hxxps://t[.]co/gHdmLP7nlZ

Resubmissions

14/09/2024, 13:36

240914-qwdgtsxamc 7

14/09/2024, 13:34

14/09/2024, 13:25

14/09/2024, 12:47

14/09/2024, 12:47

14/09/2024, 12:24

14/09/2024, 12:23

Analysis

max time kernel
32s
max time network
34s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/09/2024, 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.co/gHdmLP7nlZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MailRanger 2.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
2868	msedge.exe
2868	msedge.exe
5096	msedge.exe
5096	msedge.exe
1424	identity_helper.exe
1424	identity_helper.exe
4048	msedge.exe
4048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4636	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4636	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 4784	2868	msedge.exe	78
PID 2868 wrote to memory of 4784	2868	msedge.exe	78
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	79
PID 2868 wrote to memory of 3132	2868	msedge.exe	80
PID 2868 wrote to memory of 3132	2868	msedge.exe	80
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81
PID 2868 wrote to memory of 1168	2868	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.co/gHdmLP7nlZ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4ba23cb8,0x7ffb4ba23cc8,0x7ffb4ba23cd8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,15667855583483891808,8013660169514506550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5056

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e2ca1108f34de23ca5216d33a3523147

SHA1
c4616c9513f2bdbbe3e87bc8ef3c753a98922aff

SHA256
3cc25a8bce5eb635902ddfc48d47b1efa044af7108d088f96bc02ae9969c00c4

SHA512
d1b2c33363467265e4942b59df36c46c70e83872a69f8fc88f1acee5b19a2546ef13aa35f86a124b877485755b20bc15e7fda432630cf773ce8f005e33882c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
320B

MD5
876bfbefd6e1f59a962fba7e23422e9a

SHA1
b31a0b27efd73d31ca8a4105215d175268745301

SHA256
51b3685be22b2e73b47e0e33260e0adc33e0448ada0ef1e45b0dd32a21f3bdba

SHA512
82669cded97c421f675ad72fe8a3b54ace1bcecb186402bb5fa8e14970af7fbbf71fdb4c9c23c99f518d74a4d5ec9441c49f78eb22d2d7fdf20305f374d06e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d3b1cf74d60853f3fe84530a46abe29

SHA1
5727f4e5554a3411163378dda938bd2c5eb61140

SHA256
591cf2318f18a440674c61c1fcaab61ac344b1a8b9b4ca043025039f81b97f2b

SHA512
5b266f43916c2b8551979c2628713b3140b987ff5545517fbc13274fb9ed31c4f9a54f4730b14783f942356eb3923fca1babff4ad23ea6cc15339a3028c43ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a25300b70f85a080fb4cb958c672353

SHA1
ed0dfc29699dd52bd4e6d35e446f6b61704c89ac

SHA256
c937a0fe1f992a7ef398b043c30a2fab2285b64f0bcd71206eec63b92997ef0b

SHA512
22337e3f3ed7a838a5ad7b714939327b1e44349b78b1fb6776bc08f08560144b74a4f10788858ca81ab564039f656af226cdb2902fc7b6b725789c47eb5db322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
448591151bc029232a2dfde7bbdeddcb

SHA1
f1750ad73b99c2860bd2eadbabe0d540482ab051

SHA256
17f635dae9e8661eb6f67e7f061bf2de0f891443f11594e9afef25994ad11ef6

SHA512
8d06a95e0a94b44395d52d53054c2615c460924942f66e26598558416e7fbe32e7e685a0cc30bda4112fe4e31a9ba0acc191564cde33bd5372be49ca587ba362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e968db728addfda0f20f4da42071af1d

SHA1
b89d10f66da9e9c6c9358c2aefb634db3af234ee

SHA256
925616b1c32fd8372eae5e3435748a44425e7d06e38193266b4ce5fe19f9f090

SHA512
9c961a979fc43265c499e8e581a2d1d7ed637c2f148a1aede897fd48c2e537e40ece864929cda330c82ecbb30ad2980caf581adaf0b681e83ae73d493988f34d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5807ea.TMP

Filesize
48B

MD5
1acc652bb2194762a689cc3c82248f98

SHA1
429e493a648c3f0739b9b5df9b6442818feecb0f

SHA256
d72f312fcacbc4b8f56bbec4cfc4a6e68a54a9a7de1ad911b21ce6a58ca54021

SHA512
b68d429ee52f631812e9bf3cf404aac5d0cb10e4c47a7079cf00c85d210ab77126bb86679440b7cd97f2e3e90d7d8e87fb566364c9694ee7f7d2807c6b21906d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
306c773907a1a511041622183c84120a

SHA1
45916fec5f0455a574b775b6aba98718c4a8b5a4

SHA256
025e2563e517185cce2dd66b60bb208d7abc3555fc057fdca54e6aaac420fa3e

SHA512
80d2e634246fa96fc6d38692c1755b7ae3eb6ad6e514b511a79c598fd8e8f45a97ec5a52e22eeca77654bbdc71400ee3b2276e06fcd473b23e30c0d7c5556530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
171645007341d964e90fee461d54b80f

SHA1
fd5134cc3b57886649d9743a94c00d6217733ff8

SHA256
1307bf2419c086d8e6336bafa8422e555779c2e367dfd591e0c5fba8a3b2b15f

SHA512
0c3d7241b48d67b05ad05c66517fc810e689d2f5e43df73a3ed3aca998fa4a300aedea332561d02fc61a8067469b03f5ac43290926613b419e2cb0e14bc176a8

Download Submit
C:\Users\Admin\Downloads\MailRanger 2.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit