hxxps://app[.]bigc[.]co[.]th/P5s8/ESApp

Resubmissions

03/10/2024, 08:55

241003-kvltxsvdnl 3

03/10/2024, 08:13

241003-j4g2naxaqg 3

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.bigc.co.th/P5s8/ESApp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3236	msedge.exe
3236	msedge.exe
2516	msedge.exe
2516	msedge.exe
4676	identity_helper.exe
4676	identity_helper.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 3968	2516	msedge.exe	82
PID 2516 wrote to memory of 3968	2516	msedge.exe	82
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3472	2516	msedge.exe	83
PID 2516 wrote to memory of 3236	2516	msedge.exe	84
PID 2516 wrote to memory of 3236	2516	msedge.exe	84
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85
PID 2516 wrote to memory of 1788	2516	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.bigc.co.th/P5s8/ESApp
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe899d46f8,0x7ffe899d4708,0x7ffe899d4718
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3342632190595261846,16275036981955298064,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
e469d2762a8ee73f4e896c400417983d

SHA1
32638fdd8c43e27dfcf653785da25df32fdc2ec7

SHA256
4eff87d4dffa3cb76b4abc8d59115be3322f006587de3412711cf6d1744ab797

SHA512
de929202e29c6b0dd1d6d4b0b07e47c11169f0b1dafec57ea5e8ff70e219849c0918e6fbbf13043d78150f283422cd64d207a3acbbdf9816bb90096f7133c25b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
3036cd399136b4fdbbf651a201a22c47

SHA1
1bf8c85cc21a830bf291fea8929ca7d498b79589

SHA256
101c07784aabc437da129a79da19d5be7a15eec823d66c87eae6b763e2fac92a

SHA512
0000074a962323a2f884405c93b7b9215c2dab8c9aa42a170be5f34e539e1750f3725675758e52a42a95d2c89040b098005e7c9a03a96d88caf969f3d76f547e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
736e9aa47eda7fe37cf83f7884265331

SHA1
195b992bc1f77db214a0346a7c7de7727ff0d3d4

SHA256
eb0ec5d7f0c64b8be06b8157a46474993e1a24a60c3bc8190d1f33f722e9ecd9

SHA512
11273bfe0b374125689110fa791a4d443a1f1617c62fcf135273e764567699b6deba5fbf73857c0fbaab68d75afeaff5363e07f56ec45b554ca3691e045998f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
626b1801f9b10972ffbc0066276dd7e0

SHA1
0a1545d4472a2cce0a372c3f14bd5429b24c6c10

SHA256
89e2e80ec52b06f670dbcdd7d4abd2de7004a6332619b1dc7ff218b56700467a

SHA512
96d27e10a944332f03e5aa4c236b608c1c2a424538c23fedb48f4a8c935c3df2d14a0ffbbc534c8c3cd5420ea7a4154c64a963f9679ad4aad3bc97bb8e32c50a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e4222a7d205f726516e956cf0dd5da84

SHA1
d2bff5dc2d0e6c8151401ba240d9ec403e3d7a6d

SHA256
2a9aded1473e50536157cd69231e9651d0db1311b7e02c5b15e9b26fd2c99e83

SHA512
6dfecf8857784398c0c41457b842ac0b8984e8195d042b3221122a167693dc94e3a141a14e89f5d89d20d263ef8251642a02238eed1269042ca7946437018523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.bigc.co.th_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8b048b2e57b41a67014c7e8e4c692266

SHA1
1bad79bae1d630f73fa58c53e52d5429bf5e8cd4

SHA256
b3e4b5e47839d8690f34d208b6fe51edb99d8f9c21079eb3615ea246fcfe9a0b

SHA512
afda60a4de88e4e96786dc2c0915448a9738eb5f38a9530bc1d79ffe7526070dc979eedeffca572b17f1aa6ed6ba3ea4f5f7fe604d238a00560150b268883ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2720373128f0dd2a35125ee6c84655d0

SHA1
355ece2a4c7a72525ab4cb1a58251424656ab35c

SHA256
d9ea57e45593dfa76810e4bccda911f1a155d5cb78ba564ea39e42621211ec1b

SHA512
14152b3c7722ff7c9ca523f35722bcfa48df5191b419509d98be00765acd2fa4afa540352932d88c4fc0a2fc30f00760bec201ff0941eb98f31753530e221625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
548bef7fac683850b921ae61deef96fa

SHA1
2a8f288fff2393458be689260c9b7e32ccefa15e

SHA256
3bf81ae7edc365e2d58888688b3c7e418f13bfe5dd0a45e7019ad6329ec248b5

SHA512
923a661a8692c41d965c0e6df68038fc0f5c3e7dc7cefc72902501475dcd9c949a736a324c7615d61665f551f6bf97093428d163cd6a15a158f073bc0a2961ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
46641f0f38dcb541918561a4b469d6c5

SHA1
8d130e430b8b7950bf76d23adb2aefd5dd867d4e

SHA256
898d93f2eb7ecd11eb2792c6ade1cca7722ec02373a669f961d44a361860c3a5

SHA512
14311e50eef43541d4fe839cb26ee4a70b8749091b893d8acd2d611819746e3c3e6f713e368c15580662ce1ba14bc7d1371448b4468a151f2b17d7abf53dba5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f750.TMP

Filesize
48B

MD5
57fcd2e41bdce7bf25dfbd9d8fa3a427

SHA1
dcd21975ad8520e10d68b1d5c6dd0c72f8a5717f

SHA256
7a9541963a18d901c316d43e9dd27868ca5bbfeb5c1f8d0944c70b3bc7d96156

SHA512
230ed7a7584c017ac6ee4eeec69198e28faab6e7fdc32724d4a1a69edc88c9fa1a68113de36fcd3f9a01ead476807b2f4308b117cbd85ac6c70029316e914085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1c112b3ea30b2527c4037054e71242b0

SHA1
bad8b5a500edf662fb14ddc70e03a2edf0a151c4

SHA256
5e7c0b42c27fd2f5a281b40983c4d188fb1ac94e69c3823b0a8dbefa2a6b7b9c

SHA512
45836d64b820388ce0f715bc77e9abc8cdac40fa211472f5b15bb3fe0b62538231cd55b4f6145f5b24a4cf27e59161e08502478f7c0b0162a0f81d93f868cf93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0b40a3a3fd5895b13b8338ffdf164dd4

SHA1
6e70ede181fd910125e4005032448c17138ab564

SHA256
feb9cd5ab1665efec40cb7a3d5e24067ae844adec880c07231e4aca9d87005d2

SHA512
c27dd9eb7440f0c2c6c1cc30f5a5f6a2459fc3af7efefc18273aa13f1a3cadebe564d1e766ae746ba19ee0dff2e358a07add1e54ca6f6bb31de4e4a33fa8d0d7

Download Submit