hxxp://melbet[.]com

max time kernel
145s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
05/03/2025, 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://melbet.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
1592	msedge.exe
1592	msedge.exe
4632	msedge.exe
4632	msedge.exe
1312	identity_helper.exe
1312	identity_helper.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 3476	1592	msedge.exe	80
PID 1592 wrote to memory of 3476	1592	msedge.exe	80
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3576	1592	msedge.exe	82
PID 1592 wrote to memory of 3856	1592	msedge.exe	83
PID 1592 wrote to memory of 3856	1592	msedge.exe	83
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84
PID 1592 wrote to memory of 4564	1592	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://melbet.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e09a3cb8,0x7ff9e09a3cc8,0x7ff9e09a3cd8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,11568077993926594169,14124706420332393572,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b98903eec4d4ba62d58ef15c040a098c

SHA1
edbfd3947a194ddd1ee2e2edb465eb7a57f27cb3

SHA256
698d9fcc6775ee16a41017cf13ccd9614001c681b8a4da741a1851f1b9f48def

SHA512
ee53739c6c098c48a594768bbbbada27d9728034b85e0e67220be097007348162f257a31f0669bcd17ba142b10b110680c3b5b18f9c40b37e5fa1fe8124d27e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
afe073f7cd46dc621114e4f8757336cc

SHA1
2063f15f773ff434b375a1fe4c593bc91b31f2e0

SHA256
e54fed17731c51a64a17e37dc2511159e55b308f0a67939477494c15166ebffd

SHA512
bfe0b1bb10d93def5ed5104e8aac1d74991de2ad64042ebcb35ad43e3dc3bfdb47d126a3c6632238e68c8e227187ba05f81192b50843162134222446fdb0b25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\71221b37-73cd-4868-9571-8cea2bb014f2.tmp

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
5a98810ef0e5130475a47e505402a892

SHA1
556fb80036406584eca1ea9acf686e769c1778bb

SHA256
d870ac33e5e8e245b7b7821b8fc927f3abe9106fa89e39943d766bcb04abd4e1

SHA512
106b6bf977b8111726bcb0995ea57453ce5ff3695827972df188e80259c7b2bc351ed2c23708b8f2a373f510af7d8291ebb7a8813a9a611631dfb22f92ddf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6d3af48584af80c66bcaca76cbe20ba3

SHA1
ab1cba25810c6f76618a1fe868a9d420361c12dd

SHA256
093a278f94a126edd2188294a5b5971def4d42b727445c916ad54e9090b9a10e

SHA512
16036506d866584fc23b2d1171d9e304607d6491792e820ba4dffec22c1be2e34d62c4cc3626e6c81d04e5cf7145019283190f9e6d36094f43f7f9c387fc20ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d9ad246a4da5794e805e2b3333b1cbcd

SHA1
b7b39114e3e6648fd67d750655570d71b1265f60

SHA256
aee5e5155b23f143af9a7bc72e993b24d9d455645c2a7f556a0d5068dcf5ef79

SHA512
e1705186c77027f9685cb0564d3cce2fda350499bdcffc5b5a1c39a7f527e18999901004cda0efadd5d3bc4cc2f98e1f3a27371f5551085537ac5c4f9eeffe16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1df087e57ccc3a91a01801d9e9c9b7b5

SHA1
8def228081bdff87cd77ce02b0cfa280660db893

SHA256
d46c0f05764ea2806959f6c0d5aacb74970a8d54aab06c2c9b4a49b732a6bbc0

SHA512
29fd1122f49672f760eb315a8004d2c425a3044c7bd58dff6acca5343205c67a7354e53eaf2fca52528ebcfd24c91300d5ffa5e2bc9f634173c4b1639ca83807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b05bfb2c8ff9079ffcf7177c1453215d

SHA1
c466ff451192d69106a281ab0216c24cc98ca6ad

SHA256
9ab75c0a1db20027dd0ebf8402a726c887c12901b5e68a956f3a8458826bb962

SHA512
94db07c9663b1f8d9fcba46adb7d0c3a0fd387a38c863bc0cc5c09ce60d10d74f9015a58e51a4cb0908a9aaf34dacf70db064cc9bf95a2eb93ce8c1e925fa102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
191e66c25e95b096908a70defd442285

SHA1
6c1e0e5fd61380df646d6157e406e746f22bf492

SHA256
521cfc3fe8ad61606e69c1f031fbf8a870b54ebd5e2e30b7a902460283543fbc

SHA512
1e61a1e4f125b77cefd0b9ab59e0179b25e4ac155476fa9096530a7f46f6385512cabbe8890e9ce305be8807ce51b5f862768c367cc093f663e15d4f26f94312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
88a077421b4bfc001786d45be467936c

SHA1
6aa9fdfa2f379761e65bc5d0426abe79c25f4b71

SHA256
d6a548be3e703387085794be1c1c344b35bebed42e9aea47e15cf09994945d09

SHA512
610cc8a52258decf5ef300dc9af2643221cf8a4f0a0e9fe9350cf61c5d6cce3248e84efef321e39df60f935cb7ba066b444163c028b524350b835c0ff4606c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588150.TMP

Filesize
48B

MD5
4ba5a5ea1bdec5bac9d1229f1132e421

SHA1
515059897acc3efe8ee3c130daf9c892b81d6a3b

SHA256
a04a437e3a823833a4661ac7023a79227da4e0b07ea9aea0dfec17b31cb53052

SHA512
608b05a873582427086b4eeb2235f97304c7e4f390e618d1755e8949a546abc0a6795eb77feb6a496169d04608044a7f2c180a86d2a3f85f03d634c035f8b828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
366B

MD5
ca3aee22a5cf2d1aebf58a3846da55c3

SHA1
e757a78d79db675adadab0ac65ac5faed7f53e56

SHA256
ee968a388eaf623ee98d6a712a2a2e03cccabeed532217730d5f7e506fb8d720

SHA512
4cd363699458760dc7f5354c5d93a2c8f62ba3e78d00b9148daa9816f4392b87f1c88c7a3a6db8502e26be0ec145a396ff91f8b675bc1f70d031dc2074303770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c02ed4b38804a89efcba219cbc258704

SHA1
efbf24c2f7171dc8e6787c1d38810847c9d468b9

SHA256
93ad5c8aeb98775fd64440a496e4c29ce057f9df3f209a449f4025482c9216d7

SHA512
818489955670f624d70e2846634c227565b5cd6c25ca0246e71a064ff4297ccbb64aef2c25dcbc99c41695db06a67bc8b0027598f1e96c18babe28f7276aca32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e309eb3fc264388d104f44a747e145df

SHA1
241232a4190d8f7b0bfb13b4075032fbc49b7278

SHA256
4137bcd0636ca1708967d1dc9954e28aceffa360fe9cf441db21ec752a1b742e

SHA512
c4a8e40eac955b080ef413c69d87486530e078ff4c3aa1d9a3080640f39f935c63593f2215ce5001f43f02a588260b2544c86e8c3536e7b8d0f2292a6c42eba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
71cebffdc9dc2ac290f446f612ae7031

SHA1
3cb04032344a2802cedbc02098f187f85dc3fe7b

SHA256
4bc45b86653bebdce021fd9e554b1c6c2705c385fdf52d9d0e3575e4c789c419

SHA512
381698a919d6db1222358c6a1939096a80efb6936c201ac197c701f878369e00a497887ad2950b95bb86c8da61b0f3a5087c5387991e8270e1681245f9e24b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c01d331e42e41c7cb066b3b1f9f895cb

SHA1
6a514f8bcc3033cdce388f0d4b432113aeb4096a

SHA256
8ec4f05b1ac7fd9f53839a8ccb0a478d6382f50d810babb6e903d56dbe22d0f2

SHA512
0aeef312b14ab979d025e3e369e1b4ad269b2834f743f0b470a86bab19de104813da82c1e79ce8e29fda91e5d745a81a5fc1e74ce7aad1ee12e93ac1a211cf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5812f6.TMP

Filesize
370B

MD5
402d510cd3f0e903cd17ba38cca844b2

SHA1
53dec66aab38f53f2006e3222044b166dc08f56c

SHA256
7ebafa0de7f026fe4e79686fbe05cac997e175558e901b5b233d0fae9c9e3327

SHA512
7f5417fcd504d3acf02a7832f2e1da2cbb6892a4c493a93164de8cddc11da03a0028c5994881ab017cc4f12e170c2035cfe7da78f899b4a27dc781dd9131aa11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1772c68776141a7d8076c298ce2bc9d4

SHA1
3076e43538715fe9657847e378e8149b8a816dfa

SHA256
db3eedc56a2f5e9fb256f0632c71e72c167d92698168a29f588f12f2ed92441a

SHA512
eed48d5f916b0e4a10fa7bd2a6d51f35507b2c9876741b508f573470b1a2871b3609de631718d33407d68c2bf16c0fa166c2888ada9d8e31275efedb33849f6e

Download Submit