hxxps://www[.]noff[.]gg/clash-mini/

Analysis

max time kernel
37s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2023, 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.noff.gg/clash-mini/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
536	msedge.exe
536	msedge.exe
2688	msedge.exe
2688	msedge.exe
1700	identity_helper.exe
1700	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 4908	2688	msedge.exe	57
PID 2688 wrote to memory of 4908	2688	msedge.exe	57
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 4520	2688	msedge.exe	84
PID 2688 wrote to memory of 536	2688	msedge.exe	85
PID 2688 wrote to memory of 536	2688	msedge.exe	85
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86
PID 2688 wrote to memory of 3944	2688	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.noff.gg/clash-mini/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee31846f8,0x7ffee3184708,0x7ffee3184718
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1607082292168818219,12785892242830594304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:5284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
45KB

MD5
fef94bfbc37b72ecde2b284fb905f96f

SHA1
96636e23ff1d4b7020a31c21d58746298f8964e8

SHA256
100fdcd5a109390bdbfda48041a306553a7cd8b492b57017ba0003ba3e44188a

SHA512
be7f9d53f9febfeea296cfb2dccfcf447195c9aab1cecb82ef7b96c4d0977fe0534361b76db11e32d569900afb6b4a61c18983cda70ee4659ee5bbf1cf266e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
55KB

MD5
a5c14868cdadfcd3a50333e0c4069f47

SHA1
970e64d141bb0c026ba20221e68653e8de8de262

SHA256
7edd130924b324e51707691a8b8288ffcf12cfcceeb69e094f1ec8f3e5b8f052

SHA512
b2bfbb20c9aeced86d5ff142bda931e00b3899bc0b74064793ff5df0daf6cd2e644792701f47c4be16bc4546c71396428f4dd0a7bf3c22abd5708fb1e5347088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
21KB

MD5
fbd3d03b77189813e3ccc0011a83f99d

SHA1
971cc131e9ad2dd6875b551073f560306e0f40d4

SHA256
e36039673a6aa2aba2743f179fff9a01b1de0d9e7f0c460691c1e59357d70046

SHA512
8c0c54bb8ec4d2aff6d11b1bdaed49872d8734d0c9808804a8c170e0f129f3bc11ac1d6dc997d8ca9b1d258d4c27f9e25adb9201cbcec9e53d1dbde17e54327b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
80KB

MD5
cd5d5354fa4a94ba3581ad8a042b2027

SHA1
beb5c52d30c42cbe680256586179e7cbaf28afe1

SHA256
426ac90cf8208a6606d873aca3d0afe43ed661e3ce430897f4ad8453e22c589a

SHA512
dd2dc14a6dfbb5e8544bbcdb5d87db67996e847feafca72d3f9bff7180dd0232b228fd5aa08f7c4a267d248ef999367e9d3b3bf73953b1f5fc1833931125f7aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
26KB

MD5
78b105648be734f9d1c4ef54b2e710aa

SHA1
ebc5bf180157402e96c36547657d0a190c824fd1

SHA256
bb4752ea48a2f6860f83bc7062d79d963b941fc85cf71586efcf4853decd8979

SHA512
673b71f1a333b71becf3fd7dfde2130ed5b5debfe5df7e57e2eebb8a60b904861054ed57aa903704a3c1b08def3ac7f0b8d795102740b646c4cb66fafe312998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.noff.gg_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.noff.gg_0.indexeddb.leveldb\LOG.old

Filesize
386B

MD5
b0f201a4737da235fa55dff6575c7ffd

SHA1
6cb9bbc0671e88891afe29a2c5c5da757e0220e2

SHA256
88221fb54a10d8153bbfa5dac4e6bb42b30c3c5406d69a6b2c78181bb41c561e

SHA512
9cf57d4dc20986512c41cb7ef7d8521d63aad2d5675ad175a22fe6a703a107571a315c7038e89557593fd5573168577a0a73b04ea58fc932dfb084b1b5a4e6a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.noff.gg_0.indexeddb.leveldb\LOG.old~RFe5855bc.TMP

Filesize
343B

MD5
26ca8f0db76124696ee2aad948f95edd

SHA1
ba7cac02ca4c55429420adf7bf1ae17b4db60b57

SHA256
7bd8c9a3142372d23f887edc3e80f355303f4cca8b4775b510847773a47cc364

SHA512
c6eda94ca990660bdc995858d88a2c7717007d9abf859c4fd25d871f2e010e54dcfdd4c965dff09b24fb8c696eafedbd37f5a7cd80d555858d65e532657b85b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.noff.gg_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7c6733c89a48045f4d7043686505a462

SHA1
c002ef6117270ce71eed601df9ddc380ee95713e

SHA256
48be788e8c95b8d1624605b4fd3b9710ce2f55a30d0b853f29e34a22330ee96d

SHA512
7c9f98b7998bfdc9627bc9bf9b45bd5bd18f4c2b0c87ee4a48bdd4f442b565dff55ac4f6651308d35438f2a1c54c32201be535e112f4517161e7cbaa838cf986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0806aa689e35f774b39e39cceed03191

SHA1
af507ad46b1c903b8f93a045e39ffb2cd7ab9b37

SHA256
44f5ebdf05bbad4a8133f6cb9bd32878338598c371e2434bc31a45e7a9fe9735

SHA512
616226ed946e1dcd8b9b178db0041985fee77f8e25543c0e6b1264351b7c5b6aeb15690a6ed0703834403ccb4d4eb5e3497c54959a93dd94588a3d7bb7f67ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3c15d389566ac68aff13324ee096566f

SHA1
949ea201093cb751d41fd91b73332d0b6035349d

SHA256
e76c6fe910e2d10dc8316af77b8e36d63b6548e48713424563a17b485e8f071d

SHA512
53e47fa323ebbbb2628820fafa89cd1c10a9476b73e9944f0a9b24e98a0d42e51a68d44242b42d0d1e115c2570b320a38927a804a94382f5aab4c08190e234be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
974de3a44ddd2e367d3a498c33c479be

SHA1
857e22292ef85e6394aa8b5afd23f5c884eae4c5

SHA256
1a8033c3f08d60357a0b5a1d5a679ca07eae1450dc816c299540ac0832965bd3

SHA512
70255d48dc4bf850ff4cd4f9add5c5ad5d86af4df575ea7d7c4aaa96a7534308fe1edc4f5562c00567b475dab7451151bcae05e81e489667637323a223177247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
269ab626661f328df421f4aff16a68f4

SHA1
d65cb6c5dd6be388c80511210c23fd6b5a067b14

SHA256
cef6c98e9ef413fe7bf04064500fe3b39ebb37d9327245584031bd5b99136433

SHA512
f551d34027296c755779b43a9da4650bfc706d7c67d35b60254d50f0025e6b0bec04c6baf0d70482214b5c2677cf9c21e416fc42b221b266ff2230b4c4545c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58405f.TMP

Filesize
538B

MD5
16f9ee324666acdbcb7318f1a5b8a800

SHA1
483c4311cd39fa46d97da6803288a2da6b31e824

SHA256
5a7032c2b3817e413281e387ed266c380a22002912fc304374db5bbc35de3ca2

SHA512
516a7be46f029a86c51671c2879f326ec59f05c31d6ae46375105b9b79ba717c5fb435d0768a6df9b880922fbeb193d65d87fea4853a5cbaddf4cd7d6057afb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2e18c137632600d7bff3f21c3365878b

SHA1
95f7300f56375f65381a53de467d20990ec466b3

SHA256
dd2f9e8f1c42fdeec9b34a44e8c0f708a357c521c405ed6ac84a51ec38b8390b

SHA512
b5d47993edda269c67e47a6ef0cd5d687574bb29ce6ebd70a9c6a2a1ed190b4386d0f7fdb706db016a95b73f6d2686685e773c2bba18afe8404cd58ee426298d

Download Submit