4043ddf542d7ac9a682a35076ccdd14108244af6c051ffe341b451a104194fd2

Analysis

max time kernel
841s
max time network
905s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2025, 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R.E.P.O/OnlineFix.url
Size

46B
MD5

59bf167dc52a52f6e45f418f8c73ffa1
SHA1

fa006950a6a971e89d4a1c23070d458a30463999
SHA256

3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
SHA512

00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
45	discord.com
49	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2152	msedge.exe
2152	msedge.exe
3660	msedge.exe
3660	msedge.exe
1296	identity_helper.exe
1296	identity_helper.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 3660	4984	rundll32.exe	90
PID 4984 wrote to memory of 3660	4984	rundll32.exe	90
PID 3660 wrote to memory of 5044	3660	msedge.exe	93
PID 3660 wrote to memory of 5044	3660	msedge.exe	93
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 4968	3660	msedge.exe	94
PID 3660 wrote to memory of 2152	3660	msedge.exe	95
PID 3660 wrote to memory of 2152	3660	msedge.exe	95
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96
PID 3660 wrote to memory of 1688	3660	msedge.exe	96

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O\OnlineFix.url
1⤵
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffad5ea46f8,0x7ffad5ea4708,0x7ffad5ea4718
    3⤵
    PID:5044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
    3⤵
    PID:4968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
    3⤵
    PID:1688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:4200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
    3⤵
    PID:3144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
    3⤵
    PID:2736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4140 /prefetch:8
    3⤵
    PID:5488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
    3⤵
    PID:5748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5536 /prefetch:8
    3⤵
    PID:5960
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
    3⤵
    PID:6100
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
    3⤵
    PID:4380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
    3⤵
    PID:4472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
    3⤵
    PID:5424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
    3⤵
    PID:5368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
    3⤵
    PID:5988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,905979192244829097,15345797419682536424,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4756 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2736

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x4fc
1⤵
PID:5592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56361f50f0ee63ef0ea7c91d0c8b847a

SHA1
35227c31259df7a652efb6486b2251c4ee4b43fc

SHA256
7660beecfee70d695225795558f521c3fb2b01571c224b373d202760b02055c0

SHA512
94582035220d2a78dfea9dd3377bec3f4a1a1c82255b3b74f4e313f56eb2f7b089e36af9fceea9aa83b7c81432622c3c7f900008a1bdb6b1cd12c4073ae4b8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0621e31d12b6e16ab28de3e74462a4ce

SHA1
0af6f056aff6edbbc961676656d8045cbe1be12b

SHA256
1fd3365fdb49f26471ce9e348ce54c9bc7b66230118302b32074029d88fb6030

SHA512
bf0aa5b97023e19013d01abd3387d074cdd5b57f98ec4b0241058b39f9255a7bbab296dce8617f3368601a3d751a6a66dc207d8dd3fc1cba9cac5f98e3127f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0b4e92a0910643502bc6de74af0ae731

SHA1
f3d56e29d02cdee7263c258a877180b6f3571403

SHA256
90da2bff69216c40b02e131b239729137acd90356e7a71ef6d58dc219076f99f

SHA512
1b447392abd339519f8c3bf0875463378a53198e2cf3e2ffe54fb6256cf4d88c4bef690cf4d16b06a0d1c3e1d586965b50a38d3c3ff2291263a543ad83529f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f9345de18cdeefb9d40448087c7dbe39

SHA1
a92ff48763192e167b892364b8ecc4da2cd285dc

SHA256
62f4f9f5f6d54b5608fccdde6e7c17a76f623a828bc809a9aec2bb55d953fa67

SHA512
9718714d17b8142af038d79dfc34c3e042cf66ab5e7677a9f4719a11ac1910108f9267b9cec0c8c50ea19dd11f0245214cdca3582ab3d97a15d85033155ce992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5d84285b8d53a5e4c214c2032d2249ff

SHA1
1a1f4c6e9725dc60028c91e88c075176f3b75fde

SHA256
136c8095a3e4348b40e94fa9b410269e5ff6d6fc7080410343372b50d669e981

SHA512
b68f84f5727317990fdae45db6416f171668124f6d10c131e5e54b8bffc958c628bf8b15354c2d9e369332486d77bef5b305120d471cc5674d834866a45e8f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b164cc547b5b3a2bbe5b65e7014156c

SHA1
f0bab902a80eaa56a56a556cb6db20d51e595a50

SHA256
3c67e6182036361e6cfee9371f3fb753751ce3aa9fff704128d621c7af73059d

SHA512
fa379594bf3f5b79e25617dff2c1efeb25b6f7964c64205af25e24e195b22f93ea455c0f4683fbd7a30b41c250fbc19206c4827d4c92f77aecb991df2471b846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b6bb64d2c7e1c4f917e5ed112febb589

SHA1
bac9b544d655c603b230a8c23dcde465f3192d95

SHA256
2ba9e5179f0b4c64abe87a10bbc06198ea89508f3ac1bb17a9a4adb51ddda1dd

SHA512
e72e036ff7a5ac87c3b35ba50b23ef31f9a6b22d5297213a217f5c127a28e5beb0b8186cfadf1028ae32f88b0bbba46e864ef0d4faff0fa457ff01c2a52f9841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5dbbe7f6ee7207331c87d8f657e33826

SHA1
623f94834f213e3067c4f4ab777828b35b691e2c

SHA256
330c70a51c46836066c8c202072fda093e20b4f4efebeb6dce92ce14d6566a82

SHA512
6923c9a59311b1cf14070b592f2e0fefb3332448d37ed05f1cfb42f709c7891b96955eda101ce831ec90f0e238018e8d5bdab3b57468fcd93651cd0d4f35a47e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0cb35761e642f51041a7ac5841c79d23

SHA1
39c72ae945446b5594c581fa606f818a028d40cb

SHA256
8104a1c59257b67e4f284e784448f550b8ca64c60e58145d288234043c466219

SHA512
daa586c95bf48c2a10b96448922698c2238943f3cdcbeefba269cd7a10aeefc5b9734a6a71b45559eddf7d1a671735acfa637ddb7b0326470c6821fee433f760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584ec7.TMP

Filesize
1KB

MD5
387e100df09791232d5f528fa098d6e2

SHA1
8f6702ad7280fe55fb7dc06483a0de6914241ec3

SHA256
f0b6be40985690861d77958350b59e9cc0505e585116832e549c8e35aa3f66c8

SHA512
87146b8bacf7b8266e118fda348de5c7f583a1ad7c9a2402f4efce41c106de7e01ef947241e06374ca48b6cafcd1e305b8674b9ae5ebd691b362b3c94595ec09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
33d0b3a46fdd1a2857c90fcccc92f8f8

SHA1
fc1060ec8f0cf7e3ae3fba49c445f90b1957337a

SHA256
948e90aaccb0cdf5cd5c3500847d53420697ffe8d530f93592494ab53e2b8852

SHA512
f9a6f0433ae4807b44f85028136c65cfb9c7259f2a9cf1ceba670f2cc23aaf9350faaa24acb701deb792c243c7904512da58029622c522fb4046744f1d363046

Download Submit