hxxps://bit[.]ly/3pt0Mav

Resubmissions

03-02-2025 02:11

250203-cmj2csykap 10

03-02-2025 02:08

250203-ck1lbsyjfk 3

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
03-02-2025 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bit.ly/3pt0Mav

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\nitrohook.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3324	msedge.exe
3324	msedge.exe
5728	msedge.exe
5728	msedge.exe
2740	identity_helper.exe
2740	identity_helper.exe
5196	msedge.exe
5196	msedge.exe
3336	msedge.exe
3336	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	1900	7zG.exe
Token: 35	1900	7zG.exe
Token: SeSecurityPrivilege	1900	7zG.exe
Token: SeSecurityPrivilege	1900	7zG.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
1900	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5728 wrote to memory of 2972	5728	msedge.exe	77
PID 5728 wrote to memory of 2972	5728	msedge.exe	77
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3980	5728	msedge.exe	78
PID 5728 wrote to memory of 3324	5728	msedge.exe	79
PID 5728 wrote to memory of 3324	5728	msedge.exe	79
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80
PID 5728 wrote to memory of 3136	5728	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://bit.ly/3pt0Mav
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffac1093cb8,0x7ffac1093cc8,0x7ffac1093cd8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,13241450930603624334,3714383423395714184,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5168

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5380

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\nitrohook\" -ad -an -ai#7zMap7846:80:7zEvent2989
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
4ad2b1d219554af18b92a989f6265e4a

SHA1
18e88b80e2da3bd19996ebad5d90ab066d385924

SHA256
1c03ff1f2cdedcdbae6c50eb0adc9891ed05def988950c7dfa7ef59eec285061

SHA512
82b01a5d90b28bdcd478547f76c763388c0c3840119aacc9e72056b324ce71bfb0f9f0ff837fbb454b1b7803753c45f55dd962300e73672ee79b96a7f02292a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a9aa67bbea73dcd6d3c9e1ecec44cb69

SHA1
28911bd20704b312fb10189c85d9335b7dd47b4c

SHA256
3c858c92b37c2ebfdc819d48859e1ef7b6d04027cfb0f210860c09a50a0f8430

SHA512
f4b897e80ee18205aed20e946e510817f72541565b125fe391ecc0151194bdc72927d5e6b2f321832c4aafba7e2287e6ecb866244dec89fa51b265341c180b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1e799d99b659879d40b5068794346947

SHA1
e01187e5945838dee7f7cc33a441168d1c8a0095

SHA256
290353e56db480f191ef37672f41ae4683b3fab533b8707faba0c834c57e41be

SHA512
2fbb0825ffb91ceadda5ee431080c9ae92d379e187f503fff45b0d0f09dc9f2949916e7df61238859a3387203b544a48cd71597147ae6383814e275a2e6aa6b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a9d6a6ea62c18479da7a68264656c8fc

SHA1
c29a33bcac38789271a1926a927a37de23393fc2

SHA256
99377df5a3fa860a8af95f46b62f14da8ab20fb188d8f9a722c89627494f78f3

SHA512
6052c607db7090a57bbcf3f829e6bfe8d3c51a5275055460dae3a31356e0373d4b13ec07e315895a1bfdedb82cb2439a98d18ae07a07bc83c7bd61b89a929be5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e569b9015c2a8be7559534ad7840912

SHA1
b47bf298399aabf3c60c4c829dd6728da278c747

SHA256
461028eef02e989b8935f544ae34702cef02d7907557783f0ddaaf51456f0ee7

SHA512
4e1df4b99ef77cd15e4f1435a9e8acfc6cc6b3d5fc67ff53b9caba0cc56a76544245bc7c0b4916286dd76c58c7340f678c02c6355e70e5b044234857a5e5c8ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20fe913795ad345d71dc53f3a657db89

SHA1
a0e873a1a8aa6a2cc2a53726c795295641fe2226

SHA256
3f9287df0cfcbddcadfcb5be71d2b11dc68b70ceb8758254a40ecf92b8578392

SHA512
19f9eacdb33d6b9792fb96ac731c3044e1ddb9c3f5cbebca059e975b5d0bd8c9d1e5f6bec2b17e10331f7a3086fb1e98e09f50d1776c706dea5bf988a8161d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2c1a7b0283300009cecf660de621d885

SHA1
9fd622fde1982f8edcdada7ed3c35640ef5dd2d2

SHA256
407ca52bbd129efd1f92456c18e3d9a6395931165ded911fe9be007dbd300968

SHA512
260501be719923382cc667cc6316a6afe7ebe39d5dac09eb46c9c0a935930fd63a4d03ca04e7a9a34b7be1814c6e60ee3b707417ea9fffa13507c009dd67de57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7cc094409bc8cf1b488535d717dc1171

SHA1
ad6080b1b75c94267b7d50651102d70d1fce0fc4

SHA256
018771f0e5c50fc303c9f895ec541d69c90fae8232f503ea6eb73414576a9642

SHA512
5c28c7b7f2f2c7dd3575a87c42aace8d9239508421ab984abffb01dea044fbde971f3de045ce95561c109e619e670fab50db8506eb4894f3e5d9836cd2c453c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
13aa8c8e9ecf62b510fa8e855466cfcd

SHA1
7f11a4528999a35edd0412291d098484aedfc276

SHA256
667565eca6851e789e1857f2bb8c81a9ea778c5d954154a8fb002911b98610a8

SHA512
da2b3f1cd09e2ad855e49327d70f968e83376db6786af413babe4cd7c3e4e865012e409d8a4d8b55b9f6cd42af6b3886fe067f668fa565242b605e76639d45fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582ad4.TMP

Filesize
538B

MD5
8acf3b74b34bba6ee7ae0a6e9897902c

SHA1
9bd62a91c7b60be0c8f432ef79ceabdc40035a39

SHA256
9372d90da1f1f24e597befe478752f7808b8f701e8c39cdf0f8dfcd639d778a2

SHA512
26c1f6603c2adc6350ae0a7295f26fa7162bfcf3391a8c5131646bce9da529ddfaca22279dd2a3e7d89880f3dc0093fff55f20e267e7936712005410ce5c458f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9ca12d68ffe72b3c1d2344c273ba024d

SHA1
a3553b1f5e25bf5405de63acd7d93154e95ec87a

SHA256
16a8171d13b38cc7d63e01855ac2a7b2e6878e251989cc534990bd73e16240c9

SHA512
aee3fd5b19073e59a618df6d408401f7d8b5c1c9fd2fb360592fff9955b82f0dc9a4c25c271dd25500717fd4d189f0a470f6bfe57b53b7eaec932bd4d14658a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b63f2b96636818b8b8d356d4b3d0186c

SHA1
29d8e514cc7738c8ea0d6e3bef6586cd493a6af3

SHA256
d0471244a4e472411951ff436807e32127a0ffcde246e0146c75690aa1ccc9c7

SHA512
49af322a1cf7ff7d51ff0907512d483475b0e61811147f14ddec0d539721f1f75ffa52e1cc33ecbf99d2ad0c46bdfca6be29ed1c793c85c10d076f66b0382ebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
35cab468ef6339b5cc375c70f1264493

SHA1
765b46e717ff0b69b2c1508ccbe853f020d3c412

SHA256
4c9b8643880ce520048fd140c42e32c05c14d743acaa2affc25572d0ff26189a

SHA512
bfaca05ca134a09fbb251bbe09a1b44edcf735465a7335ddf912ae71cba3ec17f3e397f248f2b40884aa2421d3054d87349cfc5dc90da46295fd734b74c33afd

Download Submit
C:\Users\Admin\Downloads\nitrohook.zip

Filesize
1.5MB

MD5
cdbde675ae3dfeaef83542a11e1425ca

SHA1
808e350d4692795076b29f3ad71fabe9082e3144

SHA256
0439cf2384fbea87423bbc6b1b4352039559beee5e315221817662a5d9157f10

SHA512
7db2f5108519868c21ffac6846ff258a8fc6bd4d01780100f66fe5914f85d9133fd1731b63437152c802ffc44ff9871fd3beefccb08786eb5ca61046d4cc9872

Download Submit
C:\Users\Admin\Downloads\nitrohook.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit