hxxps://www[.]google[.]com

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-910440534-423636034-2318342392-1000\{33E7AFEE-CD3A-4D4E-BAA1-5F963AE73581}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4592	msedge.exe
4592	msedge.exe
4404	identity_helper.exe
4404	identity_helper.exe
4076	msedge.exe
4076	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 1796	4592	msedge.exe	83
PID 4592 wrote to memory of 1796	4592	msedge.exe	83
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 3428	4592	msedge.exe	86
PID 4592 wrote to memory of 4720	4592	msedge.exe	85
PID 4592 wrote to memory of 4720	4592	msedge.exe	85
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87
PID 4592 wrote to memory of 4568	4592	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9a7c46f8,0x7ffa9a7c4708,0x7ffa9a7c4718
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4498961600857407617,1711698063315270522,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a65ab4f620efd5ba6c5e3cba8713e711

SHA1
f79ff4397a980106300bb447ab9cd764af47db08

SHA256
3964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76

SHA512
90330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
854f73d7b3f85bf181d2f2002afd17db

SHA1
53e5e04c78d1b81b5e6c400ce226e6be25e0dea8

SHA256
54c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4

SHA512
de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
54KB

MD5
a101fae5a08e0b70d183c349130eb72f

SHA1
1c9532652b658853407079325c9136c2a199a02b

SHA256
3948bc0b5b59a45dc2df66dee40a6322ce3343e646afeec2d142ba9fdc34fe57

SHA512
142763848256c915174c64e14691d7941dc25a621a152a406fd247a0139ab281361b1a8d4d2cee0e267957a51972e9ad15f3293b13be948d907cf17424f5dfe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
45KB

MD5
4062386a17d0f4c504ef7a9457009dcb

SHA1
3c324aca5adc9edd8046c0b4326b80e66d2d554f

SHA256
97dcbfe2f29fde7729d7f150f61333bcd4d69fa457c5d65a29499aba99477b32

SHA512
54fc41dc2d45383eaa8ea318371acb44948a1eaa958c3cee97db0e31b7e8c88f52622fca4127065c4474fa5b689a9a1e9cd19f4c7e3ab7c7531a42fdb86629bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
29c81a03b79e4d2b157f20f8eee552d6

SHA1
0bef5053baf14faf4aa73e962ee6ddda70fc6996

SHA256
cf3ca3564c87bc66e2febe5e5d35a1e34aeb7dbf6a2acbbf3d964877c4fcf9e9

SHA512
382c1f265dabc9aabab5cd609022245ecd5f8ded09e2af286bcb2d717e701f46b8345860794e86cf1e2537abf824376a08ea14022054b5c185fad4eef2bb6e35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.temu.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a20e65626a108155b324ec586ea99b49

SHA1
85e4e7299c308665b5e77a1de6e8a798317c44fe

SHA256
595c527aa956be7397c1a1a9d43427ef3bd494a4770e054e3499eeaf50647f74

SHA512
fda0c6684a8cded5fde1cbc3872613dceee7bee1fda357b6023631a1a98a86b6bb45195045b5134a25b25b17f5e083c5fca8b771210b3e7a78afc84c46d39eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0dd2d2d7e468e801e57884009dfcfa71

SHA1
333f5e07bf4fe3bbbce2556b7c2adba3bd15954e

SHA256
eb3b06753035a38ef234d3e070453d2a577a1feef309b8dddb0b3f9b49e1b661

SHA512
bc59ba8be2c370ce4c7c64a75e06f29f15befe0ec36dbc51a527e66c0f775df5d9d686ef83d3f32d985c8520183c1decc037840248d16d975a2d02e539960c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af47176852caead6b168ddc805cfa08e

SHA1
5f65d4ecea3b59823917b089264617310e8b735f

SHA256
407410f4d5ae1a4bef2f201fff9e303a7b95d7c77fadd1f6a62e0b23c5b6f8da

SHA512
b8631c9ecb33b9b1da62549ac9719088ca8da9c4dbbaedbda27485b08380de7ec0ac06fb94abc9488044bc251486035e611ae0611a778212321f177ce0c1d23b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0372c1807cf37fab23bfa96fa50dcbf2

SHA1
b26c43cc2a1cd416f331c0fc725fca8779c14bbc

SHA256
ab735a1d5fe92e731b95238eaf48c8dfc8de4a75facf73ac58f970227321b24f

SHA512
e4751d24f6c7414406df4dc03f94879179c73359368446ecc98d39a1bf1141f6c2904291a0e8cce81df44b5b6faf0dc53da9878c51401efe04b191c8f316b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e599a4a88ba37997133c304d97223229

SHA1
61cb8c94cfa11ccdccdf512e56ac1df4860d180f

SHA256
1d0638ffc8669d3c2a7cf396ad01816d939bb3516ffdb1f2fcbe6e0c6d44a2bc

SHA512
c61f004d33133058f8828a441bc118be843a2a7a53268ae4663a22c29d921f1312826e596974fab647d751d12f8aed7a674a4f98fe8fab74af4d5a335ee0cda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5a1be29783aa7a85fa119ab5d0697cbb

SHA1
68b0af7db1795e5aa8e4b72ecee0510e33ac2677

SHA256
8ec5d3ca53a8a55ce407a5ea17ea3a521b2d3c1b5a9e1359088eda7bb82f4058

SHA512
1ce7023daa68c3da8c607bd4b3a6ed5fc554a8e2f383c01ebcd1a7a85d5d2f7fc8995f7c12ebae842f57fa22e8bb4bd022cb61fbb32f165d28e4ffca80d7a690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\31bcd1f8-ee4b-4a29-a9d1-560c493a9e3a\index-dir\the-real-index

Filesize
72B

MD5
7f0bb5166e537bd25a9f0a8cabd0b6d6

SHA1
a038e8c7b93900eb102800e0751fb85fbe222e95

SHA256
9b3476518ca42b6ccfa41177d4b1faf428495cbc8ece4029d7e67175e8817c74

SHA512
f00db66aa766090f89bc076bed012f68b1706c20465fe77fe258c9683c641a780d872f9c77e744bab5add771b241fea8cde4878268d5fa3b8af19c1126e9cf3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\31bcd1f8-ee4b-4a29-a9d1-560c493a9e3a\index-dir\the-real-index~RFe57cb7e.TMP

Filesize
48B

MD5
91005325a51f0f3452e3d1e561e464ab

SHA1
6d2970c3d248b8d8752c8ff189c353b23b384641

SHA256
9ecf7dc1b6e4cf8bd4e1d99a1fc42fb6580d1d1a56b3a4250dffb150d6cc2153

SHA512
e5ec5934a632fd36d1df4c4c66297ffb7a14b7f1fcaa310c9087c573a906e94c665656d4e3775c17fea45198591b74b73fa71af230938ce1d2b9cdc1e6e41fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\9165abc0-d899-4913-bfd8-11aa97638551\index-dir\the-real-index

Filesize
72B

MD5
314b30d5ec479f71ce2381b8fd763771

SHA1
0d5ed859354ffe24fb55313b381b126240ea4c3f

SHA256
c13d35f2f358b5100afd5ef635d66b854d36188ddf744b16235b25fb43ab1a7d

SHA512
925a84016f017983bb2e8bebddec030a6506fa3cfd265623334d9835a87cf2a1fe6166c18aa19fae436406b8b7c1029d3dbc6192c3dc0a8ae581d19d059c2908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\9165abc0-d899-4913-bfd8-11aa97638551\index-dir\the-real-index~RFe57ca74.TMP

Filesize
48B

MD5
573e5f6d43d6b0fd35d3ea88d759854a

SHA1
80655e5e76b4b2d2c7068967a0648dbbf9d725cb

SHA256
c2c2e4caa2ebdcad1fce7b944c886e79fc0cd84f32da0fecbc25658b823a3fdb

SHA512
0c30264304c837758ce97a3bdc38ceac2caa2f09e4863a6d1835cadad203a9c64e687da262096cddc3baff655caeab6d6c8a31a5bf708d22db8b6ead723a2658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\e436c0f5-7ab2-4096-9974-63e69993909d\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\e436c0f5-7ab2-4096-9974-63e69993909d\index-dir\the-real-index

Filesize
72B

MD5
cbf1462f5a606773032b06a4d2c35f80

SHA1
7baa82e02878781f9d12731f8a702fd4e14ddea2

SHA256
506d032631c301e94cb2446dca3239b7a41975fa75354dec4b3765b52d107d70

SHA512
41cf3baa367710a30cb9fb136710c424c25906c0674e35286d2a15be52eb2f48fd04f8020c9a8774812e034a197e3bd71835255a33593213b01f0f6038ed2a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\e436c0f5-7ab2-4096-9974-63e69993909d\index-dir\the-real-index~RFe57cbdb.TMP

Filesize
48B

MD5
7bd537a6bc16c238bd7cc4f0866abca2

SHA1
ed0e6e327ed074ad2b17f8fbce87ff2f4701ca28

SHA256
9a5762b4f8818a34b415586ba740aaf1e5dbd7064648ec3e09a512be8997e7f9

SHA512
0a6fac2cb97a19f2cc7eabfcfd5480c137ee79da76389b23ad4bfaec26236bbb337236ce7490ff7b2031c69586155e7d22b7a6804d1d6a0c7b4c21cf3fc83df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\e8197626-9468-4a11-9f25-365023e3c2d0\index-dir\the-real-index

Filesize
72B

MD5
d8aaa87ef984da2fd1546c44949997b6

SHA1
d718832084d439917c249a96dd57a2a19a91b1e1

SHA256
a62d174fa8d6688477dd9a6a064751800f8322f298ce60166233f48f5bbc15a6

SHA512
3d919312f964011c9561b5e52fd76e283bddedec81c8d5da38e4a2f34545178258ffca954c25c1e6abf22c0d4dbeeff063207ed5c1b743c83744d0f59d34a49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\e8197626-9468-4a11-9f25-365023e3c2d0\index-dir\the-real-index~RFe57cb3f.TMP

Filesize
48B

MD5
305adc082e7467b83a4800657d06bd95

SHA1
533f70576431e97da0372e8b74c3bb5ff41f39f2

SHA256
44b8358b2d1126ab9e6cb052231a931ab6feff84538e6746ff8f7629ff87f200

SHA512
d5bc3a1e328e4bfcbd76ee3de10f5156c40181a6684493828e34993e0b388cdce0f662ee42b57a9022753e8af6d6af7bcef42282fc5f0855869205dfe7180aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\index.txt

Filesize
183B

MD5
cffbd3225a3a53a814fecbf67833e121

SHA1
e9336b562b7b59438576a65cf11a316cc7016875

SHA256
62e495c5a741b352adf1ef4278af84331203910f2204c14d559b501128b74898

SHA512
5885529e63566e159fbf4e345ffbbe185af6d4424be0b15771db478a4cb1331f7cc8260bc61f764de50eaf13cc400edb9416e74e72f212ec4f15d4400c9fc153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\index.txt

Filesize
114B

MD5
0fc0cd7cb0dcee5a2320de47229581d5

SHA1
554019f5fedcf23425f7aec5385abf563c4790ac

SHA256
b23c4d13265afa2589271bc25515e3692a78df57c4e5808b3ec5856038c9db19

SHA512
14cd7ad081aaf3ce756dff60fa9c11f01f7dfacffe0ea100e3b1d66a9162ede7bb52a13445f1955838d971a1f36d7da5537061077fee29152433c56cc301737e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\index.txt

Filesize
183B

MD5
748e8d0b5defa4e1bed1292d7316139b

SHA1
426ab0a90d3047dff30835a92ee90f2dfb0fcc7a

SHA256
11360a6aa3d6efc53eaf613b98b4edcdedcc3d6f10387d357a31f5fc3ecc69a5

SHA512
ca5b21ea6a52e28803aa95e7575eaeca2b0e0876e2ba7b86fde88c91ffa906846db90dd1480338d07ffa36de2424bfdb72a1b91246c459faac5aecfdd64865da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\index.txt

Filesize
183B

MD5
0f7ebe159fb883a2e81eaabfd6e386c8

SHA1
53b20956e9ddee27fcb4f6222563000cf13c7322

SHA256
622662020281199d9c3a0aa9e6e49b0353eaa1ed78d0d9fd1162b6c191cc16db

SHA512
0a47b3787dc61adb32bcd3a08735203c7055d3e0215b84bc2f107eda2a22125d943c25d6b6f078801cb4bd9181da9b248ea308285dba6ff2cc5857812693e23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\index.txt

Filesize
183B

MD5
7e8e6081fe5a6253388c41225ea8ea3c

SHA1
49fcb278d6ba5ee41df5220848ddb7a69e65f192

SHA256
55605e7ce5663128adc3a42a485b882b465d32eae7d44345c3a4c0edb585aa76

SHA512
5f7910086cc8abdf139142a28492f42656cb210d10e94bd038bdd2cdc0ba1a05d31e21e0e6afbcc9d967c1fbf2d426b7d96c922f23f3604b6b332796f2e3d6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\index.txt~RFe577d00.TMP

Filesize
119B

MD5
e61fc8fcfe6167a0cf72586e4bdfa294

SHA1
865a967221dcfaff2a6ecac33fe5acdb8ad7abad

SHA256
816cd3905829d7db78a3e2bbf606abb7a1b64f7f3461456c599d19087223a42e

SHA512
231af6b02155c510d3094d246d8f352c6bcbd91df7f9497b0e871c16bfbe9ef9164f2802d6564e3abf30d728c62ac93558501540cd75b95becc83fcedea9c702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
160KB

MD5
570d7ceec5ee3bd5f3db50e8eccd7f41

SHA1
f8d22fd36ae6e1ff7c59ed4d34baf1253c1921e6

SHA256
ab62e24ba2b028d48932f44a093b2e29926cd021b6b33f2328387668e8a8c1b1

SHA512
cd3f54802f2c84ab9e9be4de61ce7ad2b0a0f79639ab9c94b2d8ac161f91d4ec629ad17ed6b03e2e3fb20866bc025ef6b1f373d3b7ef8eeb9decb42d6e96e988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
007e775c30716e819c4deaab8f28b636

SHA1
5ee7fc1561a9dbab9165556087153f17716fa6cf

SHA256
1a879de0a06929e71d677ce4ca6f0bea3f8e98fc88478abe5a11f1e0dd459306

SHA512
d925dec45db867a7197b3d77b2889254e12995863211e581f9d9d07bb374f2059f90dad6215aa5b564e873a7aa28e3c6a4340bab5e1de7c4bfc61169fd6dec05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c9e7.TMP

Filesize
48B

MD5
5d67744ef5f2221ffbcd1a08e4844a8a

SHA1
9dc30d8512eef4bd4cb973a868775246404886ab

SHA256
0fc2207d49a5b2a18012b1cea1a2470650dfdcc7e914d4da4321ebfcec17e201

SHA512
bb621dc458594cbe61803a2e56750a6fcf98bf58d4a2bbc4521898b894e59abc71e4725189f5155205d31f2417f785615707a0ceb63e7dccc79fcf5a6aca1beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3972cf954a453a04cca8976d47e3d816

SHA1
460b64e56e11f05e493be25f6146aa626c50baa6

SHA256
35e86f49b9ebdf34d2e5a0d02ff470adee979dafd381c547e47def9734fe188e

SHA512
614ff635aa08361c61c9882ef440b80a6523a6f86f62b7891099b01b957e1a7c9443b67a1dfedddd99b5b93b534444731167ed6ee1d5b59146a03f9158af6e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1424e4b6197938860704223884cc34e2

SHA1
a4ba8cd91bf423f72de9e34cd7beb4590f9c4c19

SHA256
133e256666f35fd4a61826a38667f200620b2b76b624e11f9afc6ec080c70055

SHA512
3c1d9f5cdfbc59d47d27b5f7fb136f8a500d674d08064d14348f5bd2b4f7557e741c83c3f132ae4fbd83e2506dbb3095175cbdcca5c3e6219dd749a8a60a895f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
a3856dd188899b5ae4b89cc25812a69d

SHA1
b77f7f304db49dbdb1ae83af2f00b6162c4b9b1b

SHA256
e1308cdace8f2940be659d150f3588a1f2159d0d2f1156f92a31cfb6f287957e

SHA512
883f616d642cafc9ddee886daf636196e2e9e3f915920678baf6dbc820cf3b4d375e0a0006741d21ede977a7a05c97e232248887762039820b74829bad216026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6fbbba593bd67af5601adca44afef690

SHA1
d3a6d70f7d45d8e4434f85ad3b7c9f115753eb4e

SHA256
c758863a7d9cf5611ae1b31d66796608f68efcbcb9d857d96f2eac3856a8cbdb

SHA512
85ca494566ede1e670c8f1b1bc457139190fb1a8bafb8a53c894117e2b4d9461df3e2a557de8a0ec7011159c2c98cbbcf17131e9f372eb8cc7ad18c6784695e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5786d3.TMP

Filesize
371B

MD5
0adbc8325dfe4eeeb301534df5ecbc1b

SHA1
e0e2a48b93c872ff25a5e133af0e227ee320648b

SHA256
e9e9e371be5a8d72ed439eaa263e4372fc8094e1d7154065bbe65a8a1fa35255

SHA512
de3d3c13c30c9eb4750dffcbf493a9a8d0f86c7d38e92f554a1e2d46899b286d8fce5f7369421361aa07cc32962f0b743899cc9f265552d7e86172bd0060f494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
76bcdb04fd4850f14c5cb31c36182437

SHA1
40979d985a4e3550e3957b1e108164673d0a1f4c

SHA256
42ff64d77b00003cacd81623febddc95446234c1d4fb5ed6ab9646009d342034

SHA512
74aa2fbfcbd19ea9c87e7a360e4647f407079c254701c6403788ab6335f982c45ddc47dc6f6596d6ba7648198f0e956c5cbfcc099e678fc8ab93f38a9b9506a9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit