hxxps://www[.]google[.]com/aclk?sa=l&ai=DChcSEwj-sYvD2v-AAxVZ8cgKHV2UDRAYABAAGgJxdQ&ase=2&gclid=Cj0KCQjwi7GnBhDXARIsAFLvH4mBNDFv9x0wjP3QZRN4ItTqK9ibNIFFg0kkBH0QtIBUcKEqDt2dujAaAq6sEALw_wcB&sig=AOD64_160hd3Ngyi3tecni9md7TRDTHRDw&q&nis=4&adurl&ved=2ahUKEwiswoPD2v-AAxWTFVkFHTU6DtQQ0Qx6BAgGEAE

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 15:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/aclk?sa=l&ai=DChcSEwj-sYvD2v-AAxVZ8cgKHV2UDRAYABAAGgJxdQ&ase=2&gclid=Cj0KCQjwi7GnBhDXARIsAFLvH4mBNDFv9x0wjP3QZRN4ItTqK9ibNIFFg0kkBH0QtIBUcKEqDt2dujAaAq6sEALw_wcB&sig=AOD64_160hd3Ngyi3tecni9md7TRDTHRDw&q&nis=4&adurl&ved=2ahUKEwiswoPD2v-AAxWTFVkFHTU6DtQQ0Qx6BAgGEAE

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
4272	msedge.exe
4272	msedge.exe
2280	identity_helper.exe
2280	identity_helper.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 1052	4272	msedge.exe	83
PID 4272 wrote to memory of 1052	4272	msedge.exe	83
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 1388	4272	msedge.exe	84
PID 4272 wrote to memory of 4632	4272	msedge.exe	85
PID 4272 wrote to memory of 4632	4272	msedge.exe	85
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86
PID 4272 wrote to memory of 2796	4272	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/aclk?sa=l&ai=DChcSEwj-sYvD2v-AAxVZ8cgKHV2UDRAYABAAGgJxdQ&ase=2&gclid=Cj0KCQjwi7GnBhDXARIsAFLvH4mBNDFv9x0wjP3QZRN4ItTqK9ibNIFFg0kkBH0QtIBUcKEqDt2dujAaAq6sEALw_wcB&sig=AOD64_160hd3Ngyi3tecni9md7TRDTHRDw&q&nis=4&adurl&ved=2ahUKEwiswoPD2v-AAxWTFVkFHTU6DtQQ0Qx6BAgGEAE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa27046f8,0x7fffa2704708,0x7fffa2704718
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,726925227189332043,2026334038928183402,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3590c7788f1f36717cbd298007259a6f

SHA1
9e9a602016435a1d642e18a54d8d6589f938a5bb

SHA256
09a08de2fcd19e304c3b8f6e04f5e4da257a3f18759827be4e9c6af862412174

SHA512
07df3ee7e2d4a313c996c6b8451450556a75e5ac8e4d10595f255164fdd25d6bc596ad579d90f6496c78a15a3c6fc349d748dd7c5f4b2b51d330c52577e2988a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
5034400067c8409c85184372091c5305

SHA1
7460a49881961bd4329c11811449547b208c134f

SHA256
09b07fa2dee506535d6bb34312285e491beacc096fbc66435f525266fdb79185

SHA512
b4df844e8102b9a6fd978a0274f68971c5a07211047a193e60d61a5019be8d1c5248b66c6193cbf5991d92f51ca1d1af5b47541de0507c52151cd0a542649b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0b41fc1257fcaca1f9ee8a06f0efcb40

SHA1
53227d41900d5c2b513565a1a41eeeaca4a95a60

SHA256
42f5bde51e9a52f3dccc2d431225692a3a738041ed323dd6c8e19cbf50ea8267

SHA512
f9868a28496bd7e0149ad2476048b346828126aca4bdd0f4e32bee721db92e6664d6f358236db6df27a0344948bf3eeacf707a83a870988eb9517c158863e92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ee1eeb6ada98a94ca64e7dfbd5263438

SHA1
272910c08a5546ac04408556eaf79d6439fae0af

SHA256
2ccdaa89e85acb0648b8129a4a4f5d1623dab3396b444d9ea6e57cbb52182871

SHA512
8dafdb4fdc255a2199dfe794d959030a29a5f220be88f7c6bbf6c88cd1b1d401188546b37c3d6f09af039805288b99477cb37efa03fc90aa42bcafe1506723de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f08b50d340963d6bebb31956ed13b266

SHA1
83e2430f4e41e9bb30411172d91ca73012d9adc4

SHA256
9885fe3bbac3f715ac90f289007ed2352cf537fd4e6adf266d956fbd35506e18

SHA512
e71c4558bd98a5c2627430622e8e051af5e77d444cc8479f219eb1d3c609a89c0b8a413ff879166f8524f56076452bf13cf2d10da66edd8a9e0f1c0277885e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2ba8d882ee9f4ae3313bad4a36ce17b6

SHA1
e9126e8639b1f626d84a1dee8432bb810a552306

SHA256
0726bd8004d21594b4109e10853c5e37baa869a533b92f14125521252c8124b7

SHA512
4e6a00cb63f95d37be0e6d31e9b3e9fd511cac679378f0d7aacf6868f5d66447e3a4fd4614b9bc1984338868947116e7e0098765edd9c248575f8d8f25141c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586ca0.TMP

Filesize
48B

MD5
fad0852aa64ce67e920c857d750e9da7

SHA1
525bebee8bc3808b210ab794c0f4c0a64f29ffd1

SHA256
3ce61ef8acd0c298e58199f5ff488673406112b1d8f999208e637df2fb58f9e8

SHA512
bffbf61c5068fa83675bfb47137810b278bc569fd4f0431ba8dd0f238014da22a99ba5a3af36faaa66d9cec4b3e19c6a190add17db9aa04b00310d67e5fce044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
462c55a577838befe4eb25320b0b051d

SHA1
53637bd744fa7eb1f780560838608c45a413fcc3

SHA256
f10aa880ecd3949c76c3bb9512a357e627cd479efc6589cd90011af96b192ec7

SHA512
b6784a7920d1f388dde26bf870432c7258da0318c1e882d93b0f32b42cafdfe2abd9fbbad3bbc110d20fa197d21691aa4166549a631ba7b9af291be69ba4818a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ead3abe29cbe2699ce8b0a1ae39986c3

SHA1
6bff3bf2f5003286ac0276f6905deb725fbdac1b

SHA256
8d71282dd14ca5c748a4edca2a71ff47c202a4af75cc0273590f6ceb39882ef0

SHA512
c893eb60f6cfcd7ef7c5cb315244f8c1842a4e8bac16e2938990638c7fa0ca828e638557818c125126fb5429d5b22e0919e84a56976281450072ca4bf59353b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f5e434f416cebc18db628c63af4449f5

SHA1
3c6bd20d59b26ff6fcaa662e2d9087edf2da3ba7

SHA256
edbe145e0ef06a6759cc1d3ee32b60e0a38a0485b16be139513a6a18c71aaa20

SHA512
ce8863f07ca62f55ddeb45175407e1411e64e69a81625466f6726e39f9cad79a58d644afff3701ec0ef6731425deb51476a636a7647bb09508477d36f74d930d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4013370f82189f02064a486f6225711d

SHA1
617b9b740833c3f69e1facaa139c5bb5e72dbcb1

SHA256
e88e7ed610759fed1400349d41cac151c002f484fdba3de410bcc469f16d425d

SHA512
08b1e4b00bab32dc84fd2694ab004ac94eb8db90c94065748aedb1bd3436c3dcb44e2e809976a2c0a64bb5fc87d82964b10ff64c2b482f59fd3247e68bc84320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0ccc3433d09ca86bab188c43388dd554

SHA1
92f9d3124a6353d4f056e9245b16cb916db93c4e

SHA256
dbf8bfa6e04a32766eb3b82395827d32aeb8e23730c817639d164a5e9f5c1334

SHA512
470ac6b272c7ce1d019193315ef21af71dc58fb451483786da73192bf070f57ad7a2c14f1d9dd2e65b0b68a1570365544a9b6d86798424d84da632cbd98d1e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585501.TMP

Filesize
2KB

MD5
b6381672d8f6bd7fa25a506b256893e9

SHA1
78aca912114f5b808f0fb94e6714c4e89fc38533

SHA256
b00b058cbc60d555183ba561ded2d6dc0a2a407a4d11b4786b0a096c57e8b451

SHA512
31cebfc8e926bd755facae279acbbb69ee1bf9d815dc1ac93ebce45b1660b6d05c758a3c13069a4b3f0b645ea86ccb094b2b701a231cefb505ac8b13e031de20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cf6d9883-535e-4850-84b8-11b9be92c1bf.tmp

Filesize
24KB

MD5
a128973ca2ca245299ef7e60156b4ef8

SHA1
d39a437204591bbff98d673e6d1c4f869683ebcc

SHA256
5c6e1f3c7213460c24dc670521adbe32ec76df5e3facc0a7b92a3fa9e340b302

SHA512
bbbdbe2fae61c2a27b4aadfbda2efae2675156dcea6edb8b45fbe83f397f8a1f50d694d8bcd1f53939a277722baf102f3f80caffadfcf0ca80d7408d77d8c490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e19a0e5261dc6cf9450e80472ae5f960

SHA1
68f1c5cc6ad5b64fecf6c06e516eb941c789f9a4

SHA256
11b05c72816ead533e7c300b81a69221ffe0b2a18a36f42995f53d046667b256

SHA512
8aa7d4411295f7dd219be381655409773427640f303cbd2f39abd174d9d7e37b26af39e00dbebfd11493d9c5980a35e2b2c2db4fa23fb9c296ae67a7699f2554

Download Submit