hxxps://datanodes[.]to/5ekjcssn2xj9/The-Bus[.]rar

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 05:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://datanodes.to/5ekjcssn2xj9/The-Bus.rar

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
3956	msedge.exe
3956	msedge.exe
2544	identity_helper.exe
2544	identity_helper.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 624	3956	msedge.exe	84
PID 3956 wrote to memory of 624	3956	msedge.exe	84
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3888	3956	msedge.exe	85
PID 3956 wrote to memory of 3780	3956	msedge.exe	86
PID 3956 wrote to memory of 3780	3956	msedge.exe	86
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87
PID 3956 wrote to memory of 744	3956	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://datanodes.to/5ekjcssn2xj9/The-Bus.rar
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffb5b46f8,0x7ffffb5b4708,0x7ffffb5b4718
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10335575440503543609,7430126979482549339,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0345aacb-2d39-40f1-84da-d74ea62a28ee.tmp

Filesize
1KB

MD5
51f19d34b039a47edda72fc1ff4aeabd

SHA1
4bbf1ccdd9764ebc1037c85ab114c9f1fa7aa751

SHA256
da8942d64cacb1b33f4ce3625dbe28ca338a3c156aad34301f563e9aa71c46f6

SHA512
ae20a148e5ed806a19d78671c8aee900c2d631930c3392fada02cfaed733648532732dfdf697b5b0da2efaa2e22da440684f1579ce671ca07e1bb06aa01aa9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
2.2MB

MD5
be8e9a8735266822b4ff93ab355dab8d

SHA1
47a46196d85cecfb6befef64bacbd892ea46fc22

SHA256
8f711aa172af6a9a50d169d0be8a522db1444398aa09b05cddfd7a36419c708c

SHA512
1552add44e6f5eda8e5595bfb8e8a701c22199c5b515a02d434c939b790e1908b25bec5e7e45de084ef55ab13d18158b1c8f219d65d751d0b65fe2c83142ee99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
26c3c7eb3ba18f42c5b7def4ad1bae81

SHA1
0283b456ea794e4e8a440d1fd4cb5646dbf26528

SHA256
e359aecfab90281a83281ff8f3a4eee784ecff76296a0eb5e9b088bc089c7754

SHA512
99d6b12bbb6d061c7cf5e7ab47d4e34968e1d5850d97775bd8bd0b9e9bad7b9802d7a58aac5fc21916e7fced8110db40614ecc9fc9a0e38dd69139598247dc3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
8c0de1f2b4d480be218322e7511ef018

SHA1
1848e5f43cfe4f67cca224dc74165c8e8c573bbb

SHA256
51159a27d68bd30203680a2091bb609af16d543e0db266cdf4ab1d70b0567141

SHA512
93c23e8a132ff02ec1b9748640d5f3a7fdd8ab25a5bdeaf090c853371a5097e6ded924493107a06045b1a5de5159487c1ffb85a9565664ff2f67f9be1dceb2d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b48eb527e6a3fdf920ac83d0fd07d0db

SHA1
471974f871890007dccb8621f322994ad9621f6a

SHA256
65c06f58729dd8351412f7811ee5da54d762d704e35c019587a0705bb1d329e6

SHA512
4580230e8883a01c14b0de1d15cf3ff47a4c352a219bf77e274fa048c8062df718852e6563ce5b346b810e24ed6a81977fafec3eac27edc1a27861f63de1c9c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
96930d615e72748ed2870911d97223ac

SHA1
b24a06b7030653475ad4726d1292c026774248af

SHA256
414f2a39616f8652805aed43dbbfa7f22c8a6df4857b395edb0569a2c2f0d7ff

SHA512
a91ea0a02ebb09a5157e4aa79d39032e6912d9d163e7a677876d4bb6c8a9ef17e76ff45354ab2c0b8372c226ae87efce61020a94b64c35df8be79911bd4ac970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bdbc61431e9a6d5cc187948c988a0fa9

SHA1
202dd79adad2051d5c7368889256caa03a889269

SHA256
44d988402eaafac7b779c5f7f8c5e28de88ed5db4711905f276d95251674cb0a

SHA512
7d20ebc179c7e010a8466cbcfce3085d57b3e0ce5978ac33a2d094809022a3f6b012d8c081a930b90545bf06625df6510f3bd5daa5e2373fa735d2c3d2aec8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f115a43370630128d2da2117dc4a0f9

SHA1
f8bbab688caec9bd060e8e50b90172394552733c

SHA256
f1f216ed76eaee6702b306a33574089198a6e3da1b1b8abefc2813091ca52a19

SHA512
770aaa0c9d002f9862cb714a7da184b4bc9e7f69cbaeb4b014c42215efa428d982cd26a2fb04b776833be774030fb539ad33a1251f8656580adf00c807c72497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f28579950554a2d9d81349dd136acd46

SHA1
eafaf3f50b65db8254d49502dc321027d70eb5e3

SHA256
5cc2187106e6448b0c11f4013ebb5ff16340e8eacd0693f56f8540837757bd65

SHA512
8ccfcb2688a4ea81bfdf9f8c250a085a8d328a0e4291ee70cd055c268ac5b9dfcadc4be16b533dbe9fcf3f2ef2b111a60b971447ba1df17882314d3aeda73fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
924d025c69792f338f008bb37582a7c5

SHA1
a2b6dc9b0d6ca66ab9988d2eb30bdef29b9fd01b

SHA256
0efa770de1fe0d03922922a9d2da417b8dd01d60193ad1801b5efde20b5cac15

SHA512
5ed3630a8c2af1cca7eeae86ded7092dfe8d17d750fe066b6d19aa756b730faf8f4d8cc941f699c4b44f72f3ee2ec1b80fd1cd58dd5683ff5fea10104fc362b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588de3.TMP

Filesize
706B

MD5
ea5c2fe8027e902eabd3eb0182c145c0

SHA1
be5b792d11164564b5abf5bccb110475d3505707

SHA256
a2dac53ecb8d8ba43a3729ffca2469cc7849f31d399e98c1206c531e75561230

SHA512
c30fce49c1dfeec08172eb65e1da08da9f319d65908fdca699fc6dcdf8971dc3967f60b821c008f24eada2101eeb7fc6cf630f3b2f95ddcc63f103e78015ff57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
77acfac8c5d9bb5629c3218ed458f563

SHA1
262890e519962a97edccf67d80ff33063954fe8c

SHA256
94f66a2aa63da877182f34d0de9d97d3ddc4369954d2f0bbcc1e679b7f34763b

SHA512
9984f19cc575e9e3c6dd493d95bdb31d9f32eb1ac465d4ef4812375c56bbcebf9e1539c79b9f11c3a4ae4f2b526bd9c134586bc24144ecbe6fe5fc5a85230de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fd94d6ed08684b7ea1af7b3f3bb86342

SHA1
5624fb4febd79b0c1997559dc96ba09390626d3f

SHA256
4e649917f091b2149f01daa50a0cf9785392dc36720ecae00ca4bbc21526cd1f

SHA512
c849309d2eb34bd99e942e30e662826047c692b00ea8cdafea1d917ccd781f749c2c353743f90d28164f018dd68b44ca58689c59028cca1222cc8d46ea94b64e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f839cf5302359eeb2719d4efa96b3835

SHA1
21a13f8cb5877ada1b1c1840b06358be67ef4824

SHA256
d81065a89c893f0292b6b35f1dca3b3453377ebddf8d44a306a8164591daf1af

SHA512
0902c50ec1d8640e7c2ccdf2fd98e8d4339d0b194d5e6ac04a8e07f003fcc426f416875feacdea652c7cfc60bfa7955c899c7fe2f412cfa87a859f5ee543eb44

Download Submit