hxxp://tvidler[.]com

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tvidler.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
216	msedge.exe
216	msedge.exe
3740	identity_helper.exe
3740	identity_helper.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 2244	216	msedge.exe	84
PID 216 wrote to memory of 2244	216	msedge.exe	84
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4568	216	msedge.exe	85
PID 216 wrote to memory of 4800	216	msedge.exe	86
PID 216 wrote to memory of 4800	216	msedge.exe	86
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87
PID 216 wrote to memory of 3472	216	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tvidler.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae36246f8,0x7ffae3624708,0x7ffae3624718
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7156 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17892112739610973927,7781578508537709880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
30KB

MD5
3d4db152323f319354df4930d4e85f27

SHA1
9e8a5535be05595747becb7355436c254e7faf82

SHA256
949ea3931020245a06c32285f065ef7fc380abf451d4f28584e996e8d5035520

SHA512
4cc31a40d1c256c87a42ae1b93d0d1087146e4bd6737db3ff6261c4fbe450ac26f8cc23d39c18425066e4ac621da30c10f03673f232a7148c85ded0b1355e2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
30KB

MD5
e5b6e393516f9680fb7380feb8c44b05

SHA1
81838d0028f88dccb551bf2873b1a0dbfd2f8e97

SHA256
21ae8c992ef7787d1d8911ecd00f2819b7331c6cd1597f5d84ceae4ae63c0cfc

SHA512
92ba8e5714783bf8137141446c69de3c8e33983868e480b838b5adbe4ed7ffff537592a3d8bc229780479732e774eb33127a8ee0abbfdfcf9a68c386b5d480a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
e8b6bac6a6b5e71b047d501e1d3dee3b

SHA1
9cc3fa69dc1d6eb804dfe4cefb807d8039e6b28b

SHA256
1798ac84ff1804a2196b70482025700f2afa3c9e082787d1bc528cf0a1082d2a

SHA512
1b33d51a00faa4ccd57b56d6bfb45365097db62d05360d27f6f8e5255b5dda8be3b6ad8c05ff26ea5a366f0fdb66f0fc95a07f2d60a6d45d09ae6feaa0dfc908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
24a7f06e683e44662342dc0ed900ee9e

SHA1
befb1b58b98ff728993224b11318e49a1a600e6f

SHA256
003950166988d7cf6f76a6703981a38052b3b714f2e29d8b553e11d058c8475c

SHA512
84461381727a084b1f27a267a56122128f297ec5c6d59da0152863f52324af8acc225e0aa7186d9a73e4695967bb566313696f160784786aadc09e6617aa4907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
f2d043ed0c47bcbfd971e4386b967a34

SHA1
9114dc080f458ad8ee5879d664e9796d809a5af9

SHA256
3c39aedbe7c95962397ee839bde4d6830989076444ef518fc9fa3b2ee855cc23

SHA512
e48232bb7d2918f6b07e7caacce8e10fb1fa71d6185eda62bb391e7e5de3eae707c7d8abc505162011c655297b74894574a271862aece0693e2d03d0350299f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_wchat.freshchat.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
16c2f2621f5d5a976908293e6668b5ef

SHA1
c8a86e0e0c9ed91f1ec54055b4f3d1e72b2decba

SHA256
bc127b35ca65d2eb82d472a46becfa336de6457f8b0b4b717f30de6547cc3969

SHA512
96d43a7c030ef36796a30f95d6c75a63bf2fcf8d2f3586d5f1cfe73cc851b0ab94622e71d89224c87e217a5701f27f94db4c4546950be3a521007836c89a1e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
54e0fc99644c3705102894b6ba86344b

SHA1
72165ebc777b3e2ee7a1aa41ccd1c93793036c89

SHA256
458d80dbda6f2c76f09031550f9f36863ed2259b8e589278938c13d6fe55f2d4

SHA512
54d75ca1ac36ec502e1e343294fa0bb34e0227f32ee8f290664b08a5bceb2e531434afcf3e150a2ff0b30eee62f01ffa0507a5128669b183fd009470a7a459de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ce482092d8257baba43b5489829d7693

SHA1
b4bf4f658f41e670281807b5369ceae75f70811c

SHA256
ff6b7c90c84910b5d0d6bfef2e210de2abde2cf61a6eea879019b2d860e6f7c6

SHA512
ebf3730acc44d0d5c4fdaa2ed0a9c86b1b767dbdecbcd0683ac19aeeff0239ad15f05d86047b0435fdf90ebc65293a56e8c6a336196b4be00f69f1712629ec4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f54563ccbf8bfdedbcb336d2f02a1c17

SHA1
42971b546d0efedfc3766f886b2fd4606795ec46

SHA256
41150fc661cc7540e0f4ee715122d714ab04b2a4a64821ada11c1690fb9d1d9a

SHA512
abb2cb774f370394742431b5dbf0d537cd61adc2c76a5d913df615821703e52ecacc583e5f136094015ef851fc0d3ce587ba0e213f0c6ac1d2156ca70db779cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1b379b3eb47357404145bc9d73316a41

SHA1
1aa4806ccf965a9afd5bc19391cb30655e99d090

SHA256
d14648e6f5414f7dde5728c27a68bf977cd4272d59159040f1b0833961803115

SHA512
b08f92c40609a60e5d3e800012c1788d9cf372063b3450b080071fcfa70dc1e2424bc325e582869de06c64c889af5a5d633ca7ba21340c8b2815cb30beb02499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e1d50e2a246ed96ddca0b2b77a53143

SHA1
e317ea00548a35c4eeae24204aa137c488f09c4a

SHA256
2e5ff6d1848ff9d03f1a7f3895fd96ac47122dd8ced0f543f64cb5ea7526a9f6

SHA512
d4edb7a354fc8f1befc2666ac8e926498ba66130eb6c2d5d57216ef49dbff6f270dbd09a74ae00110f374e00c0b4ac6ffb8e3c0b4ad29a351c42ea3c0b29d360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4f45c080ad9cf024c5f814c619dcebc

SHA1
343c0cb886866da244b234319c274f723ec40082

SHA256
d865eb19cf7704b86547f70fbef7587bbef87cb8f77823cd3a7e221a4d7edf24

SHA512
b845c14119e2c74bbc039d7ab9ff635dcad397c49912473c670c4ecf00cfad4c987a7e5d5cca5a348cc1503c81af173c3d1037a12c82af8a2318e8cf35f92fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2febf0ff319c5e6ee015b663a7c4a7f9

SHA1
4a5d756cd49204611e2533c7b91406dd80330191

SHA256
a8140317885a19678401baba4c9bcc3eb436794d36d4453cb41bc5d19ac27249

SHA512
9a26b47185b975bf323983c992fa29be1c926513bbbd01e8d46ac0a91efbcc7cbf691b1e21727a1570e55289c18ef1854ec60a7437158ed09c24fe89f554ecc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e7ac.TMP

Filesize
1KB

MD5
b23d6ee4fc5716bee52ea166af945d3e

SHA1
9e43950a316c1e49bd9b49112c6831579085bd76

SHA256
28bc3cfe603d9bfa6d834dc603c2506893ad4af5d6a1ad6d1a899aba9b1a4c4b

SHA512
1db9315f93efb1970509b02fb36c65d5e2480040a9baee78de0544c36ab0e9a55fc33a5dd88048dab42a37bd19b9e6d79960c38a4583f64d4f25dc3ff25fec2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7db04ab936af9f487630ba0bc0820a60

SHA1
255e1fa9226ae304574e01fc33b0f090a54b2737

SHA256
fdb379822745e9ccbc3c95060e6547c32a45ee92d29a32f185cb7dc25dc1557d

SHA512
827a181d4634608d545d00940fccc6c47ee0efe551d4cf2ac1ce012a198b276ef2272e4eeebbbc3caf8408e889394311d4ad2f2924203538c92d3ebff56d3ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d8facdba132e4000596064732d7189d6

SHA1
bd35d22539461929b5a89483210cde555ef3ceb1

SHA256
f1fca89a8036f166791d57eae8b73db9b811e72e7e2cf8aee5b373c6d0f4fe2c

SHA512
5d057ee3ed9fc162c2cceed004117621406d6b7e7af1907b3c3735c2896e213b569bb0208e68b46b40e824624e11518363740778b2a0efea466f5c613c84ae15

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit