hxxp://riversidetax[.]net

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2023 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://riversidetax.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1252	msedge.exe
1252	msedge.exe
4912	msedge.exe
4912	msedge.exe
4560	identity_helper.exe
4560	identity_helper.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 2504	4912	msedge.exe	47
PID 4912 wrote to memory of 2504	4912	msedge.exe	47
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 4176	4912	msedge.exe	85
PID 4912 wrote to memory of 1252	4912	msedge.exe	84
PID 4912 wrote to memory of 1252	4912	msedge.exe	84
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86
PID 4912 wrote to memory of 2240	4912	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://riversidetax.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff912e746f8,0x7ff912e74708,0x7ff912e74718
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7599094935189962076,2499892346062680483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7599094935189962076,2499892346062680483,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7599094935189962076,2499892346062680483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7599094935189962076,2499892346062680483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7599094935189962076,2499892346062680483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7599094935189962076,2499892346062680483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7599094935189962076,2499892346062680483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7599094935189962076,2499892346062680483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7599094935189962076,2499892346062680483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7599094935189962076,2499892346062680483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7599094935189962076,2499892346062680483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7599094935189962076,2499892346062680483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7599094935189962076,2499892346062680483,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3444 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84df16093540d8d88a327b849dd35f8c

SHA1
c6207d32a8e44863142213697984de5e238ce644

SHA256
220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c

SHA512
3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
1859870c09daeba77a0d6b9505f15e6b

SHA1
efdb6462a70a5f08ccc93517cfd6b9320650ca0e

SHA256
ba4b9c773a584d0fafb6eec80b93aaca0b0f0880909ae4045512337871f8cd60

SHA512
2086a9a8748aa8f2b6af12c6151bd61b5c15fc1e67d4b7c0fe460ed238532244eb89cabb070bee50fb190b8cea705bcd46e0d0d30f7992b78154cce85f9097a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
341B

MD5
b63ddb2b0637fae465d03db8641d4d64

SHA1
5713641a2ce457ea39ef9415bcd415aedb26a800

SHA256
cc7c246fc3a4913317e736280cfce625ef9a18767596e6c0408f811d9d1f93c9

SHA512
5340d45c88252f6ad7aa51ee3a4363d8d867d90e628520feb9362d4bd7c4b0345a83e9f00307a8d85e1c4097417e5c10cb28c3845d98c4f530e7c5f55fc09d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4e0ffd7b42569b282fbbed9cd2f98ee8

SHA1
e124a9e0979d4d4c2b8ed1e963903b1d567e5049

SHA256
eecfcaec796f1ddd92947abb097ae920ea4c0d23391adb3278b077788ff32e02

SHA512
0fc943c9976df98d06b1a4a9df5274582cc4266d34675235805cf5806fc49dbb38818648d1714e9941955edeb1fefa01469df090809901cf9e4df4f532d6977c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd3712ba35f1b0ce59ee57e020a8aeb3

SHA1
8604ae9274cd3589d6d58318fbc0dc2a0544ee19

SHA256
dc8164be3a058aed12694a1c76871eaffb91ef92a1b54029edf2631e096e0aa9

SHA512
41097c3380fe51c61f8b9fb56671891b975092197e2b46a437b5733c9c96bb24f055dd5144c9a32ae7f8283d2820c6f3a5517d21333ba667fcd370177369c6c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
918ecd7940dcab6b9f4b8bdd4d3772b2

SHA1
7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4

SHA256
3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175

SHA512
c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d9b57d41b188700aa7bd6fe2ff17a2af335d0cc\f739846d-8543-40ba-b751-ea508e0117f5\index-dir\the-real-index

Filesize
72B

MD5
342cd8a343f38129b373ed8dc1fe58d0

SHA1
d5325f286abfe93c7e7f1168262fbeea6bd6b957

SHA256
3da2276ee48b6c0605d956fad350d6b3d7b2101e057b51ae269b59fff6c2a61d

SHA512
7d16de160453ce4f70ec30be86fd2572e6a5b4c55bced88884c9fd6a41edb58c1abdcceec2eb8b17ba3cd4a1c53ea93a120c84ad3008b686619cd1c4bf022efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d9b57d41b188700aa7bd6fe2ff17a2af335d0cc\f739846d-8543-40ba-b751-ea508e0117f5\index-dir\the-real-index~RFe57c1d9.TMP

Filesize
48B

MD5
55e2944c97849910c593cf02744fc2ab

SHA1
025776c2cd8b6fc6886a13f66dec78caa6e60200

SHA256
778f4560a24058cfc5647970e87f33d147e2798480446d8daba308472a000e9b

SHA512
fbebdbac54e584165a3c120bea5cf384318ea3f9ebc025fec539656a6a6164178353cc79d67680b40af5973d80db81366f60db5eb9f083704112dadac99cc3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d9b57d41b188700aa7bd6fe2ff17a2af335d0cc\index.txt

Filesize
127B

MD5
48ecead317b826749d77f15864cf00a9

SHA1
0a966c67220d35a6cd3cfef260c1026d1f0af589

SHA256
5bbc99141d3ef778613288375068d4d0cc8e0593552ef91af0c604db366ed3b5

SHA512
d78b3b22cb6ea4fb8ac481342494e86ce3f7191a9b64a67a256bfc7556a443abdbf850dd50908684941037ca8eed49efb7f4ba3211b904f692a793de0fa9b952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d9b57d41b188700aa7bd6fe2ff17a2af335d0cc\index.txt

Filesize
122B

MD5
0dd9807695af3fe2b47563dba21aa908

SHA1
723da3a0f316156eb19ab75aae52cef844cf3985

SHA256
1522e13cf81dac3dee58185dcd1b5aaeb0c914a4591e957b9f69d10c05ca0a20

SHA512
a360be873d20b339f50c4be72456971b8ac8c565b240e4679ab5ec481d5b0c0f8dd3fbd6d0ce17009d8275e23eed9f77e24538a7dc39123df8b04fd13ec2404d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5c73a856997d1f7ebd7e1d180109fddc

SHA1
44c6770f83eef0c07ac3ecdae94a38fcfad7e2a3

SHA256
0ecff11b418bedd78e6e142f99736989877848f755cb316124e8156cf647bff1

SHA512
0e83c14c2c71d60ae80ba62025bda20c3fe9ab3044f4180b9b156c05f8e6bd56cbdcb6d694ed7d18d29c2909d0cb8413752e5dcbcc70e06aaaa2e077258460a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c14c.TMP

Filesize
48B

MD5
84690a8c1da808d2432ecb183c36c461

SHA1
b419fe27df6a33a48f8aca49154cf0f665f23d21

SHA256
a904effd9cdb5f70edb0bd26a1447830f8c9c46849325782723ad9dc8ce36da7

SHA512
e94b3af88c58e007b56b34d9d414ea90682e911b7541eb0d56ed87039ba9a4651fe04c09203863a4cb61b71022224b01af32b3019a888e3212e95b3f2eebe091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
b297957b496dbb7076e0c69456a55883

SHA1
4c704d12eef55c22b19e1509f9a456a4ac4f6fa4

SHA256
4c59d40e80c1d13652a595199352634df053910c7207cedb16a814a604491f06

SHA512
df872b104995bf75ceadbcce83753e0563b1142b2e401b420cf58d3b921f901423bbf6b3ffc9bdbd5340b9f90552f224295efc7e1d73ee8889012eefda9cc45f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c5c1.TMP

Filesize
203B

MD5
5e4a84361445c47b34c843fd87d3715c

SHA1
1d9171e0ecda5cf8197c15e075596a3963f4feef

SHA256
0309dd93721a2f90efa895c72a0ab8da6677cfd9f7d5e369ee617509b6ed7fe7

SHA512
a10d8e056eb9b85ba731631d05c2d545d4d14c5da190086cdb26c54ed4b49be735740987024f2720f3aa931acb496d8def322d9e5a8233ba03ae1c60deddc007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
141f22abe8633f473c4fa026e2bad8b5

SHA1
9ec7bcf6ca8c53e68dd429198db8f456954f7b99

SHA256
aa83c331eaeb39ba43342f89a33674045194b2a832adc2e95b89e255e6d557a4

SHA512
fdff424142047496ba1a0845aced9e8eb98bf7141812aaf93b4f2f5ba6a2ba3a52a392194a4d941dff5b0d5c6200f53ebfe97d5a9a897dbba2f6e50151d45567

Download Submit