hxxp://google[.]com

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2023, 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3104	msedge.exe
3104	msedge.exe
4124	msedge.exe
4124	msedge.exe
4236	identity_helper.exe
4236	identity_helper.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 1824	4124	msedge.exe	28
PID 4124 wrote to memory of 1824	4124	msedge.exe	28
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 1092	4124	msedge.exe	86
PID 4124 wrote to memory of 3104	4124	msedge.exe	85
PID 4124 wrote to memory of 3104	4124	msedge.exe	85
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87
PID 4124 wrote to memory of 1512	4124	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc04d446f8,0x7ffc04d44708,0x7ffc04d44718
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,2666857784890324001,4092685035260517808,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7ad9bb1054aa03e39b3554833d0c3ec

SHA1
cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

SHA256
0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

SHA512
d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
39KB

MD5
8877fbc3201048f22d98ad32e400ca4a

SHA1
993343bbecb3479a01a76d4bd3594d5b73a129bd

SHA256
22f8221159c3f919338da3a842d9a50171ddc5ac805be6239bd63e0db78046af

SHA512
3dfb36cd2d15347eaa3c7ae29bfa6aa61638e9739174f0559a3a0c676108ccc1a6028f58dad093d6b90cac72b4468eb1d88b6414339555c9f872a5638271d9c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b33124fc1ea1e15444c22b005ec519c6

SHA1
d933540ebddae05b68c5f3380401d056fb7e3e8d

SHA256
f39996b17b7c9387bcabc474c7ff7f0934b728afbebf5a9908f9f26693d5401b

SHA512
9db59e9abe607853dff588c23ea3485574f312627dcd19c51cca0a7d883721b5edc1c12224b3de57f4e7072fa6c73f97c7c6855e9691c49ceccdd0a0b63dbe51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1d50c61342f19cb24f4e491ad96a87c8

SHA1
f74127bc7456be44874cbda4798fdcd1f1993e0d

SHA256
fbc0638615c9669624541a6b73ff0ee59f4fcd52691f1f8085dfc78d93b82a2c

SHA512
ce97b2fe0fe3db62436e92694f6e49a730ab4e7e0ddedac44cf869becfee0b30f8520dc6ec7d8b290f91cd7600deac4cdcc779fc527f1a81e339e49d680064a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2ac263cead261709d9f090b5fef1bff5

SHA1
67395438c4efa55cf0ff1ef118b54aa98330c635

SHA256
1ab752fbf4177e11c9bfcd3d557d7984b4bf48f94c2039a411f109fd291a0e43

SHA512
d78b200cb8d0a077cee85c6c784aeaa2657124d80b65041cdfd0f6238c049c1f92108a2a27e1eedaf015a670827b2dcc9ad64aaf48390ad2a3e60e8c5f35b6ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea8078078ce3d5207268881b7cfbc79f

SHA1
39ea53c93b3b01738754aed915a81a679cfb1c3f

SHA256
912f31e4601c92f4c10f3f647fbd6d44f86925b8b2e63ad6a6a9c5931397d515

SHA512
b91190a8df9e9349908fbbf6207af8a2da90ef183500719d899c664cb1c5fa777734574c6818a8ee6017a43e288874f4f0a7f51b14c11eca82c0a551aade88cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e62cc4051e1f8eaa0abda5d730a2496b

SHA1
d15346e40b196bc313cbfe5ac96b3c90b83345be

SHA256
ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb

SHA512
3e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
83B

MD5
9d9a728fe32cc445c491163e404947f6

SHA1
a8252e4a69461c96d996e87a843a644492843cac

SHA256
d13ef795f386e902edffddd01485353f67ca9b697852866710a68d1fe65c271b

SHA512
3491d8d70a8c28bb11ddc7190eb0bef0a59413d68d6337b6c220196b1fba6a1d1b5ff1a5b3a5344f13890047baffe7e2969846dd9d112564586b4768bac73950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
7ed54e020fc0fb62be6042ed7a0df1a7

SHA1
4991e457d672613b716f9978c3aa4b87f229d867

SHA256
185171fea8feb798dd2d8613761acdb15f44d3ca7c0ebd9d5a656d90ade782dd

SHA512
2de76617a1e11f6ba2decc77993f4a2006a1e3ec824c598cebad20b2a22aa35ca4687c456ee39ee87ded5685fd3b65066be309093da6b087679fd9a96e943efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
da85a787e9185960ec8d6ec084f0e972

SHA1
c8abcb361abbe719f3a8361c2c25d246cff45e7f

SHA256
e41c0d204c93d72df3ec1e03be26eea9e274729b07f95f85912976fbbf879dfb

SHA512
57d7a5ce13f00522b4d03d7639dda560d622ab195f4826fe42c154236a44c71ec75bf73208c8d0ada8f6a0182df80cd6d4730e794f6815f10004e3b25694be11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
e9b9e8750af60389a51e70245e895b88

SHA1
51a25d59285c746a209f379017bc715334dba8b3

SHA256
80598c743099e81be40b0d4d7d38d9d3414ef64065357731e611641edfff562e

SHA512
425073ef76f321293333c9e28c74f9592403754ca4e9e489e85f1e9e52dfb1aff5a71e0437fb0b55b3e67a73910df28550157e1106ac63af2ae04a52213c1cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f58b.TMP

Filesize
372B

MD5
e2a23adc06c98e451e9c09d3b3dbc7f8

SHA1
816613f4124b79b969b7c7f38e3445f76a96d7fe

SHA256
cc820484dc6a156b18ee243d3f49b4cd0b9e73aa66e05c327efb3655c2bdbfb7

SHA512
530366ffe7abc7a6176c8699ff17363f2130a670a1ab13375676326a1b6ab7b02c787fd6f8f95430ad29ec11ffcf1d9c821ed60f553f516114320c1e38f405e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f01f33bd-ef12-41cc-bb09-4d440f477c23.tmp

Filesize
4KB

MD5
e815f4f281dcc8aefc2a607fb6ceb2fa

SHA1
49d620ed2b98081fc6c4bef5b664cf384242b58d

SHA256
6f75b193a7b0a441ab827dcf252e21fdc00260cf754e034ebfc11f609a440cf8

SHA512
c26f90b253fa4a407fa521c240e89b72c876f34fbeaed3d071cb174f8eb8d3efa90e4097fca4934dd249b8e7558fd11f63c562303d580ca37c940329997b0579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
51bbfd2c7da38a9951628bc18cd47c32

SHA1
09f409706173e008e31a5558122d632c7aede84c

SHA256
3ca4937a5136fd3ea22221be1fd0a471a9859a12f8f8b1a63d28701a6e9a0eaf

SHA512
91e965f8f8d68acbf52a0d4d457d69be6d285f509bfd3c9726e2a1fb6ac265746747638a55f293ff96afb6cfa30c8e32030fbc3321506a0fb7cb0fa0694c0384

Download Submit