879220863102836630,373361190039196596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6879220863102836630,373361190039196596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6879220863102836630,373361190039196596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6879220863102836630,373361190039196596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6879220863102836630,373361190039196596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6879220863102836630,373361190039196596,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4fc9ffb0a5a7ec20677b26379311e55c

SHA1
5f7a649a7fead4b07c19f5a26076404ac6497a59

SHA256
13d1e57aec6c7f0d281d39e8ff20913ec4973800833b4e6d8d4e558dd1620504

SHA512
f024dd56a8d26775030f146c2afa05070d30569c85d721682e5d57345ef30a375dcc8afa9350a061085929508b82601a3bc6bbbcf1e268a38dddb75144d8d5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
719B

MD5
d5e9bfa96fb957afd2779190528a9ab9

SHA1
720278d713f2b790da22df5dbab960e8b1d9087b

SHA256
fd1b5a548dab0c647e5261e49d21c124ed6f082c7bb92788c64c935429f9b508

SHA512
b2615d1d7f9e400ac1fef0de2a87fec9227c6867c0965900c9b7c66f4bffbb87013a1c09ff9cdcd2552a318dea576e1e905da7feae17a575911a0bd95f73f673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cdecce76a78de19d6933d08aaf607fe1

SHA1
240c2366bdf13317f1621897a6ececf421ed1af7

SHA256
cabb785d0cc9ea914b0f0fa0534cf7fbb12a54a9d549ccedd809447804e8adba

SHA512
ef6abc59f687317b1cc79161c8fe80a77258443fab17edfeb33b28843ab0652706c7a4119e8f7e29cbb446135b4e6a232b3ca85f593b3087197ddd337b92ed08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9b5675b51ea56f27b611bcd67e333517

SHA1
0df2fc206f09a303abb5855e8235e1a7b40aecac

SHA256
80aae472c6dd71edcbc43cff88bd6e35f14a57bad30910b4405d37e8df74f88e

SHA512
09b1a8120dc22fc5132bf73f06fbaa3e340f2bc363dffd58406e3bfdd37a3e89d3d4bd3abca239a2630dca884fe00b8df419289e216469edc9170cfb8cd30fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a170708ebe19e55579c7b2e9f2faa31e9998043b\38c2084e-a5b8-4206-85e2-5928f1a55d80\index-dir\the-real-index

Filesize
72B

MD5
93da59987abaefb0d244d9e627700458

SHA1
29168779f08738830cd590790b712271a3b5ddbe

SHA256
34d7c70b08f479f37239c36c917e5c4b90d45930ffbc27ebf3b0af44d22325f1

SHA512
e758d2dc36be0bfb25d25c1cbd82a110ccc776fc0896b51446d7b48545fba7ca274031c6ef418296dabaf3ba5ec46d8782e28ab86349114102eefce6c4e3d953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a170708ebe19e55579c7b2e9f2faa31e9998043b\38c2084e-a5b8-4206-85e2-5928f1a55d80\index-dir\the-real-index~RFe57f1c2.TMP

Filesize
48B

MD5
fe7d0a4e8856991f1f545070924f4804

SHA1
9eadb9d85bc8ebedae955e9764985bd28cbad20f

SHA256
f69a4ab203b18b9d0d5c4ba0240f5cfe70e39c5159411dc986ad31740f46a5bc

SHA512
05a7d28ac30694d8b57985f9cdf79bf60c6b66f4a4229f2239ef0300ff8956e227a2c3be6dec47eda633412be96ac5dd41c404ee152e0670650c815d74647899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a170708ebe19e55579c7b2e9f2faa31e9998043b\index.txt

Filesize
84B

MD5
e0b0d620e3bdc99124357d3ceeb12e47

SHA1
94996233ba1e695296352474133df2facb0f7882

SHA256
866315f3c1ed2882185e57afd38aa6e8a302621fed3521055119137917ac45b7

SHA512
6747afe62dad8a0b5dc06ebf83d187abbf3879e99171cd9ebd7b1d47cc021be0e2990611b5f9cd820cdd01aa167ddd85e3d333e24c1c61856d027423fe44d795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a170708ebe19e55579c7b2e9f2faa31e9998043b\index.txt

Filesize
78B

MD5
568c100a5a94475cde249993baa189da

SHA1
2dab3821c0d3968f9fbe8685ab1c8da61457042f

SHA256
1d617d3117856ef221ae815bbb7a099ae122056fc971691b30aa881f85dee3eb

SHA512
425ec6cdb1d51a1ffe294e1ce647c7156760e6f9b821e4c6a7b1952e1ccc501205e491c0f0444c5d2968c391963135e68b54fd903b26f748e540c221e19c3509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
971309dcc400b8703bc2c3797f9619a4

SHA1
2e32425bbf5da87e3409bf725d90692c0f463982

SHA256
ae685ed16db4645bc736b052e2da0cda67549cc78a4c0e44d3e548be5af65e9e

SHA512
7fa94f00cda6baf5d6bd804f6595bcb2a0f11e82316ee179f07d8ae2bd0e10430863c43d7ae45ce86cc10ea66af1783ce9ddd351e57356d0df0c9f15c9b98518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f08a.TMP

Filesize
48B

MD5
ce9e0e02fe62c9f9f1681f091bdb2de6

SHA1
077b1fd373c767504178dee75a45bb8846317d15

SHA256
cc303eb5d276e38ae38bf262af827bfa5ab2545e32d7e6df25da27ead67c6b70

SHA512
531f4c0815dc9ee4e7283352f26a5a9f0194fb30b445612d91c68fccec120920daabb880bcbd1cca1b7d0c497328a0de7d37dafbfe2681d7f11ca22e6f0c6dd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eafe37418b587b16452e8a6eb4738aa1

SHA1
7e9462971e2aacd99910a33c9c468a4aba4faf91

SHA256
014f5859d20c673bd4a554dcda5f0ccf0efd047b32ab30e88452a0ee5bb51d3b

SHA512
fcc2e832f4785f79e646f0277498bb4edf919a5b431e3b33fdb2a43f4f608c05cfa355f8ea0e22011f3c0458e7eb8529e3d7df00f534767dcd62256e1617d1ac

Download Submit