hxxp://iedcn-4iaaa-aaaam-abnna-cai[.]raw[.]icp0[.]io

Analysis

max time kernel
47s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2023 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://iedcn-4iaaa-aaaam-abnna-cai.raw.icp0.io

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
672	msedge.exe
672	msedge.exe
376	msedge.exe
376	msedge.exe
4188	identity_helper.exe
4188	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 928	376	msedge.exe	85
PID 376 wrote to memory of 928	376	msedge.exe	85
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 1028	376	msedge.exe	87
PID 376 wrote to memory of 672	376	msedge.exe	86
PID 376 wrote to memory of 672	376	msedge.exe	86
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88
PID 376 wrote to memory of 4356	376	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://iedcn-4iaaa-aaaam-abnna-cai.raw.icp0.io
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4bf946f8,0x7ffb4bf94708,0x7ffb4bf94718
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,12759957038337678839,4352597538444479110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12759957038337678839,4352597538444479110,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,12759957038337678839,4352597538444479110,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12759957038337678839,4352597538444479110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12759957038337678839,4352597538444479110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12759957038337678839,4352597538444479110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12759957038337678839,4352597538444479110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12759957038337678839,4352597538444479110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12759957038337678839,4352597538444479110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12759957038337678839,4352597538444479110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12759957038337678839,4352597538444479110,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12759957038337678839,4352597538444479110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12759957038337678839,4352597538444479110,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:1764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d8f4eadb68a3e3d1bf2fa3006af5510

SHA1
d5d8239ec8a3bf5dadf52360350251d90d9e0142

SHA256
85a80218f4e5b578993436a6b8066b60508dd85a09579a4cb6757c2f9550d96c

SHA512
554773c4edd8456efaa23ac24970af5441e307424de3d2f41539c2cf854d57e7f725bf0c9986347fd3f2ff43efc8f69fd73c5d773bbfd504a99daca2b272a554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
ac6d83141168c37132d875d20a6838b7

SHA1
e4a943af1123dd651fce7a27cd5849cb8aeae846

SHA256
b5dae89c2f98a55401da590279dbac87eb61a69aa5e3bc8b9662d6236c8b0f11

SHA512
45341c7b82f44185cdcd10326bb0d7e6a4f63c2be96144aed16e03e249e53051ef0ab96bde634075f4539732430a416ef5c72dbdbf859d03e2203d065241f5b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_identity.ic0.app_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
20b1404d6c564a8466dcc8a8a8c7b194

SHA1
ef817391041110f850e87c2c3d499fb5f7a0deea

SHA256
96eeeb24be43313a206ded81284adb5699dfa350e309ff87b79c9b708c9024f0

SHA512
7cc0690a71cf7e7ce32847db554e2dedad68e9ef34d274303f44d68265fafec30daabe31672140c6b658ea210c430e9e5a181fda0418f63278e90eca1927b82a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f2371f72e6bebda53db645e1674c0e7e

SHA1
04ecd18420188c235ee3ef03051b460dfbc7948d

SHA256
a68eece2e7e5e16787f60563f8013680b3ad965570a2f810085b083b2be2162e

SHA512
034a98ac7a5c8706623536d5dc1e3620a6502c6c058e89bfca9211aebf95a5c59ce03b305a94728a873336556dd4bfb700c26d0b0d72eaac81eb4f1bc8c0ee97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d985875547ce8936a14b00d1e571365f

SHA1
040d8e5bd318357941fca03b49f66a1470824cb3

SHA256
8455a012296a7f4b10ade39e1300cda1b04fd0fc1832ffc043e66f48c6aecfbf

SHA512
ca31d3d6c44d52a1f817731da2e7ac98402cd19eeb4b48906950a2f22f961c8b1f665c3eaa62bf73cd44eb94ea377f7e2ceff9ef682a543771344dab9dbf5a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bbadebd63b4d5d39e94b05a295b650536a70303c\b8b86096-c86c-4c09-ba1d-2b80b873c016\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bbadebd63b4d5d39e94b05a295b650536a70303c\b8b86096-c86c-4c09-ba1d-2b80b873c016\index-dir\the-real-index

Filesize
96B

MD5
603378e4bea622c17fa9b77bfa1467e7

SHA1
c809634051c8c676012acff5284dd217ee85b09c

SHA256
366ab80559a7336994a60863f0fcc29d50094c2f4358f9d3bbc946c94d64aff3

SHA512
8a5dfd45c2142161d43dbbf1e7b28f3499115850047e911e7b9ebf56878f2de0c4d95e1e0bd360ad099b7f6688e62b9fde1cf208938d669a8a4f5cd1555e7630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bbadebd63b4d5d39e94b05a295b650536a70303c\b8b86096-c86c-4c09-ba1d-2b80b873c016\index-dir\the-real-index~RFe585a02.TMP

Filesize
48B

MD5
6656739504a628d2974cb50a2ba8680e

SHA1
4b6824b05fc2ee714667c8198d9f938408d1cd12

SHA256
608961ffa994410a8869efcdc59f22a7ce33d880e4053c3870531cd5962e9086

SHA512
9f09084adde092b68fb2c1566fc0a51e8b8344c8f5e5e8c5590403af657662cc24dd483049b9b360c132cd3efefadf2e1045ccee1993931108ab28a99ae44814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bbadebd63b4d5d39e94b05a295b650536a70303c\index.txt

Filesize
246B

MD5
21dff286148ca8974090b76a97c60ac2

SHA1
45ce396d788119fbbc4cff7957d4d4ecb5df3985

SHA256
ed4a5930b2ede804a17fbfde4a3152be2389e307b45f4b8801e4f7ca9bda8b82

SHA512
0e489522de4af1886ba07d5e53765bc9ac61523a698622bf91ee47b9f6dd03d4e0c2d46bdfafa09020f25e0d5a26746ce17afccfde20a168d1af5ecb54232f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bbadebd63b4d5d39e94b05a295b650536a70303c\index.txt

Filesize
301B

MD5
37c8c1d2bd28b416c915bc086081f8d1

SHA1
3f0e45d60d7eb1aa7a8b201b07fa6d8560abd220

SHA256
872c6fe98a921630363dba1d83b1111c1181513f9de245f198b634d2209c5e27

SHA512
5d532cb326fd8091683066b8f97a90ad65888afdbc88b2e240522ab874e97e2a0ef99d890d656dab35f1725d235d1c689f5593c53ba8829fa6f5da3bca3b688f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bbadebd63b4d5d39e94b05a295b650536a70303c\index.txt

Filesize
140B

MD5
a92dfc34f56c08c420b114943fc60110

SHA1
a378c71c0e61d17236bcf74393e1c2cc87b8e187

SHA256
9a2058f40a6605a7b2929b7535422b8448bfbaf4f3408a68f267e8b831a6eaa8

SHA512
a5770e97ba588adc2044421026100d8ac0a777e5275ec5232198a43cca77e49e3af58baf4a27ed093f6d83edbd2044679b1b6fb058d7dc8a94dc388e1729c2d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bbadebd63b4d5d39e94b05a295b650536a70303c\index.txt

Filesize
294B

MD5
02759cfc6dea4352989f0486d8be2119

SHA1
bdf1ff550b065a66781845260ed1e4253a67bbf1

SHA256
2b0b4676c1eb57c91ece54c5a0051896f4e3aaef32ab1a54c921a8d9725773f5

SHA512
61147c1aa1853d96531ebb095f2e142df8b6ec59fbd1cf80b157f734bf74beeaa76705b76157e106f40ac22ab203b2b409fdd29afc4136f3316feb559e056178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bbadebd63b4d5d39e94b05a295b650536a70303c\index.txt.tmp

Filesize
194B

MD5
8777455df1662a77094a8cd77738f602

SHA1
12dca5c4c98d4332bfc1a2b5fbfbfce2184b4227

SHA256
ee2753d28cd6e692c72507ff79cd071d9d3503be451a60ceb2f38916ee217282

SHA512
c1d7f6ad522965dfe2c99a0caaf2c7f4c9be8d141cd1ff17d6638c53e7b47f0282c7eb382ad492ad0795c1c07c200b4a2b48c67081bdf40c77f5ac990c5c3df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bbadebd63b4d5d39e94b05a295b650536a70303c\index.txt~RFe580088.TMP

Filesize
87B

MD5
ec0505c33ef650e8b64a3cda661dfd4d

SHA1
669b110d2ddbf267bb03298b53e246e6a5f2bc7a

SHA256
eed4c1cfa9ac7a78ec39650d8be89c9db2e8f28ee1d920cf4e6aebd5f6b84a87

SHA512
09f6b331e8366bff21f7a89235755386ee161f414bbfb34abc9bedf3e3f2bffca9a25d2cda6a47788c685758cd1507a20bc30bf5d9c154e82c078438a29ba1e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
daf1449937a06bf921dc91afd3bad1fc

SHA1
9360f521c1316fa94084220a80f6411d4e18d2f4

SHA256
0bb46ea1fcf81b022385abf6c4c0a8bed18733448e37ec1681c3353a5c7dde46

SHA512
253723625ca66ecd70bfa1ccacd5b38b6dc03dfe2d0ea1002aabad089ceeab28edb1ba8b84b18d320f37a69bb050ae93386d7a1fac9d5244f9e37e9dd1b98421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5845fd.TMP

Filesize
48B

MD5
19865029b658be5f8011dec06e88e251

SHA1
8f44c3cd0e1f2ef091c2e79726969a10b2467631

SHA256
6302842b0ab638410fd65b835b9dff1c8de80a91f3d883c550b2cebad98e4226

SHA512
c92d9ea8403689b681b724555619d7a37e4fa10d597bbba5c59d0460cdb11270d469e57e71bab139287a9d1d26cfea0e7a73d4dc9a0d565eb002a2fc33d3dace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
532B

MD5
d4cab2e7cffc1dd6a3386aa9fe59ff5d

SHA1
4af2fbb00c5ae19e2aca3a4dba47bd82592a6e51

SHA256
41dd3830635fb41d8170cf1738402fde750126fcdc251f2461f7af36e3458ee1

SHA512
88f1a4ff1c2ee6bc289f25030ae6fc97a5d1ada562f26baaae6ca827a7e615b7e4339b8c54e56aef1b9440ed327b8ed305bde02fd281724a8680d0ef5add6bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58311d.TMP

Filesize
532B

MD5
91ed858a624fc03985b6494d9968b2ae

SHA1
30329a4059fc809dd3a49973ae45ff9b25dfb6bb

SHA256
4e2d32a783a95d0a1e7a055fd33dfc6e3fa019705e9d61f04b55ade3db2ef2b9

SHA512
18535f3aa5de83b95159bd72f7d849cf8a56efadfa85bc9b0d2cdc85721117e8bcbb3502414cd2ab3edcb68172507977afbb02f03e64d48d9458622838222a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
06453f780eb5a3b3035fea144c4ed806

SHA1
77be7b106028af7e49bcfa0417772a2f87135788

SHA256
bb3dc89e849eea85413d9188969377929c3900cf67a2718916100602ef70bc0b

SHA512
ed095724c81b629b2261f77e8e7df0f05ce6c8b2624b69c9b949f38bc1cec2838704f29afe3ab48320d8cf43565a39713d557a32ce1af56b8075762b05ec48fa

Download Submit
\??\pipe\LOCAL\crashpad_376_EINJRPABIXZKYHVB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit