hxxps://greasyfork[.]org/en/scripts/487969-lootdest-loot-link-lootlabs-bypass

Resubmissions

14/12/2024, 05:09

241214-fs6zvsvrak 4

Analysis

max time kernel
145s
max time network
142s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
14/12/2024, 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://greasyfork.org/en/scripts/487969-lootdest-loot-link-lootlabs-bypass

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\41219445-f072-462d-9753-bc64b22b82bc.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241214050924.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
2480	msedge.exe
2480	msedge.exe
2236	identity_helper.exe
2236	identity_helper.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 3428	2480	msedge.exe	82
PID 2480 wrote to memory of 3428	2480	msedge.exe	82
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 2864	2480	msedge.exe	83
PID 2480 wrote to memory of 556	2480	msedge.exe	84
PID 2480 wrote to memory of 556	2480	msedge.exe	84
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85
PID 2480 wrote to memory of 2612	2480	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://greasyfork.org/en/scripts/487969-lootdest-loot-link-lootlabs-bypass
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x104,0x7ffa978746f8,0x7ffa97874708,0x7ffa97874718
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3348
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x128,0x114,0x244,0x154,0x7ff720c85460,0x7ff720c85470,0x7ff720c85480
    3⤵
    PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7556402036010498573,533787906623799747,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b19b7ecb6ee133c2ff01f7888eae612

SHA1
a592cab7e180cc5c9ac7f4098a3c8c35b89f8253

SHA256
972bc0df18e9a9438dbc5763e29916a24b7e4f15415641230c900b6281515e78

SHA512
16301409fee3a129612cfe7bdb96b010d3da39124aa88b2d111f18d5ae5d4fc8c3c663809148dd07c7f3cd37bb78bd71e25be1584bd2d0bacf529fa7f3461fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23fa82e121d8f73e1416906076e9a963

SHA1
b4666301311a7ccaabbad363cd1dec06f8541da4

SHA256
5fd39927e65645635ebd716dd0aef59e64aacd4b9a6c896328b5b23b6c75159e

SHA512
64920d7d818031469edff5619c00a06e5a2320bc08b3a8a6cd288c75d2a470f8c188c694046d149fa622cbb40b1f8bf572ac3d6dfc59b62a4638341ccb467dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
d2eda6908f14ef97f7adbd43a94aa207

SHA1
a0f4212bc7ede17dbd016acc20780b30b3a40f12

SHA256
f52cab63ba5d549ef31d37f219bd51d8350e387f26ee654ae330b7a85850e121

SHA512
0f52095da82a881844fd294e79af09df76f0622843c2d553a59cf0b617c9288d92bf1ef44e3a32cd0a0e600c76a40af1c40fbd517d439eddc634ce6c5e6c15c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
bc7d819b8265c973145338e6a26de9ed

SHA1
0c964187a7c4d2fe026830af6fab0cab1ebb487d

SHA256
94faa0761b4e2d8538886b865f3d04d0740f32c4590aa8afc26b3dc3f6fe46a8

SHA512
9d05ac92afe735cc739fa3ebf8f092dcfd4e1633d7d899b47fac6e14ed8e51df84f7b2c1fa66eae052cfdec076bc1c13388a1616e4b4bbae427d373459c4df8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
36f248cdae051201be35cd59fa992f86

SHA1
0a23527b1d8eb3fd4431c4f5a44eac584d7229ab

SHA256
97867956d6c948cd66b751b1e287c2103515c6f42daf396a3c0813f716e189a8

SHA512
0356ebd0254ef70a14a466358b762e82bee078f480c02c4f61b567f70f747057d2db30bf44b01dac4b19c068d41570e924de6a341bbb65092c9e356f882407ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c4308650a2d68748d0d2588949fb323b

SHA1
165d3cda42f560895e0649bf776d8737856e0ab3

SHA256
b779d7902a949358d962a34572dd536ca71fa5abb5b2ec58b683645d01d3be4c

SHA512
62f41c32a26287392d14afb75e89a04b3105afb01e68fc1ad02d8ab752c5fcb1d896398f06e9e38aaec5c249845f2331ef43649d59a996437a782bf2195efe27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6c76250998e838fe5973a0b103ab5612

SHA1
0f7dfacd3fc91d9d69ede9dad77a2a7c00f2eb62

SHA256
75dc3a3874376934d13b9661061a67cd7e09a0f3c87e6305631135e4d0eed4c7

SHA512
e3f527b68e0e57d13abdd3fba4c52b4eb5578bed1e930c8637028fbff9e2df3acb68c12fd53c91576f20e102210715642d9de5fe9d1c179894ffb4cd3bcb110d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58a9a9.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce74d666a3fa1c16d05620d0ee504f62

SHA1
e7e8e450adb650dfaab1abcd3c9d57092703cb31

SHA256
5f51337d1fb2776071ad37d47d00ba1e15d8225925ce764a0c6ffe3ab4e5238b

SHA512
975cd2bdab71a857669469a27131859cd1d8c785120fc1aa1d0a0ef9e609248c3b645c112c45b9b060f9d65209ae76bb3652d153ee39d27127e34b6d1b62c7b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a365183ae9946fadc98afcf62c39c2b2

SHA1
d9d3d16c39c42c911648ff65553f8d2f5bfda6e9

SHA256
5264c08a7bd746088cfe0adeaa3ad50975d5e175a875b0daace7bc2b030082f2

SHA512
92fbe240a0b514da194ad50fc8e9aa96255fc7261b165167350f4173fd1d381c2b65a28532c0aa749ed23228e2eff85db3300796c178c51745b23b13f8e62d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
accb68251bd2f2153e17ef28d9275cde

SHA1
01eb6579df5e6ee2ed48e5d6d98afb928040d9c0

SHA256
0aec048522131779aaeadaebc37dd9760cdae6b2e2a6b88b8ed3d64a5405ae66

SHA512
64dcba014e7cc70c6132ee23a0f5b539b8346bec71b3d29f522d657ce6d0c4298daf669b0641f251ae14f545bf6b34dec6ccad10fb368ab4392ec76c4147a654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5c443d97946c1202dfdb5cc9e59176cd

SHA1
62779feb332ed6fead62d726f7e226e0d6989e10

SHA256
bb6504de81d0bf6c61b17e68557f9a99b8997be1f45774fd21ecf32db01de99d

SHA512
7d461bc2f4f8d7a49f82aa3ddc1d0ccc347fda59d122141d0765f9ddbe7f1d0db34ea641632741c8869548a165b0f8d7a4461b69c1079a889297de7c60da023e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8cd513127214e252edf0454f329bc002

SHA1
6f47fac6be8e7331e54203a7865e86b32cddf16b

SHA256
3df220380a8bf881117c17102a5c70ae7deea18ec92e7c478df2ee904d882108

SHA512
0b6d2f2e12bb8b15175875b7118778e57475934dee0476bc3ec989c5408d1ff5cf1c2d5dce4bd980a3ef9bfee232f974fa90050171826f3f0847f9682ae7e4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
371edf34cc4edfe5fc16d906571e1a49

SHA1
2b0f160569aff513f7ac25a16adf02758cca07fc

SHA256
ee07b7e150c132312f076f2fe4c58445fcf86aea9eda0468b6ee040b5f690d35

SHA512
9598bca019b2acf65bc0511062e8edf53e00b3801d7a9b49f9c6b7209bcf7ff782ec215716955d5f378f952d77435bccf210384909f28bffa83fa9ac8589cdb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
ae16dbf4f038d853f7523dbc8436a5db

SHA1
a4ca78515b48b83a72321e5a4e4523cecfc942c8

SHA256
5a2e8a1c447d39eb31b2c0faf662b383c815a04af8e0eda61d6dd64b8b41a091

SHA512
84cebed9d327f1318323d2e3c7316ad64b1b0b2e84429f356a8cd15b2e8d2b03cdcdb90bc3ca98cf0756e7e2904a779c95a0ffbd044b613838a22dd562b93a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5846b8.TMP

Filesize
539B

MD5
8825b1e638f16e09abc17275134a0609

SHA1
7a5c3ecd1810729c48b8db09969437e3a0c02b7b

SHA256
0b538e5a3c8a61e950129604b6ff76594bd6dd6f2573db952ce84f0971a84341

SHA512
4debdbb20cd34dc5be224ffd69dc510abf5f2f0e2811069e099040bfb99c1379890a56dc36e8126c9791128b2adc2648b996142d937905fc56e59ccf3691a565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5180282bd719e925d0352a86dd57c65b

SHA1
59d1bbcf7101814dd6397f5bb9d6fc47c67f0824

SHA256
d9303230deb3a01a99a7b64f394450bd344558673db62bdbb5141463c33bc245

SHA512
e31919e17d44635f883d1e6613a01826ef4ba656e802741f91545229f842a32191b56aec861289511d9113c8b51ecbc256953e60f5af870bb4efbf429faff522

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
5d6c6c9bebc3adb4a22d50c762bcac33

SHA1
d01c13286e4a37b43184ccb4f9aea25a74310d67

SHA256
2272611bc5767c60c4ac52e9b0d644c46253e2a5f7a53d67c59cef6198475edf

SHA512
114cee7b2b8d6039f0e7ccb0a37434b492f51e176e3e44a964213b38a0cde7043d1624aaa56368abf9569cc92fcb5dacfc6437303f3bb24f3d8f1812926502f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
d641dcc59b18c8a4b072d9b445bcda65

SHA1
a64feee6ebcbc6e35d96c00c210051051197bb4c

SHA256
6790402c293fdcadbbb376532662049726e170974e75055d12c4845b2b96e41d

SHA512
89a0da3907e562c4dc1e83ed4b60b6bec00c8c1150378acc9a67abe21e74dd51853b676104bb56eb4449f475ae17c0484dfc5782fb2d48ac013d3850eded1899

Download Submit