563ccbd6173e8b34da814ed604837be026fbe6d4bb8cec3868f7a0060c570775

Analysis

max time kernel
147s
max time network
174s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
10/03/2025, 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OnlineFix.url
Size

46B
MD5

59bf167dc52a52f6e45f418f8c73ffa1
SHA1

fa006950a6a971e89d4a1c23070d458a30463999
SHA256

3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
SHA512

00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	discord.com
16	discord.com
1	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2728	msedge.exe
2728	msedge.exe
1260	msedge.exe
1260	msedge.exe
4588	msedge.exe
4588	msedge.exe
4508	identity_helper.exe
4508	identity_helper.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4116	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4116	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 1260	1236	rundll32.exe	80
PID 1236 wrote to memory of 1260	1236	rundll32.exe	80
PID 1260 wrote to memory of 4640	1260	msedge.exe	83
PID 1260 wrote to memory of 4640	1260	msedge.exe	83
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 1464	1260	msedge.exe	84
PID 1260 wrote to memory of 2728	1260	msedge.exe	85
PID 1260 wrote to memory of 2728	1260	msedge.exe	85
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86
PID 1260 wrote to memory of 1312	1260	msedge.exe	86

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\OnlineFix.url
1⤵
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e0b13cb8,0x7ff9e0b13cc8,0x7ff9e0b13cd8
    3⤵
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
    3⤵
    PID:1464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
    3⤵
    PID:1312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:4260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
    3⤵
    PID:4544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4708 /prefetch:8
    3⤵
    PID:240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
    3⤵
    PID:1924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6080 /prefetch:8
    3⤵
    PID:2016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4588
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6476 /prefetch:8
    3⤵
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6476 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
    3⤵
    PID:4168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
    3⤵
    PID:2336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
    3⤵
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
    3⤵
    PID:1584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
    3⤵
    PID:2584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
    3⤵
    PID:4308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,12848339528780968710,2337896113115265022,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4672 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3304

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b98903eec4d4ba62d58ef15c040a098c

SHA1
edbfd3947a194ddd1ee2e2edb465eb7a57f27cb3

SHA256
698d9fcc6775ee16a41017cf13ccd9614001c681b8a4da741a1851f1b9f48def

SHA512
ee53739c6c098c48a594768bbbbada27d9728034b85e0e67220be097007348162f257a31f0669bcd17ba142b10b110680c3b5b18f9c40b37e5fa1fe8124d27e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
afe073f7cd46dc621114e4f8757336cc

SHA1
2063f15f773ff434b375a1fe4c593bc91b31f2e0

SHA256
e54fed17731c51a64a17e37dc2511159e55b308f0a67939477494c15166ebffd

SHA512
bfe0b1bb10d93def5ed5104e8aac1d74991de2ad64042ebcb35ad43e3dc3bfdb47d126a3c6632238e68c8e227187ba05f81192b50843162134222446fdb0b25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

Filesize
255KB

MD5
e80cdded42978faae0ba033638a524ef

SHA1
4bc7ca1769ae8f7d4ae1abbe58776aefb4d0beb1

SHA256
f53ea4b855088dce71229d9760b4c6afef96a764daf95b5e3852cfdcc38e69cb

SHA512
b02648b654c1223ebecba8fbb8509b8e608760f6f8063acc3bc39511e9bf58d20a47d3f81cb627e9cd0d3a86a6ac554a51aff1648723cf20e61775e79982a999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
731835aff0a46b809739784ab4d6ad74

SHA1
df7b97cd348f02e13c834a616778f27fb89a16eb

SHA256
9533696203b02a5d804fbc461842b991451bb312a2863fb913da27f23d212070

SHA512
128c190455d8a5458a2a34b29abd1b1050fe8fdaa1ba7cde50cabe09f43d96f83bf4b0c507672af6bb5f1e3ddf490996b248c3dcbb004e56535ab9d69bcc3bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
496b8e843922940b4da38fcf0a2b76e9

SHA1
115788d3c44c88186d8dea4ca1485fc6000ea7af

SHA256
e9d79fd695c5d056d3e9b5bf578fac16f6f4b5aa65a48097db423f08089edcef

SHA512
c51d33ea500568a22b4ed0aefd691441bc95247b5a1cb48afba10005272796d4fce7a038dd4524d1f1874d122f1ea6163d3192969877eba6a3319a358efaa9dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e1854c240a8c83a99f17242a21d8b8e0

SHA1
fc965bd2cb8286aa4163d8fd2d7c1c432ae3eef7

SHA256
214c9bd63e060e62e7b767f1f544f6f77fcaddacec1742556ecdaddcc569ff6b

SHA512
bdd8a0796c01ac30fe2b8e37f8e36e066890f401b11cdf215e916ca8bee2aa4d4ea8c34155ddd2473c776b3487e4d230a56c4898ae0197d43fd60d3a34e8f9ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ec5ec86a9e62adb29198c6130df42ce0

SHA1
4fa65d76629efaab3aab101d7e1b74c77f3186c2

SHA256
07032d4ed1869acf667857ca3e84bda5a401cfe52c0ac9a5c5b6f9ae81767e49

SHA512
960bed8bc2cad99943dd244428022edfddb4c57982c089f833c12ba3ecf17caac5b0791e451a9bceb6463aa7ea229fdcc6ac61418b447175c6ca972fb8285984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cb0d28b35f09e20604b5c8dbe7792e64

SHA1
a528ea0bc30f3361e4afbf4231f1135350c04da8

SHA256
17c69d561a09db531f6c816946625b02f4073ce7cf33e9371c24420b23e8cb46

SHA512
b377a175d72d679c8a8db8779f35a2f2517c63530faf7c0adc8d979cd9cebc969f953f0f83e4036562067f689ee2b9dc284f774b6f5263e6f16471f45a702420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
128f307ce79c42296c32472c83daa4bb

SHA1
4cf719e2a66ee35d8485f84ba2a3376febce38fa

SHA256
eba8a42f8c8a0b5c5d18e06e00973e83b9ea91ca7ffda2a6bb439accf2faa55b

SHA512
4821016e3517596bfafb68d82f14e92e01198f6e9bf253564ee5674872ca3eeb45c43c55b132ffb410be2a47935a2a33bfc68b82643c9c4a42b5a4ddaf385e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0945ed360721e43ef17bc3698b60d01e

SHA1
c729f5152aa2bfd43c7a5e92570a75bda3754c1c

SHA256
440f68636fcedbdf62be53fde8a31df920657e51c86d0daf49f4d366c5140864

SHA512
ea547913ec756e220357256d55851ba1e22d464413816725d5057e1ac88a25bd868cfe9e2d93d52223d7cba8bc7446c727b43ea8c203c006f1321dee456d72a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3040bcbb9c15058006ac56250c479824

SHA1
97b74fff5d200ada4059709c4c67165e5a2181b2

SHA256
07173952390190329e5eb17e66da1267a5d784e82e31a2949927dfac51062c31

SHA512
73a5bf65e4fdf8e00fb1fed7e2cd1ec4d9f31f93d7f5310875ccb176dee268a4f3b7235686bff85a28c019962d1bc0bbd6da8d890f903792942d233449ba5f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a20e1eec4fd68f23ea1bd70cceb2a0f4

SHA1
5f30a52f21693e5cea0770924a60b8fa0bade060

SHA256
9e77ae56adb7127226f78b72a817915c48358c1f6eabcbf4d650fcd2f1d86889

SHA512
b526b7f7d33cd44c2adff673aaa661ff31b5743240b30b82acfe254cca26d78b346d27c7c2fab3c3e162c5d22b8c507fef903b2b20a28af6cd5a5aff3b868a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
57e4da2413aa66368b056115dd0df463

SHA1
35e1910e4306676365a5aa4238fde2ae24614588

SHA256
b0a0e9c6fb5b7b81bfdcd7252514be628409db8b09a263744b4cd247dc2fe0b3

SHA512
867267d9105f1a33145ec2110d9fd71eb840cbb6dca977ce81d238f233aeb82df203b558e7f313bb045975cb55122ed85c68ab54caf21c6a074f4205d46b14b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58589b.TMP

Filesize
1KB

MD5
9cdd405f4f54d2aee6cd9354b87026da

SHA1
358fc6be25d8eda492104e55f3a321a8660213ad

SHA256
f267d8fc15a6067adc6dfdfae470a0019347fa65a00e2f4610140c366ae994f0

SHA512
6e015cc6faf655dd84169ec98855607b7e0f8bce828a84901440d29c098dc9b1a7d37c5f3b4334749fddd337d485b9572ac77ec3877055bc50f8ad644fc0fadc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a532b4eb893fd833a895d93a24f9019b

SHA1
243095fb314e2d520efe60c816bf87501e1b08bd

SHA256
f3f369f799d32458e34c33eaa9892abffaa200a933555faf0c19860b00011a54

SHA512
32f05d4d01d4f6e8db9aaf70648012a4154d321d7e3e808f891053b7168aa2d6cb642d677bcfcec72ade44bdbba882f32e05d381a748e5b331d5af5ac717ca3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
21290a9846e1f2f9a04d19bb8c9f8e28

SHA1
ed0edc4489218f3e7af1cb76e509fdc64c4ccd66

SHA256
30154fb1d303b83c3ef3f0965f7674d72b256562fab459fd4ad9cebd701e3944

SHA512
65d0b5e0c2fe9c9f8364841e837f0c76c4b23cf851566c1510e68f43aef08ce3af2779417c6fed48332b33386dd607a254f542a623bf1d1a36fe68d04a6bb152

Download Submit