hxxps://www[.]canva[.]com/design/DAF9_CyaVZE/BvzpEORIQUt2Gts3PXDmgw/view?utm_content=DAF9_CyaVZE&utm_campaign=designshare&utm_medium=link&utm_source=editor

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 16:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.canva.com/design/DAF9_CyaVZE/BvzpEORIQUt2Gts3PXDmgw/view?utm_content=DAF9_CyaVZE&utm_campaign=designshare&utm_medium=link&utm_source=editor

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
3524	msedge.exe
3524	msedge.exe
2764	identity_helper.exe
2764	identity_helper.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 2340	3524	msedge.exe	86
PID 3524 wrote to memory of 2340	3524	msedge.exe	86
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4524	3524	msedge.exe	87
PID 3524 wrote to memory of 4704	3524	msedge.exe	88
PID 3524 wrote to memory of 4704	3524	msedge.exe	88
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89
PID 3524 wrote to memory of 4168	3524	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.canva.com/design/DAF9_CyaVZE/BvzpEORIQUt2Gts3PXDmgw/view?utm_content=DAF9_CyaVZE&utm_campaign=designshare&utm_medium=link&utm_source=editor
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffc26dd46f8,0x7ffc26dd4708,0x7ffc26dd4718
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3008 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4788423450313972387,18133843356282956624,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x4d4
1⤵
PID:1012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
127ea970139ee89c58085958bcc83f27

SHA1
8178a39f6614013ef199549cf12892e693fca30b

SHA256
9cd2ffd288f8504e4d575ca8fcfd7cf6ff1e610153289ec6cf51edf2dff7ecc2

SHA512
5adb85a5e15111cf019e4c4122afdfa326af973f7188a12881676823bcad13cfa31ae2f51e48deb167bc63dca37b168975bde44337107eb415586560f16e276b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
9869d5c8628a010e17cf6856537017e3

SHA1
976db612702858b4d6ba5d3a87d06175bb423fc9

SHA256
aefffde0685ff54b54c5bded416cf786f1902bc2c08e9295c607f0853f41e4a3

SHA512
6365dff5b16f58fbbd6976dda5ac740fce7b7aa0499a46390807274178d6e6ad78756fe86df3ed2fc4c781530b90e03d94d97001c0984cf75681ede35b5d24f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ddc208fc3275968703bb9b7fbc9dc108

SHA1
77944e8b2596af5c802ee57058695b09c4407279

SHA256
7b93a90a77c1a82ceee78e0fbb36e39d712ed8a81eff6e321a3f5b569713c718

SHA512
33adde82463c2abac67831067d8f5b193255715aa8b1e490c8e2f40ae1ef7bcbf435068f92bc5667b6c7c429bc59dd04b107039c2e38526e445fe012fb2875c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7650557a278ce32f89aa9abcaf49c444

SHA1
54d9a75792899e75bba3bd0ff442068ad7095246

SHA256
b7a42da30e88d568a84c5be64a55c1cfa34458a466513af8a55352cbf5b9f337

SHA512
9916aa5969106f79a6414d325bfdf78d5fd7641156640677278ccfa2dc94614c6b8598e774e7748ab1e975ff18a544246478f43adce3af2a0001a4ea088b0d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2dfe8437963f87221024b2fd7ae37eb4

SHA1
f8afe0242e8f054297b73a12944b190feca52e06

SHA256
e5d19fd646fac7be8df9c7f759ed63b08fe5eb08b38b4a7fe974831aa6a8e477

SHA512
e570cf32302267fc80efc4c4399483bd8068abb31996bee1b119ba2c64f467171e180f2022eda87168975d7965444606b987e181b2125791ff620485a2269823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66609239b76e37a9a3f2da5d358db7a9

SHA1
754b01963eabe798012170a251031dc91025b59e

SHA256
b9f3a7403bb3700e4eaa3472809fcb760006408facefb1c4b49e3c74c8255137

SHA512
8a01eab3c1fb74b0d4468c308a3b0930baf26e96cbf15d29f054a1c3ad9d141708083cb6ae677ec960fa5d9e5c68b3fff36ec2e98d3fb1ae0af549d7fe1b9064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0030b1fded9ab25ac312ee3d67f1583

SHA1
1460e61a92a24b54c0f04e7a6398c83880220cc8

SHA256
4773848f84093d20675e9242e80da7d8ac6a6984a1b82769b1c639f73c4a1de5

SHA512
1d763da28cdd3b96c48e197fd1c8c278bce0e441d8f028cdac99d2e4dbd0e4be132c2e2be04c1139ccb1d30fd81918fc8b6f679d76920ffa3cf97fb7171e6131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
384B

MD5
b7cfeaca0c7471e1c89c2031e1551cbd

SHA1
8ecf111993c26521ee5ace8a90569f47dbd7f16d

SHA256
5eb7a708568f955ae17466562cb173e6af302acc69edca8468edf5643b165a7e

SHA512
1d9113fabd84054928b78a190d0487b73ece5f47d5040146988e5aa18cab353413782e3fe578b02b539a06dfc02cd80939e1fcc23a9603ba3d3bb7d841e16531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578fec.TMP

Filesize
48B

MD5
b7f5c73005fefdaf350cf7f03689e0a2

SHA1
01b074ed70bfa0b8ac0276a39391efbd1727f083

SHA256
8a296fe5fb97f1ef98208941747a1108b6b2d32e692e6e01fca196d948661771

SHA512
edb946d22d76650c8aee6efc9af0c827481ca059a5aaf87d9bebfb7576088e1fb06e30ea972c316045b80256c9ab668cef9c725872b73264832c7efd23539421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
884592770a4d3297ea1d7842b3fe8de5

SHA1
0d20129e751332c2f67c63cf7d84d4ba54477cd1

SHA256
9578693ec02e99a9146bfd5dabbddc99063485b6d333d0ffea8335d6526b9aa7

SHA512
608c804d2e4701a41b339b4df9a0e8db891e02ac56d143fa90e1173c88c9660042d2716ae6fc607c89f49709e298bc8f9d12ebbb4dd55b8e73fffca3016fd658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
babd789c3b98e739bcad07d424b80498

SHA1
abe3b4827a6b3ecfd744899e6b6d4b6d81d40602

SHA256
02d53747bf10d37e78872e385e4cdeb7f83decf39cf90e41d539da5f84cf7457

SHA512
9790bb19687857307045e7f9ff141c578bb3994f22f01a2072507fe449e9d454349f02fdae3d01fabad9f2dc861e4d27cfa3b9c2ca2e4695ec6144e8d17c8b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6d1059e183b34a4333022771318f5483

SHA1
02d304093c8b13cc5cf071fefa0145e1a6ffa364

SHA256
6ed04561f885682014519d6df3fa59443a295c71b00a241da5d20f07b9847c1f

SHA512
95a805ca587d7efd4cc4ad228d7e6c9b0fefe0beac06934ac8c2c64787bc7cfa65a8c380ce552a7dd3c6b469bce5116af659d091b036d1b687a741c748950f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a76b.TMP

Filesize
1KB

MD5
a5432faf7ac2a1e43415ca4840c2567f

SHA1
193a93bedde2363b5134363057d1501b0d1c8139

SHA256
e5ef8da29e3f177f0d267a12047d24f17d2527aa04657bd6686ca8632e0e2936

SHA512
e7159fab1c9511ced35a3e814f75ad926b4baf44d1d279947b552977a2fc0f2ec005e09af871725a7e9d37acc83f6a9c548b6ea9ac888882c7c05a7411743445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5bdf1688f80719a836fd2ec8b75cbe98

SHA1
1304106de83abd49f4fa32406ece78d7c22bbc9b

SHA256
727fc0995f260c88d46785fa285335b8ddede589409830b67dd3af6503a6b928

SHA512
f5a6951737c56727f668696ffc8a8d6410b61bae76520e047f066cd74db164408f7220943880829751c45e9a8c06379280b5b00d2cde071dca3c3a52a757dd6c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit