hxxps://www[.]ikarussecurity[.]com/en/private-customers/download-test-viruses-for-free/

Resubmissions

11-12-2024 15:16

241211-snsb5axqgx 3

05-12-2024 17:24

241205-vy1glatqc1 10

Analysis

max time kernel
147s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.ikarussecurity.com/en/private-customers/download-test-viruses-for-free/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4168	msedge.exe
4168	msedge.exe
1656	msedge.exe
1656	msedge.exe
1172	identity_helper.exe
1172	identity_helper.exe
1104	msedge.exe
1104	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 4376	1656	msedge.exe	85
PID 1656 wrote to memory of 4376	1656	msedge.exe	85
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 2296	1656	msedge.exe	86
PID 1656 wrote to memory of 4168	1656	msedge.exe	87
PID 1656 wrote to memory of 4168	1656	msedge.exe	87
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88
PID 1656 wrote to memory of 4736	1656	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.ikarussecurity.com/en/private-customers/download-test-viruses-for-free/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc01e846f8,0x7ffc01e84708,0x7ffc01e84718
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1880 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18301986641014129221,11497690449247887167,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5572 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2732

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
da192967eba3dc30241526d4c48829fc

SHA1
2156683bd9c88cef8f5ac3e61ea861479a88a8b7

SHA256
8c31200aa39858c05f31955f7aec402244aaf833255a21b88ef4b46f74743050

SHA512
372dd187fcf913ed23507bd44106c57eaf4f7ca813b1b7dbf727b0b11dd286e1d0f34ad0e7927fa172fa0c2476b8140cd7918892615ac75898bca160b1ee8184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
3346a55ce474887b3ddd8ef86dc917f5

SHA1
b3c6d5c4cc489458eaf92be4643f5368bdea728c

SHA256
fc4dde74e6e02622f077dddc98879ca95a1a26547744a9a52ab2f18fb7014d0b

SHA512
6237e0055168f06cc3aa30c6268900a5377fb72cf2cd5c8e2b9f664ee9943d176f8fba2297fe5e8a91178d05c51de2d1b79067625e3117e96c4a486c1232fc80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
190B

MD5
640e440a7287d0a84cf099672f5d3ffa

SHA1
3f8e537feb34d983da997e61546f3733970a3c0b

SHA256
ac1b503c89bcebf5da83d0d2edab10ac82128768193633b19977202eb8610bba

SHA512
5de743a0a9e04513499048ed79044dca7f3c50318ecfc3f5b8f0cec69abca21267acaaa2c7f040d6e6f29cb835bfe79a82ca9e7d9b8ec7a610ce78ff59424c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bb7a6913db6e0bf17f935b4ba08d88dc

SHA1
609a665cabf9ef9dcaa13cd59e1da76c1b30793a

SHA256
eb333aaf10873196e38a328a5e968312d1e03396fa26d55ad76e401f1cecc1c8

SHA512
8862e274535464629e24bce4d55c90ab778661a369e9a323a3489bbed73661245067eecb177c87687692c2289d79fd27d923156938c15fc0293bd65d587fff7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2ee7af3e04bc02f2f092db70a2425906

SHA1
fabc1fca9b1980fe24fd20cb5c06c52adb83c851

SHA256
977592bdc01528cfc2ca9877b865700d6e16545660279d86e9afc847b3412991

SHA512
3b01993a26ac863255e3279b39c24f140e7ab6ad8125299c5de21aa2458a0c2d6fb37bf9da9b6e02ad3d14192e77f7dbae484fbd5645fa05185423bb8bcd503f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7bb7f70ef80a92cc9e32baaf18e51cc

SHA1
1e0135665f5b2535964f5e0a448f7ea9871f7969

SHA256
f18bd9efa7bbb6603ea9d1477f35d47c8516ccc89e22ac3b177cc17c9221019b

SHA512
9b105bb9d181f86e55d110557f9eab0429bd938871a24c0ea6aca794074dfad8f7119731eeedbe83565436746d8d687c9c26bcfc8bd8ff867c39dfa9c2f1882b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84fcc304d4cffa1753b1f6b18418656a

SHA1
d1bdd3a69dad082d23433f013bfb023ff74b98f0

SHA256
9a9c0aeacf59032374dafe78a2f149653152e2367209dc97da7e5fa83d8039d9

SHA512
44f83b0a1700a58ed59577a1d29d9a250986d17671286c8409cd3f29020c98c48f0a4b289ffcd3a6a768d16c4a3d149c940e96fed510ca552a901b5e15e6a7c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
35fb5b49270cdc09089994f857da3595

SHA1
3fab92b11d7526adc36d2a42b780162ce1de4e8a

SHA256
a263db9d6e345ee8fd162af2789efe875c16d845cb7c43173fd57d9c50462916

SHA512
62783a57f7a7c39325923c5054801503b9ef1fa5fec2de4c8cc2d1ff8ed3524892a6d0fae63bc28bdeea36e7eca164e884a41d78cb669e0b293be11c0291317f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59decd.TMP

Filesize
48B

MD5
6f1229ba26f36def674c80dfd16dc6c4

SHA1
4dac92af758a441199013c2ce3e5f021968b2a13

SHA256
b49f342df51714f843194e5bd7f620c5b2a8a8d2ac4d894f07efbdbabdc67a6c

SHA512
a7434726caa7d26f5dcf9e8921d741d3f25e50c763d7ae3b237a1b771ed8fdc558d3685be5b5e0e6e5b781a7643b4f12ca4d7b42600a98a0c0888a5ab5651b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
df8248ddd4544320559ae06a8c02d223

SHA1
aed0f8fa9a53eb826220eea890ae9b30ffd96b38

SHA256
8e61223fad7b74b5807e3c7299d6f1df82afd0822c9c4f005746942c35a156d7

SHA512
9aefbe32a65a9ebc25fc3a99cd729174a36e36d6247667d1d58cdee7ce32ff2c614bc9e1925ea1bc1ec14b623a00de8b5a3b7a844015f2fe037cc35883f56ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
d04b62ce4e0685069e45c13f7e615d9b

SHA1
f1767624efdb4d0c13c684fcfca6a9f0e569732b

SHA256
55ca1d9902d1643c3a56394d8b1811e5199a4c7dd53d7b337c07bdc2a0d15511

SHA512
14bc602d2e927825032991723d646169e997592e8a7e4babc660894d62e4682ae139f87f52aa370bab587dfa8e78702073c0955f8f935ab2e462d57f7dd60636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ac0a.TMP

Filesize
372B

MD5
01740d489ab6724e79e282cddabfe4f4

SHA1
88f62f5556c329e58219fa347ab322660bcd07e4

SHA256
bf825815d92814c57aee8e763a6b216cc8a36cf47f3566bc8ca25bd2d14bb4e3

SHA512
19c12d65cc62826b37fa5b511db41bc2f2502a2e86237db34b80746c26b8e397ad35c601014f7e3edba1d885955cea6e49c822ddfe76f2935d1f258ea73db122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
03959ac20dcee39988141052cc4b6d0b

SHA1
4df75dbc20b7121c80eb293c4f29ce5809b5a86e

SHA256
b8f0b43f62663c95806d63e51b9c683691a2d9ded6253d2b1e6adc030061382f

SHA512
4dcd8ee8cec9104fecf75e7aa5071c4b001fe5792447e0889d2e355cd31751c30566bdbdd22fedfc74b27a49a221fde1165685c120dbf5a1912713db096d1f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ce84a47c0047c19a124aa26d5d20d501

SHA1
c3444539737d7c8b4fcd3a939f70be64f823974f

SHA256
8d2f72ecd90b050fb2e1a2a961dd502988e7939c43c62a4620d5b4482917ffa7

SHA512
49d248a8851566b7fdea78b4951656601db51e5f7417b8bc8fa367930db48ad82577fd47b30fb71130f212f9606f4aaef85d97b3514eda6b7539d38c6c10eb9e

Download Submit
C:\Users\Admin\Downloads\eicar_com.zip

Filesize
184B

MD5
6ce6f415d8475545be5ba114f208b0ff

SHA1
d27265074c9eac2e2122ed69294dbc4d7cce9141

SHA256
2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad

SHA512
d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010

Download Submit