hxxps://www[.]taskade[.]com/d/PyUdzKbh8eusvQ1B?share=view&view=LjyQRVQv2uoEZ88Q&as=list

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 21:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.taskade.com/d/PyUdzKbh8eusvQ1B?share=view&view=LjyQRVQv2uoEZ88Q&as=list

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1180	msedge.exe
1180	msedge.exe
1748	identity_helper.exe
1748	identity_helper.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 2964	1576	msedge.exe	81
PID 1576 wrote to memory of 2964	1576	msedge.exe	81
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1268	1576	msedge.exe	83
PID 1576 wrote to memory of 1180	1576	msedge.exe	82
PID 1576 wrote to memory of 1180	1576	msedge.exe	82
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84
PID 1576 wrote to memory of 3396	1576	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.taskade.com/d/PyUdzKbh8eusvQ1B?share=view&view=LjyQRVQv2uoEZ88Q&as=list
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab20046f8,0x7ffab2004708,0x7ffab2004718
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,3839972614197361061,16361213170496313386,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4644 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\32f4c114-bcd6-4632-a4fb-e7b4ce29debc.tmp

Filesize
2KB

MD5
434a5526848e0c4c74b888a3fc43f1a3

SHA1
b775638e9bb6f51a2b280d069e625034a8048f1f

SHA256
5f90d91584c583c33b912d4f81d0334b0c82069f0df08928e29e3d98d4ae4a1e

SHA512
570cc9cb59abc48d210dddac677d798fc8ca8b506679dab0c6f677b485ac74f1b7d15c2f903b8f914d04491b356d82efcc1edbb80613add83d602d1035a7f189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
4aad0ab5e5ce2f1b4ccba2d70d7ea7a3

SHA1
fafd96a73b0a25b9e3ed811dce0ff78648947f70

SHA256
84c5fd7bd3cc3e4015b69a2e32006d4d8e53677c78a0a105b9036064bd6299cc

SHA512
b7e6c044093a8b1ada1bed82cc87439a37288119ce8b312104b58e2f73948b96d8645fff060e82e7fd3e00ce9afee46f1b20a7854118695ce55470fff9c0eca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d6e6bffdc869942f2764972e971bff81

SHA1
95731f81ea39cdeda0239fffda8a4a92a62eebc1

SHA256
79e310dee5bc81c2a84dea8b7bf0e4464128ec9582f94d0956d03752ff3052f5

SHA512
7bd97e656c395ab3dbe70b61869f1c3694b9dc4f8c1b63f44164c3e92553b24a0a7a83dcf29adfab260ed1d3e12aeada0a31855061ebaf6bc16a6077f926324a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d5f999d98e79d2b838fd7f9a3923d3a

SHA1
ca730f3dfd96a509b8154f1a6b0d2fab9be32aae

SHA256
54ad2633e6e8ca49c750d439bde1ff48e3307ba61b094905b26b619c12b0b343

SHA512
30a2a439f2d9b1ee4cac0def9ba8f5b885bc863b2e353c7641cd15552f05876e488cd23b6037eae980bbb77633e998161b23c469f8c4a4396e22b2cda0b651da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30113d6ab550e9d73d12f1884268cb26

SHA1
c88a39dfe6399a89d16e4d60ebedc0b70a938e40

SHA256
9d05d7452edf26eb42ec9aeb124083822a920a129fef31aee7f7815ec5c53b1f

SHA512
d2cf7d115c9978c2c8a9a555bcb7afcc2b2ba861989231814ee1125e6ca6d05c10656033b84c09d33822d83f4cce0357a892c825ff11832fc96eba0c1b37d789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2c9a36e7e6eeff6f1c13a667c924faaa

SHA1
00a3bfa696fb0aadebfb2f687ea5867765e406f8

SHA256
59b77eda46c545db571ad8e0d7a47e2165d51286f68c9c93804fd4b44ce2b8b5

SHA512
3124eb8d5bdd60957b83cb99798ca04e6581122202eee20b0e8ef6b021f02ee35bb80cd01c3d77089b1282e335e020261c3d561f169be24e974abd9652e5c2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35af7f75c11bc1858ad46e15bbeba574

SHA1
0807f0b503f997775c36f758875955f3c342a061

SHA256
bd815bb9ba29f7ba00c16a318508397eb99339bd2ebe61176f7ddad03f0baa11

SHA512
c29061f545e5c0573941cba3d798dcff7bf3283b0bfcfea524e1a4541c79130253ef341d6c4587e017e23331294ae05b19fa6fe461408aaba5960ad2a5c80378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
29213338df67d29d6454ee5d61ad3970

SHA1
8c69ca76a2e639060d5ce835a9600e6ea3764a83

SHA256
d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51

SHA512
14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
368db29520c41f4abc086005f85fa3f7

SHA1
5885eaec35041f53e6439280bee37c110ea32187

SHA256
9dc7cf9bf982d8d9e6cca02416ea3b8ec63abbf47371e8fbc40946ab24179c29

SHA512
3a7b85b8fb44674bd43129e7493441c96236ec3786171d0f2b821b2572fba38f54045da192792e8c8a6a0803ad49c0d06cf408cc240d563a91bf89f410af5f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d225.TMP

Filesize
872B

MD5
02d3bd9bcdf5b8cb0e4a67a17fdc9281

SHA1
314fc110341cc2c92db5ba41452a9719c04f4604

SHA256
2c5fa02d6ad0d96062adf1715c3809c0b8c5630e2d6dece631f0d09d829a9f97

SHA512
932af9058215b5a1677dab5261a647a3acc71fdf99bf4a59863a8a6495ac383ffa3eb01de135cc8e0e20927c3ce4d04d35be284e2ad4ea89ad92a7b3968c20e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0edfc87adf22e675711f08ee663458f5

SHA1
67dc21ededf024caa7eaed671d6fe911d37b0f94

SHA256
a4276553b4d28bc80fa769403fd2f9665d50e065165c1b58b17e82f54cdaa546

SHA512
27caf85cffdfca926ec049f01ae4b36f0c6c5880c4229d96773df6987df610f350567134278aded0dec2448a031059df2f16f46fcce36cc3328935f27c0b7169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
45c6baceb39ad11f207046ecc69c7943

SHA1
53aa98dae5c9c24fb88ada9805d58abdbedae047

SHA256
0be0b3475de6719f3294b7e1c5258e1e1ecf004291d699720ee4ce8c828c5bd4

SHA512
a6c2582f87c54a96fd49feb387c452adfe6d8c5caa08cdcb2ab475c4310e57b06406a2afe85a2f6ab1950a87d6e5428485fcf45e23bf8167a6fbea48ec28dc13

Download Submit