hxxps://lnky[.]ru/z7ehc

Resubmissions

07-09-2024 15:37

240907-s2zncsshme 10

07-09-2024 15:35

240907-s1bvxa1anp 10

Analysis

max time kernel
91s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lnky.ru/z7ehc

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand steam.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2792	msedge.exe
2792	msedge.exe
1400	msedge.exe
1400	msedge.exe
4864	identity_helper.exe
4864	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 2468	1400	msedge.exe	84
PID 1400 wrote to memory of 2468	1400	msedge.exe	84
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 3536	1400	msedge.exe	85
PID 1400 wrote to memory of 2792	1400	msedge.exe	86
PID 1400 wrote to memory of 2792	1400	msedge.exe	86
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87
PID 1400 wrote to memory of 832	1400	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lnky.ru/z7ehc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b75546f8,0x7ff9b7554708,0x7ff9b7554718
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=180 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,265384358647283857,13238272660152494518,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4136 /prefetch:8
  2⤵
  PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2696

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x2f8
1⤵
PID:3500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
32KB

MD5
e13edde4a25e96e573f37bdd11e020aa

SHA1
84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2

SHA256
45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515

SHA512
9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
119KB

MD5
d45f521dba72b19a4096691a165b1990

SHA1
2a08728fbb9229acccbf907efdf4091f9b9a232f

SHA256
6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc

SHA512
9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
120KB

MD5
6168553bef8c73ba623d6fe16b25e3e9

SHA1
4a31273b6f37f1f39b855edd0b764ec1b7b051e0

SHA256
d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66

SHA512
0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7018957b1d2d6be3fa2732a6ad312d04

SHA1
cd65c0b9331e1d7d2092d65dc1ec7cf3bcfa266f

SHA256
e080c02df528193e8fae6355cb3993a2d0e543f85fac9ccd11dfe890ad274f5a

SHA512
2b596febbe43a63ce768d01c92a18bdcd84dec45b345368f77c83f8e3845d6c63e982ee384031b6fc43ba5e6143eaf42024224cf5f1178495b867e60bdf474bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1000B

MD5
0e7332c576722985a1249eea3de7891d

SHA1
897a24fda4ce04933d9511e12031f22d78249860

SHA256
ae293660fc8f92b4bbf9e2f0bddcbd8aad2ab2e993b55fa069ae1aacc037be2a

SHA512
f765b176fd69dab9f3532ed8e0e2bc9c2ff310f0d06d46612a3278acaca41615161cdd1547653019a2c7708fdba239abb1f12361db18b8f5289fa9d9fda7ac26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9cd5d3edf830ea9cfeb7e39e11a61e7

SHA1
d6d41f4433ec77f8d9e3ebe05ccc2285828b1306

SHA256
adc5deb6bb5d0837a867a1f7c30d2bae4c8dcc3840d2e9e59e9e1e48434faf8a

SHA512
b835a712221aebd55932fc4308e13ec0f3fddbced9f89cc6858cffc91f5610cc80955dc89d6dcf4c7fa2ba6a6fc359dc1b6f6729b397dbd548de71915521b529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
779c9f03900db4ab9d4a7ad642e97a6e

SHA1
2e143142a69a0674be2845bd0c7ca20d429c3aa0

SHA256
d0277716e76949e918f818d289d7a5c387e16eee4df4dc2f5a6128bebb6b550e

SHA512
346c2b997fdbd517df8e29b11d230efa4ba68b84d8a0bd09c97e1935d2f0b79a479387304556a611c624ec165c67b8b198ad64abe5e21c37e2d5b05a312b708f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c3d4d8f317a90da054a6864203616a8

SHA1
202eb7cc8bd21d9b401a475170d439df4682fff1

SHA256
cdc5cffcb75af09e862f26d085e3527d568fb9ff3f537185d3aeebc2e49a90bc

SHA512
382a7a6a5df8ed9e965d3bd36c437e367dcb15d64be36df51b0bc987122f726cfb3d9452916e62be7e23900799a37827fb87fbaa7e86937584fdb14774c0e6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
044b2e38ae53b43f9f235ec271728686

SHA1
5b9950c10e0214b1f52dedd283516cc53eebf0e3

SHA256
7c0f6246f943f5430c7cf07c99d664e04c1f702420335f5f11b26a658161dad0

SHA512
837b1367b7264221914d8e6237a95478cca44e318c00d89c47a3ad3f9f792b27891e136022c49c61f6dd7d683eabaee7ade57f792613a3d1ec4f0babb8f94f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30fd7c001d432940ac13d67c7fa0b724

SHA1
d8c3a70dedde1c983f216b1cf527df311851bbe8

SHA256
9f79a7c86cdb6a87354730e41948e5a4559ffd1627f7a8afe665883ec6d71d77

SHA512
c0b64af43b5b9c4d335602a91cf52d35ce3841b778242f5c5e4e3d9abdddb44c699fe01437d25252df1e779eb60457178e5efa53bfd1665b2b189364895c723f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
f98faed31d80c5a07999c2a61d6f10a3

SHA1
418150553e6553a2a4f58704b4c238a8ab447281

SHA256
cdf4710a7b0cd6469a1aa6ed8326a9833dccbab548c6d7e8b092223b636cc4d6

SHA512
7c14b21e6e1f740374435f007e3bad602ebad27c7cc48966a2fd940c623621c2ee39c8523481c1bef02f80f7bf50b11fab9382becbaa60a617e9475f5bf0669c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
7674ca323edd8c0146a8ee00034bba45

SHA1
11e529b02796a12f83ded20f67c75e3dcb4c0911

SHA256
74ee8545dfe8b9bb856290086a8e298bcd478360c6121fa2d9787165714e97d5

SHA512
773345f642d50a2f86983eaf95d8f962dae5323c5811eb9bb02d6306abcf294bff2af2a25a916db5e64c18330a4510f5b79cb0e9eda4519def3a14ffa6a462f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583e2d.TMP

Filesize
874B

MD5
e763d5af3b4216b28cf11fa47b65d7d0

SHA1
eb9efc2aa0a01a7cb0e52835d15caf1ebc3a5871

SHA256
9a8cbdcf3f8d4aeac66a98d5bf8e84548cdd8d9cdd73b25c8cf2fe76d11e7d3b

SHA512
c6fe8eadfa82ce51cad5fce88e1393d1981dd9be045fa0f43a7bb87c7e16ec6e8ea4c5c77864a7a83a64d4eee802c58101bf5a313739e2ea977265eb70ac211e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
05538e20b90a16aff11b63c1912f40f7

SHA1
e1a83fc7804bf62875caf190158b9b219d7101e6

SHA256
79fced6c94e2e3cd501d9727e1c5eb63e63c9c61aa5e706faee79f630ca73e7f

SHA512
2e854e618ad357c982137c59d046c74441f3d41ac7c90cbb1dd2d8c2a41f6012a5faac394835462e0391b8d74d34640ace9ebecd6c3010dcc3b2816dc047232e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
0b88dfccc680192bc092a19efc739c92

SHA1
52b925eb05f0402fe62b2f51fdea266ed2a0e34b

SHA256
d955a161bb6cfb406b21833ec08c50f4e4076a8ff9cbbd8c94572654f7c31aa8

SHA512
a08e2755dfbf3f3f96b03c8fea39febb5e8ee7223d703d80926d4dd7b5f8411acddfa80a1d47acbd1c5dcde3b1e36df9b0ef515a2ddf45f5436436787f5a666c

Download Submit