78a6004a643d2df3995644cca6836ad3da12778a51e10b5e7189252d1d25c314

Analysis

max time kernel
282s
max time network
277s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
24/08/2024, 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

chickencraftlegomanedition.exe
Size

93KB
MD5

c02e678d72e8b487eedc99c368eb2459
SHA1

df27901febb127857937487408f715a5abc3333a
SHA256

78a6004a643d2df3995644cca6836ad3da12778a51e10b5e7189252d1d25c314
SHA512

8883455a510f4ebf2cfdcca78a7c6ed06a556658a17db20903f6c598a029ccefeee3120118d6043568bf40627edbd4b1c993b26bccad6986ccb2613daf0036d5
SSDEEP

1536:D7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfOwxKc/Ok:f7DhdC6kzWypvaQ0FxyNTBfOrc3

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chickencraftlegomanedition.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
3076	msedge.exe
3076	msedge.exe
3584	msedge.exe
3584	msedge.exe
3868	identity_helper.exe
3868	identity_helper.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2668	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2668	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1372 wrote to memory of 4468	1372	chickencraftlegomanedition.exe	81
PID 1372 wrote to memory of 4468	1372	chickencraftlegomanedition.exe	81
PID 4468 wrote to memory of 3076	4468	cmd.exe	82
PID 4468 wrote to memory of 3076	4468	cmd.exe	82
PID 3076 wrote to memory of 3876	3076	msedge.exe	85
PID 3076 wrote to memory of 3876	3076	msedge.exe	85
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 5048	3076	msedge.exe	87
PID 3076 wrote to memory of 4444	3076	msedge.exe	88
PID 3076 wrote to memory of 4444	3076	msedge.exe	88
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89
PID 3076 wrote to memory of 1452	3076	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\chickencraftlegomanedition.exe
"C:\Users\Admin\AppData\Local\Temp\chickencraftlegomanedition.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1372
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\9DB7.tmp\9DB8.tmp\9DB9.bat C:\Users\Admin\AppData\Local\Temp\chickencraftlegomanedition.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@legoman19560
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff989c23cb8,0x7ff989c23cc8,0x7ff989c23cd8
      4⤵
      PID:3876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
      4⤵
      PID:5048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
      4⤵
      PID:1452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
      4⤵
      PID:3132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
      4⤵
      PID:4956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
      4⤵
      PID:2852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
      4⤵
      PID:1140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4016 /prefetch:8
      4⤵
      PID:4436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
      4⤵
      PID:4440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
      4⤵
      PID:2812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
      4⤵
      PID:4088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
      4⤵
      PID:592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,17703368305227264980,15368003371077866342,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5472 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:980

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x0000000000000464
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
0e669d98a21062ab0e63c619e99db638

SHA1
b066b2c7bece21e8c9adca04a557a39c9c4fc189

SHA256
95efc1a35b8e81b315e38141f5a5219173bcfdc563c6539a74c75ea17c42ec48

SHA512
e01923199d548bd784a808f0585f830ced760e375c662b10aebc0200028b9387f81c0346c37429b58d4bf89fc360cf3cbd4b3def3c3c47c5b2e261dcda769d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
21eb1adcb11fa1731bf886ba4ac341ad

SHA1
11a7b7f956c31f5f6da245892968665dd6751806

SHA256
26c81deda638fea6480edd77ca4171b7f3f35ec7e214385e1a600975c04977b6

SHA512
d89999258c6ca14d0e351ea40a3990f3ad3e0038800e05b89824d6ab06678d69b8f2a45698e8de0830f95bb6c0c6ff87023fdb934f9cda55e3f35d1244fa9271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9fa08254c04f587e216cbf39b7abbbbe

SHA1
5745ccfd4a86b4c4fe60dae6be0107b68f78ae09

SHA256
87211e9a9c35ba79429083c9b3721dedc81ef0f297a358b3bb7c906c33d8167a

SHA512
6356e9c23f33c9ca7a2995774269f74657905b5a98010efcd13ebcd99a93eedcc883a7b868617172568c5c8dcf02250853e84e5b8440f650677459a771bbf353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c9e82a8c65801445781215840658488b

SHA1
f3857f16c5e217dcb5657040e4b748019c6de130

SHA256
506bc8b03e248cd2327dd5e6f82d454bc77cfe7a288fd0f4752ce6f2da9c5387

SHA512
d7a592abc47de0cd21dfdf950825a4b9339e9b4bcec6ed6f51fc02920e5ce37869f7871d2fea3b154b567365dd0780e5bc5b4df9b0b14b59a34d1a489ca3ef61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1fd2b746a15e9b4b896dc70a47bc2a9e

SHA1
651b46fdd48029184d2766ff2be4e1ab817baf44

SHA256
2f7a868e40ededdd68cd015b192a057e1dfe6641d1e3c7782daf608178b2a1f6

SHA512
afe5d109deffde2350b3eaeeeb2f4fb5ad5100ef92d3099f98199a3137849a3c2aca5901bbb616ff4af27cb2d34d84cd614e7154c5d670134f5a55de8ccd51c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58ab3c9a050439bf50ae9896cdaca3ed

SHA1
b0acc6a2e7f44fcafb47e9ba2b354254b105e440

SHA256
4952504b026c66de70337f093ba3ed0c9ec561abb4928bc92ac6bcd8fe8fcdd2

SHA512
3d6d8166a980dcad977985959b1155dbfdaf750b073b5d558b99af25f9c585376296bf964f71e4f137a5295101ce2cace331332f5fde8f462e8c72f6703c9036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\86ea2fd0-5541-488b-8299-917d57cf032f\index-dir\the-real-index

Filesize
2KB

MD5
df99c20139eaaa79f75e8c156afc2342

SHA1
02c34ef7d5116d9673bdff05da5eae61208100b4

SHA256
c6691c7f5ef1275f8c271f3db68a809f18bd15da0497969358f246c4894cbd7b

SHA512
7a1c8ed1911505155e99f1d8aa85f6f855be06d54b6f83d0871f3c37eb7df313d96aa9f4e936aec7faec068fca48f9d05538621680b8709521c258ec1cbb562f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\86ea2fd0-5541-488b-8299-917d57cf032f\index-dir\the-real-index~RFe580625.TMP

Filesize
48B

MD5
76fccbeac68b19780be7587c6d23f7e5

SHA1
00fc34b15e1f009239b3716957a4f868dad01dda

SHA256
5de4fe208f02cb253397cdea2d359670a7339d762ddee51068bb9554a3b45427

SHA512
24ca441fe553e0485e1f227d053d31329682988f69358af741caa7b232269f0499c854776e28d2fb8573fd2b48159f5899a2528f3cc2b031aadc6c8e3cda0d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\88cef227-6937-4bcd-bf8a-d9d43ea94d91\index-dir\the-real-index

Filesize
624B

MD5
df3e4cf8ef771fd2df8534d7d1e70988

SHA1
ec14d6af12d2e8e191128cc327cb3368ed525e58

SHA256
0e6f64630969dbbe3058ffa3d6e854bc419b83ea0070419ec056faadd1f4998c

SHA512
e1cddb45a9af2d408b4988f55c1544bcf208cec2e5c666c8c410dda7db0b5652c3536bb7f33de29b1b5c923d884a30cdde8c0c3336c2684afe691509bbf0eb1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\88cef227-6937-4bcd-bf8a-d9d43ea94d91\index-dir\the-real-index~RFe5804be.TMP

Filesize
48B

MD5
74bd9a24f9d0391c2ed639796736abb6

SHA1
42b9bb4ac8b4059e86ffa54e14e9a731e679edef

SHA256
38c027c95db42f3b5cee76f89fe2c57f422606a3846dca838be5b79fa6222033

SHA512
1c5c88323417cd1e823891d80ee847c54188a6cd2142830899a9f8da4742c2b22955308b709cf59ca927e75ad247155739abd818fa8902082d7296548fe2a7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
79a17d19f987e60a73a393aed84af25b

SHA1
e32a914e01b6ff9f19c556ba86ca7ac776923c3c

SHA256
e5d70cf22a7fc0350ae10582a5a3a5184da009e98f052ed295c2e3bc2d64be9b

SHA512
3cdd88d74f097c9d500e0f99710b72dea48f649c327769187d160ac6eb52de43d6363719d5e0decd2c20af2922e8c88df903b50cd5086525b38f818208c1076f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
9ba3e72239d5f7800c97f955ac38cf0a

SHA1
64a2db5d914102b049f8b66c1e89ecb5a34ff098

SHA256
16082f99cd62f71a04b887fd80b9ef4a7146637ecd619053bb77723b753a1aa9

SHA512
490d5873df28899640786506f844456d189b9a7f5df3dea5b11f78b224ade48c4ca1f31c691e395d64c72125d100cbfffeabb69f9d8ed3adf4239f9d33718cb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
5c250f75fce271c0794e4a4f7f59a768

SHA1
04e7b0291569b6ed5c478144d128d69d8dd733e2

SHA256
4fb618b2574f0a58d296192a6a4dc6bd7c3993767c45f1ced93aa75dad529037

SHA512
1e8db6db75ab4e57641e2461bdc4c2a9e4b06e43802c7e29efee644fa87c52b8e016a23a9129a8dc67718dcc1ccc52a138da81dc08aae6d69f81c7fe6298c489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
3bf30ccbbbbabb5a514a63c427ef5809

SHA1
b990601d1fadef58e0adfeb2674006e29f4565a0

SHA256
846d40e8fffc4e9805aea3ef2efb825736c4edb4a897a3afd43ed9d05be6315c

SHA512
24de9a6680235284c906d492b096a39bd617580b18f1d2415e25d45f6cbe531c4ac124593162165f6fa381d350dd123b07964c899768309416ff34e8f4e9f3c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
a8e7e56b74a0134e2da4897b276766dc

SHA1
d9f42ab8932973259213d301949347c30be70804

SHA256
62ed070ff22c401bcec1bc638e8b9bcbbf438e4f5aff7960e3eec1971dafe5c5

SHA512
ef1d79ad39f35a71764c1f85533c40df796aee041000cf4fa251c2c5c6db9ba8725674e8ad1b9470008d0e8cf8f8d0daa85d2412f0354b78cfe4cb9cafb0376f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
9f037d04af7cf38601841d92ea7af49d

SHA1
e1b8e752a3ca8ab9031a5ad085d5500bd58ba0aa

SHA256
da847a6cb27f68104755be40e925679bd5c52047db113cefd8e39171e9174fa3

SHA512
65e8b757efd01546c8e4299bfbb9c2b6e2c02d7600a770c0bb64aadeef121c79c5a65ffdcfa999c4460279e914cb6ac43f17b4bde1ee53645b02786f7af9935e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f9e1.TMP

Filesize
48B

MD5
75766e0c66987df52942c0426c6dea6c

SHA1
f70af2866d6e53b60cf0ed55e20e1506e8e323d0

SHA256
6500bd1acbcb175f0e69b3de1c8cb8c90d18e27bb396e5b389709f36c2abf574

SHA512
25c6b506e12abe92c51d74f25e551bcb41e6b6313600301a25533c75e0397ada486407c197d7ace5afdac9fe15447094c792a3cd3425ab0aa5a016273dc5714c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d1ee206720fa2d2bfbe21428f7191a8

SHA1
bb947c55351e9b6055697e161e0492a714952d89

SHA256
a21d70ee0b53e643ca2dbe45b7b19a05627e38893e2aeebd8ccd1959b492335d

SHA512
f0f913d9992a92093e0cd1414d70101150a834f2d07902a5f5d747d57f858542cd5e9902d2a3fd4cbf577a4dcdf080a8c83d905e771e53d735ad1c1033697556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a6db8f3803fe85e7b3ce49fe12631093

SHA1
7f9fb66662d184df3c811b34080aca7064429c7e

SHA256
bfb937aa7f093bbc709d15d0a08ac2cfe32d87f7db36552dbb2644cfd1c5cead

SHA512
b3e2a0399dde822669fb126ebc6938cfc4f8b1dc1d564ecc33470d486b909eae7342c62a7451142802a4d4a9f1f29d2a1cbbfb1809de4e06d6658a69692b01ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\9DB7.tmp\9DB8.tmp\9DB9.bat

Filesize
54B

MD5
0ffc1e720540be178cc50ea063882bfa

SHA1
f2ca516326c92525c43dd1dac26f0c5a23a6430d

SHA256
5e859bb5276e3798a9307a65992974d4eb486074dcf0bdc44944f8e3827ef20e

SHA512
73db0e4c9ccd2fca0ac2f3218c61a2e51841cb81ac537e0a3ac5d48c505a77e787b95d1f1b6ccad5e19d9cbb864ec810f4af27a8d5f97a7fd18ff482095f8326

Download Submit