4e299075536c52b7fe1d8076e6bef32e4a1b673d591b96cc53aab4b3d9717806

Analysis

max time kernel
146s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2025, 23:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R.E.P.O.v0.1.2.Multiplayer/R.E.P.O.v0.1.2.Multiplayer/OnlineFix.url
Size

46B
MD5

59bf167dc52a52f6e45f418f8c73ffa1
SHA1

fa006950a6a971e89d4a1c23070d458a30463999
SHA256

3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
SHA512

00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
44	discord.com
50	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3608	msedge.exe
3608	msedge.exe
4092	msedge.exe
4092	msedge.exe
5656	identity_helper.exe
5656	identity_helper.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 4092	2484	rundll32.exe	89
PID 2484 wrote to memory of 4092	2484	rundll32.exe	89
PID 4092 wrote to memory of 2164	4092	msedge.exe	91
PID 4092 wrote to memory of 2164	4092	msedge.exe	91
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 1592	4092	msedge.exe	92
PID 4092 wrote to memory of 3608	4092	msedge.exe	93
PID 4092 wrote to memory of 3608	4092	msedge.exe	93
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94
PID 4092 wrote to memory of 2176	4092	msedge.exe	94

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O.v0.1.2.Multiplayer\R.E.P.O.v0.1.2.Multiplayer\OnlineFix.url
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffbf1d46f8,0x7fffbf1d4708,0x7fffbf1d4718
    3⤵
    PID:2164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
    3⤵
    PID:1592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
    3⤵
    PID:2176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:5028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
    3⤵
    PID:3116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
    3⤵
    PID:1804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3944 /prefetch:8
    3⤵
    PID:5088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
    3⤵
    PID:3484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6108 /prefetch:8
    3⤵
    PID:4292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
    3⤵
    PID:4492
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6664 /prefetch:8
    3⤵
    PID:5552
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6664 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
    3⤵
    PID:5660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
    3⤵
    PID:5388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
    3⤵
    PID:5808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
    3⤵
    PID:5780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1
    3⤵
    PID:540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16920306433979929247,1820443417726049953,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3940 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2592

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x30c 0x4ec
1⤵
PID:1260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56361f50f0ee63ef0ea7c91d0c8b847a

SHA1
35227c31259df7a652efb6486b2251c4ee4b43fc

SHA256
7660beecfee70d695225795558f521c3fb2b01571c224b373d202760b02055c0

SHA512
94582035220d2a78dfea9dd3377bec3f4a1a1c82255b3b74f4e313f56eb2f7b089e36af9fceea9aa83b7c81432622c3c7f900008a1bdb6b1cd12c4073ae4b8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0621e31d12b6e16ab28de3e74462a4ce

SHA1
0af6f056aff6edbbc961676656d8045cbe1be12b

SHA256
1fd3365fdb49f26471ce9e348ce54c9bc7b66230118302b32074029d88fb6030

SHA512
bf0aa5b97023e19013d01abd3387d074cdd5b57f98ec4b0241058b39f9255a7bbab296dce8617f3368601a3d751a6a66dc207d8dd3fc1cba9cac5f98e3127f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

Filesize
255KB

MD5
e80cdded42978faae0ba033638a524ef

SHA1
4bc7ca1769ae8f7d4ae1abbe58776aefb4d0beb1

SHA256
f53ea4b855088dce71229d9760b4c6afef96a764daf95b5e3852cfdcc38e69cb

SHA512
b02648b654c1223ebecba8fbb8509b8e608760f6f8063acc3bc39511e9bf58d20a47d3f81cb627e9cd0d3a86a6ac554a51aff1648723cf20e61775e79982a999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cb0163410bbcc11ef0425579d4695a54

SHA1
87d56811c930c40cc58f1048f1d543719cf1f960

SHA256
fbc5d20faa71cc55d3104989bc609713bb1d8812750b1295f1728cc07a0af482

SHA512
45547f5766e48b04439e94c4edda77ca46b5c2fe0ce6526d768b44d33ac45f8fd17f345268321d0ef6fb4bfb9bbd6beb1506ce74b480b8c5f024583cc9765db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
77b3dfa9bf75de8efd763df4a10114a6

SHA1
9b48dc0e88c1fbf7c0e51b6566979b004359ac36

SHA256
c3c146e73e0bb5eae54c9b6f123aaec730babcc9ca7f3ca106fa08da80197e20

SHA512
e983d074248e4936da867c2b4d6b88b409cf6935e1ce2185a6ceaf7517729182a8c5c6d09f1cb654c2319232dca9eb5be36b87885148852e9cac0852dd2f273f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
af9a844a2592d1d1c6d6ae717b1cce30

SHA1
888316445e69800ae8db2a2607de0d3d7aa83cd8

SHA256
c1da7bfaf49232c73b10117e22c158099effa287a262f68dfa2cb7982a4f7a59

SHA512
26190c5ed99a77502558bafc95eff2a45e9bc05b7b7c19e2ed68d092971d2c16bad9362d860576b1157e2967fa5b19f35bab76d85e66889c781eea1a5069062a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
02d6f12113dfa389b59eabd9a418ad71

SHA1
a996f17d4a01c08a79cc3012602b01593188f688

SHA256
92bcb7eed458d111606e4a16d6328cd0de89a321a433f8750cb29aacccd8ee59

SHA512
802d097881d76714a975fc2a1afc7cab6d5bc892fc5b8ed589b5358e76cbaa3dd4c1127c51a21fa46390aaba5ad91a817f34ab5651c90e0e00691fc8f99094d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
adc71c5e49b5704de83bb529aa315f41

SHA1
95a24116188fe2426587105d13ef49aa01074b5c

SHA256
befbad221799cc363e265631559bd4fa987c3f7732b19494e0b5861c52aeaab2

SHA512
1c1d77017160ca28b8f0e961a0c1cd336bc4d4aa4e56571a2358c16403daa24f211e4ebe493b45dcc1ac21018788eed922257c43d7d6b7f0817488615af43dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5760f28af8e237bd2a7eecec1cc9a959

SHA1
5f3199fa3add6dc58c3f71e8f79465beca7eaf9b

SHA256
566ee9480a1c5c81ab71121aa3cad71d9780f1f9622271878db5b4fe0ad8010a

SHA512
14c69a893d115f606d0ef044060addbef8af33e1d40a2982d418d7cd29c7b8b5a11a587c2bfc646fbd0deca64af9232357fb167e4c50f8d66e22e2ca1d122e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f58687cf45e5fc724037f0a45d432c12

SHA1
a2519516f5834866496e5cf13ca54586ca6b6ce3

SHA256
ed5d321afb8c8f4d8f48b6818262ca83a14c6b863a5e082985a10225f7fffbf3

SHA512
0cbbbcfc2fbdb34ff3c995d32a767b00217b751ac7603dafc7d7694f2678e784d5bcf579a119c0c15d4f4900b517d9affce32973b877fd3d7fa04d484fa9a131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f384481990cf98737599d4eca45c7dd9

SHA1
6dfc82d961272f36d9b507efa5b78b51ad9f6bfa

SHA256
cf917242ef2407dc21178b4b184d401a8755127446169fa2421262f0430a1ecc

SHA512
333a23a267ad453c640ea7df73d6c8560e55818b88b4db940c206d64c92ed4fe0e887987239a6e4764f5ff08c67be11ae61bb7fd193b3476fb5c443431264daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6ae03fd6fd6980eab0e1cd540b96ff68

SHA1
3ded95cb7c79d8b95f09456466d206b0067443e7

SHA256
63cc2edfaed9745d72e6b3ac13b736b2e236cf013794d43e14bdfccd56147882

SHA512
4e34a5074a1114b45428586a2ff0274674fa0defe96ab4838067533223ccdc465cb8f543d66f0e4b2cea045363427eed211eacc851e48252ddeee83b194144ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1f8a8626abacc49f6d2275a55b455631

SHA1
d7b4741e5011a0831a959f06017c64dd9af37c5b

SHA256
e6e797dd636974c41d3f5d4e9d2659af2a12f3a3cbe1a45cc558a2c1c721d004

SHA512
bb2e631b438af320a7baf5a2fbf3214fe0c0a0dd5730a559ae99ead5310ba110fad3baa501cc8b41b61f2c044a54af00c0385ccddaa7bc2a6133e55036f22f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586e45.TMP

Filesize
1KB

MD5
da22442a249c4dc60279ec0f933983a2

SHA1
207197c7b42c51efa5e82ab167eddf9441046efb

SHA256
bad434d2f96e3501cf5e064d9b803f90da223797be4e1c45b818a45295f130d0

SHA512
a74adb0a07af537003f42ec45f7d958cc95a2e099890ecdcd861e0f8da25ad3804a34c12c27047b307160d018176b64877ca790f87baf1af67121ef93e8e1ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6dca4a4e4a3e455878d917610a641a82

SHA1
de3ec847eef72aadd82471d7964d56d75c54c50f

SHA256
b689773acbe793ce02b56395bbdc334a3e030a6021c2514b0599a354ab9495d7

SHA512
c3350fa3431cb82ef9ec69c14a4ea22bd45e55c8f30dd868966f7dd649cdd32c73cfb1ad14c9a7ca25a3d326dd268890053b2022745029326190d295e6790c3a

Download Submit