hxxps://github[.]com/Sxady/script/releases/tag/Download

Resubmissions

08/08/2024, 13:03

240808-qab2waxdqd 3

08/08/2024, 12:59

240808-p8gvcatekp 3

Analysis

max time kernel
289s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Sxady/script/releases/tag/Download

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
2964	msedge.exe
2964	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 404	2964	msedge.exe	83
PID 2964 wrote to memory of 404	2964	msedge.exe	83
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 3468	2964	msedge.exe	84
PID 2964 wrote to memory of 4316	2964	msedge.exe	85
PID 2964 wrote to memory of 4316	2964	msedge.exe	85
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86
PID 2964 wrote to memory of 4136	2964	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Sxady/script/releases/tag/Download
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceeec46f8,0x7ffceeec4708,0x7ffceeec4718
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2236 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3116 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5791050111969895759,5836467408999834711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
37KB

MD5
a2ade5db01e80467e87b512193e46838

SHA1
40b35ee60d5d0388a097f53a1d39261e4e94616d

SHA256
154a7cfc19fb8827601d1f8eda3788b74e2018c96779884b13da73f6b1853a15

SHA512
1c728558e68ed5c0a7d19d8f264ad3e3c83b173b3e3cd5f53f5f3b216ed243a16944dbe6b2159cfe40ee4a3813ca95a834f162073a296b72bbdedc15546be8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
37KB

MD5
da4c2d9295fbab7844d4f29079dbb8d5

SHA1
2e214261c9f3394badf103af57a2b9bd6f89a68c

SHA256
b2f523dc352a436652fdfa66e899f589653015929b1add2da64eeb9650a7febd

SHA512
83a66de2c3593c960f5e7567f8c315f983245334f63bda67c7490570753bce7e865a1f752d15a5b6f795fb4cc4aa2a122ce6bcfb86bf3e116f00df7a558a92c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
bd96190c3723c6828cc6601ee39d46d4

SHA1
8ec0068e12d9f113b01d6077cf634f19079cbf53

SHA256
ed8fd1c5a4f0e11544b694ca505105c2a8fb4b643b41bae87b2b4f1ba14f8d1f

SHA512
7c649fdad52f9fe2bf76af6249b3d7de40ccdde73618c5b929fb16fe32e51873f7a73734e64b54e918a31d42d6430128c8801787e4ff5ee89fd9265ba9875dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
9befbe4922db0a84b6e438695939e7cd

SHA1
12b9bb6a65c7ff735a383691e560d4ca7c61b896

SHA256
8ab0c307e968e6fc2781dcbd3c36b5e97bd9ed0cad7dab5fce2729d3c7664505

SHA512
0c4c7fc0fcda6e1d678b57cf2bfb8c22166329d3d2a5dd5cb35a17a4683b8902859d6d305d745c312cc2cc5d50debdcee9cded3f077737b68aebf48fb60c4780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
1560c305d53a77f41cc5baf2f96934b5

SHA1
56d67b77b09f7a6c58776d45920d86180011f2e9

SHA256
100914870d04ee13ec268099b644448666405a59cc3a5fac27520c8027551ae7

SHA512
7eb6d8c33cd1c64591870d69a18eceba9c87f73340fa8e80e53e629a3931aa51fb8564e08908e1ca3b66d7ad6f4e2642a4a4f2cfc123601196604a251ee4bf09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7c79a77668779b622134e670dca97117

SHA1
bdad0b0b74f41b75caaa97fcb38eec4a2e3ced1c

SHA256
7de2509005448d20fa8700e9ccc52c5ed7ac5bfccd88bc6cb416a6b95ecff278

SHA512
3c6c709a98297620b9a087b4ccbff90316552e4bbaf2346cddec63436528906d01044f6f53fc87ebcf6ec78cd716598c1483974cb1b24545b5d5958cd98f2d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1d945043f6c86aba2c42c4988097bd02

SHA1
71c17f94f0b433118bfaf26135b4ede3df6ab2c1

SHA256
ed59debcbe100108fd6277a80f3cc67c55714cd9ec8573ff2771043fb52cd45d

SHA512
1e9c99662ac6a6297486d02a2ed27d26185c0e7ef63ce4be28c85c6d7eb7307ff66b106580cda628276aeeea2859cdc5e32d2ee70959a9339b3e2da33cc6c366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7e6bd7cda6c45c31b24576ccce81cee3

SHA1
9318651c5c34a0ec3b2107003f3a78f1c1251074

SHA256
3c9e6fe80e6150169d4154809f90b3b9097eb6a2b27734511e4cc00cda70cef7

SHA512
e5e347d00cc82ad1e29342495f81276a2e64b813624c3db1e3e3288404ba93d3b9f12af9d89f77238bac03e7d3af49e906ecb942f684cf6856e8b0b16b307c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
aadae93b8d636d034aee972c3635d7b5

SHA1
d8c1119ed585b5403056f37515b98d32d3275ab9

SHA256
baf498aa585a836559bfdfeba511aa8392d8fac7d57e594062dbad9bbd5c8327

SHA512
0a27888dc32f54cf0f1dff75e1f38813c60a0e0d04c16eb2f0a6bd898455f31f0008aa550b1e36f342527d777e71d9ef3e7e88788366f6b64cfdf8ece6e7bd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
3c141e7e8fbbaa0887fb82a648ab7a81

SHA1
a53d273dae645faa74d98daeb366af7468c0c2ef

SHA256
73463731f55fbf07f197aecb70af9ed67d4602615ec6fe7dbed50a89268c6f52

SHA512
e326d6e25c00468bd95a65906aa4e72c4bc9fcc9b9dd7d4b8cb99c4bcbfa9d0094f7a6ce81cd4b131be875fc59a6d7d520df87112cb7040f3d4186f270173199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
21fd8df1cbe03bf818a30a0f1a6ee53b

SHA1
693e862c91106ea516fb0bd78ab1ac93cf12b81d

SHA256
8c0cc0b43795ca83ba2d0d8560b7eb64e6912a17c4375ef66cd72330bb2073a1

SHA512
ab0e14b02259d3379f86ccb7ff58d930fdce53c8e27f3310bcce5ec503016345c203df400b927fd2d50104367729088245034a1e190b5735882d6ace8014c2e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4aa62ff9adfcba678f6a6419045147eb

SHA1
c4811f4241345d3cd5ed0c9cb610a1ddccf993fd

SHA256
c7540fecade65094e9a9032b853e28f2011ce0a2e1d2e9064f7f1a78c8ae85d5

SHA512
2b632d581d493ac48dcde18af00472e35c410b85830ffdb214922c060e0296cf7e5d61a526b6661ed4d6106b82519e48f7a7546d8597c41ba5285caeff4c74d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cb6cab2a4f72c637703aca59af09a9cb

SHA1
a82e2f3c4283b35c4bedcf00a2e13b5343c2f8a7

SHA256
b82658fcdc4cc2af045a7a8dbb2ce243b92cbd9650944d6ae4c41fd38ebcc5e0

SHA512
054a69f1177d6ba1eb1e2457465c6dce3f7573142b8bc502b85320e019d2b3534854f5cfac99b4c6f58728a2686cc40be143e8add5aff6a8dbb30a84969674e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cd6c64c4ce1e16a1dbcd3157efb3db8c

SHA1
f13a1fed49bdb456f4627f556c255cc4d94c9d2a

SHA256
c1791af8d60dc38479d938b173842ebfeb4d99414bdabe46a98a04056f2892a9

SHA512
275bbc8828971fde9356db2e74e94ba697ca3c530df975568c1c1d4c4bc4accfb7e8d01825e7fb8370c8e5bd0cb92306cccfe4362f29f258e5f9cbb426e41d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0fc8a43a2cd24ebb5d39fe7a76a94f8a

SHA1
b3679b74de9b222719f110eafbbc192e20e8da58

SHA256
ac31a313cead7df133eea7f97f4e8793ca0bb77883a76e17ce13e83db3302888

SHA512
7b8a1e6e4eb22ecd883daa9509923f61ee7bc16dee48cc58fb0e81a8f66bc446fbffdb2d0ba8b79ba3a35159e9cb77e5c3bf631f03787e319b09b7784c2c5c31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c42d1a7cbbb689e3fc3947c288a2453a

SHA1
4afc4db425dc3fb34c334f29984f87696565d5a6

SHA256
f9c7eac14dbb96a057f0784d009ce31d1915941df8439b7a5b8e92c6b8bbdc9a

SHA512
a09341a05a315f4a46a4c71383c4a2ff02fac4cbd974baa77a8da551af41c78cd7d236193f6ef107a4dc009bf267f08f9a9d00a555dac3d8438589895d0aeda4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d96564e5afcec3e19b1559ac0ebf42b

SHA1
b31700342840e8cc8ad311fff5995cb8e9269663

SHA256
ffaf11e736f9b9bf51992695242cd61b0f6b2b3e3b625f49ada7895ed1336ee5

SHA512
0b1e9d4aab0b9ef1e0f52218f8ce392a70143e2dec73a93715b5234b00d418e1c2201d9535baeab1e93953390b8fc2a7efb84337dbf9a67baf78225e61d1310e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4d23591d3674d1a7f65cdc686fb77423

SHA1
320e1cb237934bd4ff1ee9756f7410718027fb4b

SHA256
bb10f0ae37fe181b160724b09504ceb5dd283aeee3f0a35ee15794a4eda9a6b9

SHA512
76b12fa920cc739e8ff88c72b922f7e0071aa3e7d22279bffc0c4b2a463dba69196ce56b129f7ae813f2df5b7ca21a131d54ace78bb8a213e6e7ecc6999f3663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2957430fc7d3fc3ed5e0b70fbcb565cf

SHA1
284c45985d1c146cdd33f010e8f8b71276c57e91

SHA256
2c76722fa11302263124396f11b6e19d5ba0f770246ee2985f1c3f164b298741

SHA512
8cc644f63d9a8fad007858ab7d9458c2d39ea9d445a035e3a446133d8987803cdf0b312e6cb75520978a415cede2ef140d35ef169bd640ee3b9fa5fefce21e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
a171890877b01c1368343334364aeb2a

SHA1
6162357538ed78e8d8e414bbde663f5e29c1372e

SHA256
b975e05756160dd28b8ac62af3e3209127dc9731f623ae5f3b3530db8deb9512

SHA512
c2ffdd9791ceaef63be307188ab0bd9662b2776a268fee83b5723ac6c32f4e6a2169dba56541989a75c99830af6c6c38f738b61c1fa6eda3ff2fddc794dc20ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89160a37ff24de0d6491e9432b8b6949

SHA1
e42b2977c1ed73c5e0e13719285013cc348a7770

SHA256
f9ed4f1e746ba8e305bf44ef2f526a20a7e44c73bb0412785287abd2fae26a9b

SHA512
6f274eb9f3c9376252ae43ae0fef75107c0d3362a3da1680f3425da0881ef7fca31607387fd54d6fce0b5bbf6f572aeb34d0f74e01e680d6f25b2c07cbd586ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7bb177cf40f7f48de3101b8452e983f

SHA1
7daf9e17c38de208caea0cf613aba564ceec2114

SHA256
54b9e6a422c95626c299d1c02b7b0199b5fad15d8133ac97dac878bced0acc12

SHA512
7f37e046fe7f950e1409b9dd658b78ee6c399dcd88359e306be0c2f37fe2747ef9d5a434879e122b7b786e92b9ab1c2ff4a493b3c4324615a61ecdde5d8c7399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
25741da23f52b066e7e4e9fc291257fe

SHA1
d9a6ecb9cfbfe231bb1ce319b228ce5b9ac8b5be

SHA256
3b5527c93a3e084b670a2f0a0fc725d9eecdc06c405901ad25e275f7003a678a

SHA512
ec9fcd13a63a36b9859024ab324806a4530ee971606605a6f5b86a45f87548592685563b73d8ad42ef9c80959a08ce479abe55f72aee4a49297fa7c6b30e116b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
5f7c1f656cf94c28d0e734443a614cd9

SHA1
3903f262a40111629ff30927e345e1e8509afe6b

SHA256
7710094f3a5f0e19f6a421754895bdfff1ea40b809b03ececcffa468383bcb8a

SHA512
4814bfb35c25e0d0ab3546aaf03900ff9c9bf6e03d20e9bb7d3e2fff86bd910d6e06c600ce5454bd7df8023b016f40b625ab339e1780b2758617e4122564018c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
f342db71dd191ae003948f60b1b82874

SHA1
90a4066f5844a5cbd93d41d6b3d3813e703e76a7

SHA256
071fc466fb56bfe71ed4a7754265de4312eee361dfd1522a57cabeccad357c05

SHA512
5f4ccee76018a825b1acc8c248d20abe1e5bc8a2953f04f63eb95dbee53e2efa904b0658a039ae9ec43add88edd8f54d2c54cbf0746827e1e30ed75009e42542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
371deba74211aeae93403bb6a2cd7035

SHA1
751d6f57da9b076eb8ff1ff37cda463a7c7c92c2

SHA256
251527f9c38ad0ef0a50e6d52fafcbb674552ba7825c5ff2ba62e33eacf4ae24

SHA512
97a386afb582d4cf9367046770494a38e67177d84c1d91a64dab275ab2d627f8f460924bf8202e8ddfe1c4b20aef9a41e713ce6a7b0360c6a287d64fb67c08f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d637.TMP

Filesize
706B

MD5
fac2484a45b22a248bbb2a5b069d329f

SHA1
a38e35cfe04ffce78bc403b3941e56b69802295a

SHA256
6e4e9179cf21796d666d389a285527f56cc4bf349c573f6add39de99a37b1507

SHA512
5917344372f94b9f5300f4a2232e0e6b2266f9965a826e2463447bb742c4c695cde99a59a6312989bb650cdca773f99e729bac2785c9a4bb7fbb272b4a79348c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a45abedc475a0cae24c9e710606dba21

SHA1
14c7cfd204644c94a25268c77897fe522fc30f7d

SHA256
453c9fdde0735f7bde36cebeb8661d7411439a3bd121fb423771d5c9b8497379

SHA512
a80a57e30fd11e350ea646029764e7fb7520638b15ad76dec363cd3bae86f1f0dcd0f52a7f63cea8cde7fad98ce4a2092abd0931262d741f3c70e99b43189d67

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit