hxxp://www[.]mediafire[.]com/file/v04wcs9dlfq5ke0/VanishRaider-main[.]rar/file

Resubmissions

28/02/2025, 14:45

250228-r44veszyat 3

28/02/2025, 13:17

250228-qje5ws1jv7 10

28/02/2025, 12:52

250228-p4e5yszrt5 10

28/02/2025, 12:32

250228-pqra3ayyhz 10

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2025, 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.mediafire.com/file/v04wcs9dlfq5ke0/VanishRaider-main.rar/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
3080	msedge.exe
3080	msedge.exe
4728	identity_helper.exe
4728	identity_helper.exe
5240	msedge.exe
5240	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 4100	3080	msedge.exe	86
PID 3080 wrote to memory of 4100	3080	msedge.exe	86
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 2108	3080	msedge.exe	87
PID 3080 wrote to memory of 4592	3080	msedge.exe	88
PID 3080 wrote to memory of 4592	3080	msedge.exe	88
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89
PID 3080 wrote to memory of 2924	3080	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://www.mediafire.com/file/v04wcs9dlfq5ke0/VanishRaider-main.rar/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffc52a946f8,0x7ffc52a94708,0x7ffc52a94718
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6284 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8249308770136383820,14973084640099225196,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
1KB

MD5
c6150925cfea5941ddc7ff2a0a506692

SHA1
9e99a48a9960b14926bb7f3b02e22da2b0ab7280

SHA256
28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996

SHA512
b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
4ef812e509abe15b77a124c198997862

SHA1
07d5e4612dda2c88cf4aae8ca221dab9548fa28e

SHA256
fb750aedd269ac9ce8f0962a7d820d6a6830c9d907bb2fde984dc708ff62cc67

SHA512
05c1dede821429bbfdd9c1bbee679ad6e908470507074f720b5e567cefcdd770eff186e946a16e08854bf9c791023092276a57c42c362db506b88b685d9b9bc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
276B

MD5
8a22b2b95104985e84857340ac93e9a7

SHA1
ea624f3896e67f497caf7e8f3a1cb549d0556a71

SHA256
03232ad077447d364072f508e1969cfa25a15bb26fbf068567bb5728bd3eef81

SHA512
691efb0cbbec426d534e302a351a705083c85b20635f2512395e4f1b7d09bf059c1bb7a1cda295fcbe80b46f7c69b39805083b51149cfe6c5ef6e6b651b440ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4e54650fb0a7903f379034c9d82ac20

SHA1
d919492abb1872dadf1cd7bb06ee2b5015054077

SHA256
e5f9de12025a9ba17526352d4087a562df4db1a174441a12473fef875b8523e6

SHA512
06da3dcaf3033c152da33c0c5b633a759317ba9846deff164830364f7482057ff80870e0da0037601bdbda679952a527ffae6d4714d38b5ce89ea8e5395a707c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa378723292221de057e05f75936b4c2

SHA1
d1d52fca8f9ce32735017b9ef3e76c3be33fc2a6

SHA256
48c30b3381ea9417e0c9e02534294378d28d61b6a382294d8096dd5417b6982b

SHA512
f150891a568036089dd727d5d8613fd86e0b528f95ca2887a1be937f59f0e450f2d79fb8b63149abdc47b72bf20085b444e8f8188e221a6fefba08149c7360fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\92b1d130-0a33-4a12-bf18-f3f81757523f.tmp

Filesize
24KB

MD5
12998953cab3415bfd740ab071b9889e

SHA1
b919bede30bfaccd6f058062ef2483e136f23077

SHA256
015eb45910f2258fbf839b8f0188e679555a70f90de7fa6828e49b4e328c2259

SHA512
912e9c06836623ab1a75b9ba7670454f8ba129811478a35561d6a16b5291b6ef34a206af810e5877c49464c264661bfa37666dc7360afdd906b63093582ede58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
83KB

MD5
7231ac7aef9095011ec7cc3c4817de02

SHA1
badb1bd7fc41edb2bc3ba4b0a5b7e758c6a95de7

SHA256
1862aa35666fe6de02940e5be22c2079632eaa29b16f24bf70bf42e5f9c0053a

SHA512
c9a5bd84185e662cdb4c213dbea0e068dec9c0d30e213a804bead0ea52827b7027407ab1190a38b250ac2a8f0451dd6d0e8641495c876a88fa06740de2cc23c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
98KB

MD5
a00252e67b17752c2823613aba49e9a1

SHA1
e20c29640f5f5af044a67d88748e9a58159b675e

SHA256
2b76d445d7310c26bfa345606e880cd95eb3a2e2ce1231f91341c52918be85c9

SHA512
3a622fddddf1077b72bc460025f3cf835c5df5599fa22e8008f15b19713230a1f0829a740fc49d39d0bc2b337195fef3fe0bd2c03e2e56add6c8b66e087ba3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
141KB

MD5
1ca31c5df71a44022847a7c423ca34af

SHA1
05a089ef8924538193b95a99070ee038de2990ed

SHA256
2b1d216d3df188ef713c78df488330d88637e9f17921645bab66a178f733b11c

SHA512
1724a4b65a6f4ecc5c0d310dde8646e0c84a539a67bcae7cb998a0c4527a7442482ac21cf57a45bbbb01900965a13d24035ed778e06bdd5d9dea007a70dd2068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
214KB

MD5
d20fef07db1e8a9290802e00d1d65064

SHA1
71befda9256ed5b8cd8889f0eeab41c50d66e64e

SHA256
f9cb4624d03224bfce50c4c0e484418acd462c249f38b4684e72b27a1f30144d

SHA512
ad5b2c8df60027c6dd5104bb8c2357b04eb24d69245c607ff99a6f2a887f929428252ad793d9aaa8c903c7b1e1bf9653cd35f79747d5281e7e3d2c21fa828537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2fefa4c3cdf1f0071cf9e20ca3871303

SHA1
2e6c356a5c10c054e99fd34f22b8c510586724f2

SHA256
108b0792a3eea3406077ca6f1bbe1b6f088ccc26c0ba55841d3980f7863deb80

SHA512
aede8aa2a813a069c053e33ad39b56021ba7a1ac2f2768cde2e16d3a65630aab564594c4b467447791f4ac58e61cb1fa601fa5d3e2032deb1c4f626683db7ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e4f9a40dd56f21bcc78c98641b273eb2

SHA1
ba0f6d9f65e24f539af4f891c09c6ab6ad9cf63f

SHA256
da164fab7e0408dea27554a3d4fe72586c018aca68ec4403ca386eb7631550c4

SHA512
126b20a83dd7cdc70db9c61cb88ad0c2c616909605708882ce36080315ce0e26db11eafb93560524772abec8f7b7c6b7a6c5346cceaeb24c24d05525833efe41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d75ff8352b6f3fda53e51390ba738f6f

SHA1
915669d64707f63bc6cbd3aeb826729f880f580c

SHA256
5d0128d39e18d904105be4440d95cb8f0464e7ef413c9a020cacfaaa4bcebdf0

SHA512
ca5140621ca0bcbea75c1ffb37adcffc0dddacfbd2f4791b6bb1bf46159d3ce3d43b5ccfb0eca9e86c695a6f27666e805a9b7d45ee22f89e474aee0457847f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f17c2cf29f2f90731a892f69ea4067d1

SHA1
7caa25154e7ba262a29fb32156535a4428098b38

SHA256
c8e3d8252075b0553bb4dea4c0885927ee97ad8c4ce63e1d9092ddea55ac03a9

SHA512
9ddeca6c9b9ee910c51dd8d648070d4de10d599db291c5d50fb93b77d58661e9247a7e5cd014606b658fe10023b241b62654040f1bf621a6129a686e993f71fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f7dbf174d6868b63bc544a60b542fcc3

SHA1
e509c989a39fe68edfe066350401e68621f78a57

SHA256
9934097a0bd1b7f059f8f98d3d23eec2e4e32d7ce6b562402c72892cfe7ae8ce

SHA512
8bf8f31a275872fc07a6ffb83a8ad781c352a5848e7f468920e56c80cc4b43c41f8fd3c6e1690cac239b8e717ee340e1aed2a0cca1766b9dbda7c942fa7d75cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
375c24425ab72f1116d94c134899c037

SHA1
21a5bf0bdc66a2f66297c8ef26a108c5c0b9017d

SHA256
a1411c66034d7062e7924f3a430793df7f8db139c9bbdef6ae57c5675ae18699

SHA512
ba56a3eeb046f622e9f1f028d873c3152ca8fa0c26e5b025a5d1f38294a2c29de966730f2df50319dffb4270bfb055533ca71ff1466b91fe6003846e19e90bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c9e03ae2e22d08b91b10fa1e208abbd

SHA1
8ba760030d0e68ab695a2b87b1d06a4778315bd6

SHA256
410ad2a0a67608410e1042b88c3a900bb125c72901907ab9cd01e32b24f2679f

SHA512
882ba22b3603ebf50fdff5f5e9b372671b9dfa67e40139331f7fd2d6de2fcd0cf617fe0ebd9054b5080d2a8cb2674e55c7ccde63f268bffe52c2318074b637d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
66ddb3bf653aa10bd08219e950dc42fb

SHA1
645e8ae062dcd90301319fee7dabcbb89129533d

SHA256
991be77325e924ff8cd2637fdabd052616732fcee88695dec2e557799c8d1ae1

SHA512
f9537c91e36879f52a9e2f789a3be3ae1fdafe53070c64c25ba310c8e9f2158e5a91b8043c22039a24eb87cf23d58453b8e2dacef142ef782b4ffea3ef0ad5fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc28ee1c959850694ef03d592e135a3f

SHA1
3bad4af067772251cdff99f24b875921f2cb1179

SHA256
ab3994a1f2033b1d30762b54677bcbb93b8de384f573a5f138cb487915479e0a

SHA512
44485b49f8ae797cf4e733e7df5b29b8907a3e9647b1c71d84c7e6748ccda6e616e8f20ed4bc5eaca0b11ba400f06f345a85dcf470dc2ec1caf001416c1c3712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5828ff.TMP

Filesize
370B

MD5
777818f8a9b3d79d1367a335f785c94c

SHA1
031482391c094857489c3fcf9a955d989c46e711

SHA256
d16785da1062900a2da5cc9e0e778cc95f48f824dd47a841c95fe3dc8845c48b

SHA512
d826b3f084e608bdc73c3823daf4a5aa5afb2bb3bef9acef05d466dbf5db165f9934bce1272cc01d159b2ee239dcbd856baac81741709ec29519524de925391f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
099e507f7e7ecc43ca07179cd3b62830

SHA1
d9d40d07ea39f2b89d4f0831691b88f14493b4a9

SHA256
7af171a8ba5bbb4a74c916f4de780e0127b11b3a1ada860d00d479bfc8a8980f

SHA512
df3207768f0d82f5fda347163d76df26d2770a46a629c344c7cf54b0f839e686a11fa00f96d9c9ba72501c09d723eae91b0e57578fb2d83c252ec9067421c9ad

Download Submit