hxxps://www[.]mediafire[.]com/file/y0o5ceezn0m6gm4/Touhou+PC98+Collection[.]zip/file

Resubmissions

06/09/2024, 16:53

240906-vd2txsxhna 3

06/09/2024, 16:45

240906-t9hkgsxbmp 3

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/y0o5ceezn0m6gm4/Touhou+PC98+Collection.zip/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
4836	msedge.exe
4836	msedge.exe
5208	identity_helper.exe
5208	identity_helper.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 404	4836	msedge.exe	82
PID 4836 wrote to memory of 404	4836	msedge.exe	82
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 4072	4836	msedge.exe	83
PID 4836 wrote to memory of 940	4836	msedge.exe	84
PID 4836 wrote to memory of 940	4836	msedge.exe	84
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85
PID 4836 wrote to memory of 2308	4836	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/y0o5ceezn0m6gm4/Touhou+PC98+Collection.zip/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd183e46f8,0x7ffd183e4708,0x7ffd183e4718
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7440 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4300106655493884182,3709277528221537649,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5560 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
20KB

MD5
8108e5126bb1b9aaa660a7e5257e914a

SHA1
bb5749f62f3005fb718f7c1105a747343a47b78f

SHA256
e4c1b8044c9ac5c2de3c108408d50e218a4a7a649e1f28ab172fc70953fe8108

SHA512
c8ff92765d692ebe176676fb4a7dcecd29963d4770096270b7fd6820b91bd5b8b5e61a643c7fcb045b80b036b2e1d69d9929876a42e2d9b1669a7376384613be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
172da7c7fe09624495c3748087d60188

SHA1
ec45d27b7b347fd1de0c58c1ea1eba960e0f9101

SHA256
27ee1a65951a08adeab61054d9d52994943e46fd6511ee6aa09af4722d80be38

SHA512
685caaab2ca460ffd89ea68d8269e070116bc87110ddcaf2070ac9878237efa939d2e2a6c6b53cf7f3732a588b6abd85b462daa7f6cea56df0797531688619e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d017493e2749d847276177b4e0eb4189

SHA1
fb6d46bbb4e71cb0f12528c699ebd299e37cb800

SHA256
dd8f36768f45bdf8ee3592d7a113f8e2ac816793aecc8043afaa436b4318517d

SHA512
398736174c6c4570fcb92496e8dc6eabec402a43342a45c2d3b638dbfea3394d5f09db878b46b048cab5707fa305a81de568f59a1c00fbfe4cdab1c25cff2984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ed51baefc4b08e1dc572f178273aa598

SHA1
02d0fdf69b67d086e3e96a6d55d57df0ce5a22ee

SHA256
7780473cad3df79cfd0bfd4fae3ce9a5bcaa070afbba6b344632b9e8b7c318dc

SHA512
76db33c4f3d837e7f88833532fa7fd063426fff076b20e605cfedb3f522a57daf42fec16d0f2af60e00cd301515d9160e621bc626062564ad68f5294dda124e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
da4ecb76a4770237b9981d162058b9c7

SHA1
3b788fba49f6677750b85959dfe9ca9cb4537fc8

SHA256
c2684b8be93de8faae4ad8e00d8c712f90c74b373aceaf45f36e038201f9b642

SHA512
6c5e3a0204efa6f7025fd1289915436625077312a88ad4f3fbad8edcf6a627e89533ec80a14e7f67098d355722e78ffc90ae8733983e3724a2f7de270f10b44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
79b8a089398094a5ffa7a3f24d11ba15

SHA1
e03f5b6e0524625fcdd4d985ed249106ededd321

SHA256
9f377677827a251d64e2d35cb342ab1e8d6a0ba6a1520464e48d46f37e4fcf3f

SHA512
0722daeb6e911e72fcec7b88333a99506279c7e101dca62dbb5f6fa14e2b26bf92be26cd0dca9a1211578f30f375f8f2ca17d19a5b51fed160c556d421d795a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
244597dc462fd60cb95497d3c8daf81d

SHA1
29cdf7212f9d605968a062880c1c95782ad830e3

SHA256
b451f8d8dcbe2f27f155d2ea1924c53afda63e330c3f6705ae8e2901e3c15f9b

SHA512
cd527e22975f8e6e60a72881b3ec714af6ba93e4b41d5026677c08c118b6cd3f989d4eeb6ed9e0d1e6d1c4fe8648e6a799a8bd483ae5c513ef2ffb09dfaccf59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
427b091c1ef7336d5aabc755ab96a4bd

SHA1
0f344e0b9fe5f60e83fbc1933b251e7918c3fa23

SHA256
8a5010c2f98ce5e1f561b3c5b1762612c55714da1a79d7bb4bd921f1e64fe199

SHA512
0f28037eaf56d9bbd9b09a411652220d4b22d864eb7a63aaa19ea281e7f7c1749bfa143295f76d41435213a1a7cd5583b9ed1359e39c0a7c149adf3f8cbf2051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
ba65ad64f8469a4a17a5582e930347b0

SHA1
f16f42762a1de7465da12b1f466a2a4d1c731097

SHA256
45fefe57a6f6e0a5b76fc48c719bf699b1563881c3bda1e0a5a4d039703c909b

SHA512
c5e93084b2e9e688f8752019201a005f665a7b84e852b7ba14480d9b03ff05c6fee4967323d6bdc855f40856a00127b7bb89d68fc994bc80c45f442328e1b954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7ce49b3e456a6ed836cc30f30409fcd2

SHA1
366fcf7f76d8c503023a5e266c587f961308ee8d

SHA256
f36d440cd6964b29abb2b72f0e98d4aea8cf06a1af555150ea07ad03887f9798

SHA512
358c76e6f1ada19c11323040fb9109f89c93b88a96d3663198e10b49731a75c43ed7e35b99385a4e7b8db24c46e385eff0e31025cb6394f06bad2e8b55a16cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a75bd32ae66ad3156643fa10f519748d

SHA1
b1792dc1c379d9a9744d8bb88bba799d3dc97e9a

SHA256
f4bb149f8630e1b6cb21c1a8f6e47ea78b91139c51a34f20e257e93cc8521d84

SHA512
c5b518649ff2a8742854daf4e50b580bfcc584cd87130ebf1881bf4823c5cacace78dea20f25292005d09fd214e92558cca80db3d68c399108724927f2fc908e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
40ef3c923b83ab183329e69526ae6306

SHA1
494ff7064d4048aa4a9f38a6948193e7ea196b42

SHA256
0c06ca014a909f0c96c0177913e8a4c0c59d7b3e90b4aa55a599ec05bda517ae

SHA512
f108b05fc24d35e47fe036389827449b337976d6a3ad7638cfe9ab29edb8eb03e447b38229339cb6481aee4637ae1f5d59c54b7337ba62420a35d63ccb7bc556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9f77997d12caf4c0504e601ea6ca9dfb

SHA1
89df811ce3740750df1049d42111bf5632e87074

SHA256
cae60def229394edb149d4cc7db3b9255c55e2dc84123836c10d8a9254bbcee9

SHA512
081da4a6b140dcbe4117837a57ef1874aeae82fdb54fed8ba20b830b9a9873a048fe40667f9f531441863200e67b0d7391c0f7ffc8b8da60fd7a0fab01aee5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
43113cf7f77383335873f116bafa318f

SHA1
1b75168d5ffef74923a53dce864dfbf44f8cb12c

SHA256
76ff3f4252a3b7267bf045da12009a9a13f6e7dbf7e39ed2714f3a43ed82c0cd

SHA512
5597d1b0320398a60fd6c2dd971b5ba57b7ec0a97d975b9bc680f1f5f401bab6c46494b029cea63b4934ab9d67ec561ed1f55e02c391e5de9eea988ee984b151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1ea574dc2b7ee5d818f2ca1269891bdb

SHA1
c534898b6e32b76a9939726554ee2c7fc069b5d8

SHA256
bd7d450b49e4af85041a34fde6a2e1e6daca9f85b96cbf4760377bedcc4d4f02

SHA512
4227f10284f261b13cdb8c5ac224d9e0431efb17b072e44df94839a6ac437bdb4934911ef4de36418a8056382c70a1033908c2ce77315250ad5cf058e56029e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2164928065ffb0f319e56f5ce0c34698

SHA1
a40b28b3cb953a55629a73e21e4fa7c3b6098088

SHA256
21c40c2414b1c97797c212a6501b7373e28c37763e43e9936e149e327946abc8

SHA512
1a05093a11cdc8fdb5d6e4482474e03aca9ba309999bf1cc1f492d3b5e7ce66c22a01a5116791ead8d2a1c64a00c02a1bf680555693a72b19f94ced5299fee52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583330.TMP

Filesize
1KB

MD5
1e38b12ba4765fc134d01277d899ac49

SHA1
162d02b88ba8cc1fcbac6067759b1a90bea259f6

SHA256
1f82755d1d33d4aa8e785823637872875f9e88db33a46cc8ac22cefdb0437357

SHA512
b814da1444498b42dd8c4a695ef4ec39e6c11fa077a7788daf332f7767ec724e566c9d35062b2d7b943ae2ddf7d3ab97ea879e4e5b2c25437ad26d65aaef5933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
24016f02e88e931616982675bae485b7

SHA1
0fa34358cab76200737eed0d2daf83df22a228a8

SHA256
506ca030d3af9e7ea8a046d9782ac40364063f4c1626b0b1c42edfcae39b7fc1

SHA512
34ae5a112acf15e58735f4f2dfda26b31530f0ee1959bd8ca2d71a26da0b4bded49d312c074ee1594615925221157e38113e3818eb1aa247786c5b5bf8d75a6f

Download Submit