Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://www.3u.com/

windows10-2004-x64

8

Analysis

  • max time kernel
    145s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 06:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.3u.com/

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 11 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.3u.com/
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1f1946f8,0x7ffa1f194708,0x7ffa1f194718
      2⤵
        PID:812
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        2⤵
          PID:1548
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2844
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
          2⤵
            PID:4712
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
            2⤵
              PID:2704
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              2⤵
                PID:2304
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
                2⤵
                  PID:804
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
                  2⤵
                    PID:2660
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3412
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
                    2⤵
                      PID:2304
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
                      2⤵
                        PID:376
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5052 /prefetch:8
                        2⤵
                          PID:2588
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
                          2⤵
                            PID:836
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6104 /prefetch:8
                            2⤵
                              PID:1728
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
                              2⤵
                                PID:1476
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
                                2⤵
                                  PID:1488
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2360
                                • C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe
                                  "C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  • Drops file in Program Files directory
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4512
                                • C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe
                                  "C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of SetWindowsHookEx
                                  PID:3428
                                • C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe
                                  "C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of SetWindowsHookEx
                                  PID:3960
                                • C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe
                                  "C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of SetWindowsHookEx
                                  PID:3912
                                • C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe
                                  "C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2648
                                • C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe
                                  "C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2992
                                • C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe
                                  "C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of SetWindowsHookEx
                                  PID:3480
                                • C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe
                                  "C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4376
                                • C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe
                                  "C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4416
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13234194640546250190,8632083078506962952,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1200
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:712
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2328
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:1064
                                    • C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe
                                      "C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of SetWindowsHookEx
                                      PID:688
                                    • C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe
                                      "C:\Users\Admin\Downloads\3uTools_v3.16.009_Setup_x86.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of SetWindowsHookEx
                                      PID:4200

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Program Files (x86)\3uToolsV3\x86\3uTools.exe
                                      Filesize

                                      13.0MB

                                      MD5

                                      3dbd29bda3ebc5b3fde9a0b59a33fed9

                                      SHA1

                                      34f89cfb38bd7ab97d456dfda09fbfa166c71269

                                      SHA256

                                      68a2e64f7c141edea234af607aee2dcb59ac0f2891312d0b9aea68107592ec61

                                      SHA512

                                      8d8fa9e7b265f9b1119e14ffcf7711d3ba7ef11982807fa4f2e3fb3fa07c06b2d65b4ece0af5b146d7c4818353a4a933616772723afcd8741820e785189c9a6b

                                      Download Submit

                                    • C:\Program Files (x86)\3uToolsV3\x86\Uninstall.exe
                                      Filesize

                                      1.1MB

                                      MD5

                                      bb65f68a98ece21bb4291f9c32f7dde5

                                      SHA1

                                      cc67611ef6b41e711571e7eecf15bf7d1f29e12c

                                      SHA256

                                      5cf614af4f2a6aadb672dce95ab6bfb3eaa2d513de1a9159e4565582f194d9d0

                                      SHA512

                                      fdd73e175707a20380fb62c38043479eada9492b95ae6edd5b269eed72abbed4b21287f043a72a9ec22042effeabcbc54fc7f59ab8244dd1ea1a5dfcd57ee515

                                      Download Submit

                                    • C:\Program Files (x86)\3uToolsV3\x86\files\OpenStreetMap\search.png
                                      Filesize

                                      1KB

                                      MD5

                                      a73bcc83dc2729d19d9d0e1eb36bbd96

                                      SHA1

                                      9d15df65438cab48d07ebe7e9359258ff1011423

                                      SHA256

                                      29739779fd76b21175d4ea24d7ded3e057233127062d05c164b9ab4df9e11a3f

                                      SHA512

                                      c37de466294c22c9b3ed6587c639a7d53ae6f5cc8d352931035885191a2fd329dae3ff28d1bdeb363c2c12243505584354acc5f88bb8e21da9c2942d03cacf03

                                      Download Submit

                                    • C:\Program Files (x86)\3uToolsV3\x86\files\bonjour\Bonjour64.msi
                                      Filesize

                                      2.6MB

                                      MD5

                                      86e2b390629665fbc20e06dfbf01a48f

                                      SHA1

                                      d9f4697a6f4eceea24735822cb1df501268ca0b0

                                      SHA256

                                      46e31e284da64d6c2d366352b8a8abcf7db28d3e2a870d8fcf15c4a6fe0a6dd1

                                      SHA512

                                      05ecd3be5779f39db09329dda4dce0e3c49ac5d3950e92833031622b53542dadbe9e2948df35faeb4c41dbc8e01992935087c4a2975c797bd008ae177f7c3fea

                                      Download Submit

                                    • C:\Program Files (x86)\3uToolsV3\x86\files\tutorial\ios9trustapp\jquery-1.11.1.min.js
                                      Filesize

                                      93KB

                                      MD5

                                      8101d596b2b8fa35fe3a634ea342d7c3

                                      SHA1

                                      d6c1f41972de07b09bfa63d2e50f9ab41ec372bd

                                      SHA256

                                      540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

                                      SHA512

                                      9e1634eb02ab6acdfd95bf6544eefa278dfdec21f55e94522df2c949fb537a8dfeab6bcfecf69e6c82c7f53a87f864699ce85f0068ee60c56655339927eebcdb

                                      Download Submit

                                    • C:\Program Files (x86)\3uToolsV3\x86\translations\qt_gd.qm
                                      Filesize

                                      185KB

                                      MD5

                                      d512456777500dc13ef834ed528d3704

                                      SHA1

                                      90a32284052c3fe12c18afec9f7ff56735e2e34b

                                      SHA256

                                      c515dd2a2e00765b5f651aae124a55d617b24777138019abc5a7001da7417561

                                      SHA512

                                      babef929ac600c117967b42389623f352d219a466c484ae68ef3c9da9ff61555875ffb0dafc3e5eada6fb43d37f7afe74a6b6c73458a93ffb42819e1068c9a3b

                                      Download Submit

                                    • C:\Program Files (x86)\3uToolsV3\x86\translations\qt_he.qm
                                      Filesize

                                      135KB

                                      MD5

                                      26b777c6c94c5aa6e61f949aa889bf74

                                      SHA1

                                      f78da73388c86d4d5e90d19bb3bd5f895c027f27

                                      SHA256

                                      4281c421984772665a9d72ab32276cfe1e2a3b0ebe21d4b63c5a4c3ba1f49365

                                      SHA512

                                      8e02ce06f6de77729aefa24410cbd4bfba2d935ef10dcf071da47bb70d9c5e0969f528bdb3db5cab00e3142d7c573fcf66ea5eb4a2bc557229ad082c0eb1dbcc

                                      Download Submit

                                    • C:\Program Files (x86)\3uToolsV3\x86\translations\qtmultimedia_en.qm
                                      Filesize

                                      16B

                                      MD5

                                      bcebcf42735c6849bdecbb77451021dd

                                      SHA1

                                      4884fd9af6890647b7af1aefa57f38cca49ad899

                                      SHA256

                                      9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85

                                      SHA512

                                      f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      d7114a6cd851f9bf56cf771c37d664a2

                                      SHA1

                                      769c5d04fd83e583f15ab1ef659de8f883ecab8a

                                      SHA256

                                      d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

                                      SHA512

                                      33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      719923124ee00fb57378e0ebcbe894f7

                                      SHA1

                                      cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

                                      SHA256

                                      aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

                                      SHA512

                                      a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      192B

                                      MD5

                                      5279b4c2774c1e3ddfb46317c47074e3

                                      SHA1

                                      d9fe2f033b5a1432d95212bd9eb082578f3a6a7b

                                      SHA256

                                      2c27566093e420bce21ecb637d2fd32fbcd6bda364cdfb0af21ceff4291a42e9

                                      SHA512

                                      589a1ce05721d1cf9047fe12a1d58a182a4714b9db1a2bc78aa7b94e564bf50b2a8be21927a8478207a53b8a858a761c023d522314063fd5f70258253cf72308

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      845B

                                      MD5

                                      1d9c7507a20c6ba94d2e29e2e472cf17

                                      SHA1

                                      9e1f727dde11a219bee88aa9f47c41836601947c

                                      SHA256

                                      0fb0653383d02686181d1ffa8fc3ae7b83fb185e3486744c3955a5c06ae1ddca

                                      SHA512

                                      4e64da2b254111ff6b046eefbc97936cc7e034caed5340693292dd788455ede1027cc04e6624d6242019e73bae5bcf4c96df923ce5e99171dce84e7d1d34f158

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      7fb6bc0fee050335e0058b9921bf3f25

                                      SHA1

                                      1df4c07903160a150ac5062dd30808cafe9b12ec

                                      SHA256

                                      f20e1e544c205719272adc4df014f5e90a1641111f8522cc43fb10ad0d0900a5

                                      SHA512

                                      36cc20bf36562f1611a353db912c221da5c3ff32042d2333fb2fb9514a8baf320a2cdbeb808108fe04f0c7b698c45ec2c1578136b965614de3715f736cdd8334

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      7fe5503aca3712bbbc2d1063adf47b9e

                                      SHA1

                                      19a4d059704c5bef0d80d9d786c7a6ced55cb4bd

                                      SHA256

                                      272dfa726e8603eafb40ac9b3013c8bb01815f9caf49d979084b3b0b7e69b112

                                      SHA512

                                      126436e45697cf215ed07f4b75dcf365a92fa22b6f0718d3baf2cb1d6eeed50f3cd9a0cf42eca14f7a639302250813589c93ece56843c975b0d77fb61241065a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      179dee3c4f0ab6197041adaba8d3af55

                                      SHA1

                                      ca53384723aefbc8b97f34a8216eda85420f65ef

                                      SHA256

                                      cff29160bbcd895e5637dbcd4a7aa5b51a6edbcb5cd851031b7f9d89cf6a19b3

                                      SHA512

                                      ec3592261571d423b680f458623c268a012e8baa2c4ecbc2a7203f036bd1d8abb22cf53c9bc4ca6e00b67d26eaba99224484c59461fb1e80d239c1556d389002

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      125337f4ae5805af5a53d9e264b1f954

                                      SHA1

                                      3585328076ae4ab4b50b4617b2e36da8c8feee4a

                                      SHA256

                                      4ffb7f63da7975be40e654497695a3c87cab0175d3129a469e7a2034d8219a94

                                      SHA512

                                      efb873dae608f410064ae29caa5de1915e3e0affcf56cd872cfe77f76ef4dd3be7a66348aa019220acc38669e4058eb22dfee901325667f50ec64c10c6c940a6

                                      Download Submit