hxxps://www[.]mediafire[.]com/file/jp39je7o7rbt9yy/Extreme_Injector[.]rar/file

Resubmissions

07/01/2025, 17:05

250107-vl5wjsznhy 10

07/01/2025, 16:47

250107-vaq81szka1 3

07/01/2025, 16:17

250107-trvgbszphp 10

07/01/2025, 16:15

250107-tp7zmszpdq 3

Analysis

max time kernel
296s
max time network
290s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2025, 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/jp39je7o7rbt9yy/Extreme_Injector.rar/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4628	msedge.exe
4628	msedge.exe
116	msedge.exe
116	msedge.exe
3040	identity_helper.exe
3040	identity_helper.exe
4640	msedge.exe
4640	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 4592	116	msedge.exe	82
PID 116 wrote to memory of 4592	116	msedge.exe	82
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 3320	116	msedge.exe	83
PID 116 wrote to memory of 4628	116	msedge.exe	84
PID 116 wrote to memory of 4628	116	msedge.exe	84
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85
PID 116 wrote to memory of 788	116	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/jp39je7o7rbt9yy/Extreme_Injector.rar/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3d6846f8,0x7ffc3d684708,0x7ffc3d684718
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,392142859104628927,6459733932601439566,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
0fbd88b225a0b959c99a415328acf144

SHA1
e933c1c9997d573d55b7b9ae177f71e4eeec12c3

SHA256
15f7d8cf72a16e2161dacf29b26e43cabc7fda2d15d36571f5f489953d80793c

SHA512
fc267d3629888259d2ad80edf5acb5a17600801047850fe9012c859ea37645d3b24f41090383d90f293112abdd60a851aa3e5a3b8668438894e63fddddbfff3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
42adbc200137cf49b243619791f07904

SHA1
14dc1f369a10f2f661870458c7f4ec93b4aa2d56

SHA256
2bdef772814a63208dcc10a8c04c509ca9b200232500e8ec0666052e8b157d21

SHA512
dbfe308b7ef0e917e26ea20577cbacd6de4e915deef373d847cc43575b6a292dc7bb9566fa91410367b78275ec2e2a74bb72f971240fb0d18774897eadefa86c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
21107e4f5ca3a20532756a25bf26e756

SHA1
aa96172d3d87c2e7dec8cdd519c5b3aa4c139220

SHA256
a00a7d1ceb0089d7d6798a8704befb7220fcb07d69c30749c5af88743f8d3da5

SHA512
d5796ed84a934f81cd396478c8f5f7695dbf61509d3a54242de41b27e2f80fb75cd6c13a3a605c1724e7ed29083fdb22185d85f876f74d7a66816d3bfb35c12f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
c4618a06af418f1dcdc32cd3ad8344dc

SHA1
a9bade3aec7572cb4cd36c98f12a9814021cf587

SHA256
6c8bb5ee7d3d26a1e1bea9effd3ef8771d5b2957bcba8cad56b2d757094f0954

SHA512
0eb9f853533bbff93184ddb1dfdaa8f227e452a2d992e57b66d8968ebcf21227738eda148e5850156f81435cdfd8934b91d2106ca117c150cc48737a70dec096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
b6c7d5d45c90486006bfddf112586163

SHA1
5aedef40c652a0382a58cc4a0d8c79ce5c251b67

SHA256
90717bc1979727367b4eaea0b307395889044a699246f8f8717d397b1cac66dd

SHA512
230f914e183d6decd756591e1c019631b69dd7b92d29fbd3484a33997474d67b5d156ca4061af0e65173d59663cc1e2d32284e02aa1cd0294241d3b645783437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
7fab4f0a5cada46bf53c0f693c157415

SHA1
ec8294eb385de23982c3f782508411a2c43dc48a

SHA256
3027be8de7473b1b07a5bc90c0ad5e6d8f8ed172309864c07814972497f2cf84

SHA512
bc677ab1f17aff53d8ce7d9b7826617b1b2ad2bd967b50d2cae0c03af060b5b34a3c0f1055e7ed03631050401c361321cedb3920e491e493158ea638bc92f419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
60a878fa269a84a2da06fcb1c6b9b523

SHA1
0398b4178fbf7171ff4ba75446bae23f86571c7f

SHA256
3efaa3405494a3324ba4c0b0d5f71e1ff3f71e4e60d8454e7084cdcac2162302

SHA512
6eb4544532e29775ba9a78dc5188688a1c85ce212060c014b51030aa47d2e431337a38d3802618f392b212637f8e9c262ebddccadbf08d5165613187fe142ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b2e2a1128b2a00e4a023b8d887ea4fcc

SHA1
121c60bda5080844ef7ee16bef30212edb3a6eac

SHA256
577b5b967b8d9d281348c05bda7b7ffd36eeeff38197e6aa8d3fa18c58dcdd86

SHA512
e6c7caca758d7eb999f558f062f92d38540cc1e6a3c3b87a4b7fa08543722fb2e72aabc1e428d57500ede6f9d969e3951b1a11831e5f61f681d087ecaf8138b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8410f737310bac2c6faaedc2c98c1fec

SHA1
944d3c7cb06c9da4ed400f2caadfd21ee501db51

SHA256
a65d9d89f34e59f38c059a53f66c3baaa8f28826b919b4d055f448d169e30ad8

SHA512
13e2416115f6fcec5085d102e59c7b49f2b1ab8083d013216fd61255a3788269a1d58abbc0d54c3d7ca5687d8fcb968a06dfa4e8f1adf72ef469433378580c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c940d6ed66f8dd8178557f41ecedf8a7

SHA1
f51d356f6a9ff29772ddc8f4858a1e141efe63b9

SHA256
0d1ed189b783002c4eab0c3dd47aab77d79291135da932a102386593efccc4df

SHA512
db728ba24b37a3e713810a72e2d4df4fb99945b5074db238c5ea77e3f2071093bcc8bdd2335caf8da8c4d767121f860931e7446f2c9912d59d26b7dca48726cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
481a2e724aad881bd02bf0a8bf5c701e

SHA1
3bfc175bb84762a0099e35ea194d3c1017094003

SHA256
15b189d0253e35e9ff248eb803db033875098f92726fb80c1a10f533f9a9a7ab

SHA512
454357e64fa4291043d33cae3edc1df681524f9e5bfb5de1e2a585b6224af803b57a406d121021ab714ff6264c49c95eea71ca8fae7f7944538b4b659b00bd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b1831d52962a64e217a74c18b0f41250

SHA1
8568c6244d07e70601dabb3d6da843d92cfb9ee2

SHA256
11bcc066e66dc694fdd0b5c01ef7aa95dbc7608f2f41655718c449a6577fbd8a

SHA512
ff6befb38673ec008a18061c3a4fdb2ae5ec6f9facda97410fd8eccac9988da9a51d6cb5be426c8f5256ade91a2cce90fd0d50637f17de344db27975562b66d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5ae343d4a082e7234dc9ae2a6c1ca1a9

SHA1
0835f0ed29c2c267afcac21aeacbed2b2ed93b9a

SHA256
f90adeb0d6db9b785633b3b3a199a497ccf9223a409c10fdbd52046c3cece9ba

SHA512
85a32335e54cc7a92a2a6e88327cd133e524f11ecf3b807f7e3443de8d56276f1a28c3cd74fcc9a2ed63c4be54ac5b568a8294240a70bcffeab2b1c8a415cd5c

Download Submit