hxxp://tankionline[.]com

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 16:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://tankionline.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
2456	msedge.exe
2456	msedge.exe
4436	identity_helper.exe
4436	identity_helper.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 640	2456	msedge.exe	83
PID 2456 wrote to memory of 640	2456	msedge.exe	83
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 4596	2456	msedge.exe	84
PID 2456 wrote to memory of 5028	2456	msedge.exe	85
PID 2456 wrote to memory of 5028	2456	msedge.exe	85
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86
PID 2456 wrote to memory of 3536	2456	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tankionline.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbea5046f8,0x7ffbea504708,0x7ffbea504718
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11203275995362757386,6164125319434143373,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4 0x3fc
1⤵
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e2ece0fcb9f6256efba522462a9a9288

SHA1
ccc599f64d30e15833b45c7e52924d4bd2f54acb

SHA256
0eff6f3011208a312a1010db0620bb6680fe49d4fa3344930302e950b74ad005

SHA512
ead68dd972cfb1eccc194572279ae3e4ac989546bfb9e8d511c6bc178fc12aaebd20b49860d2b70ac1f5d4236b0df1b484a979b926edbe23f281b8139ff1a9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
864aa9768ef47143c455b31fd314d660

SHA1
09d879e0e77698f28b435ed0e7d8e166e28fafa2

SHA256
3118d55d1f04ecdd849971d8c49896b5c874bdbea63e5288547b9812c0640e10

SHA512
75dce411fce8166c8905ed8da910adb1dd08ab1c9d7cd5431ef905531f2f0374caf73dedd5d238b457ece61273f6c81e632d23eb8409efbb6bf0d01442008488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
da541989eec744b68b2c0dabb02ef3fd

SHA1
8034e03ce6381564cb418e6cfb11ca15c9e83ee3

SHA256
07dad7a7cdcfe9b4a95103fd879d70d003376718149b097b06f10dcdb1f4943e

SHA512
9b3cb4444f7a428488d3073bb0bced904fda7faa6f76d03f52b7a8c2dcacf2d800655f0b8e8fe4f501a3f944c2732e049557eff56c2d7b73988f3726199bd2fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f4052282072a0b34859a2a8a1decef58

SHA1
fe5abb4063ff91a2eb0ea57f0cd55d7e7112d0c1

SHA256
3894aca617c192c87c4f44440f655796b10fb2e831948a7e8201d82e772b6e33

SHA512
52087bb2d6d55e4a7330a465e56cd18fa0b2385062944e515a1416e256e003a1667247803166b898b95e7796b2f6d110a132cd403b33cf660b00a0c0612ae124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bbee5aecf8c8f3ba5a2d6fdf8eca6b03

SHA1
18adc6b7accf413b07301918e8c4a64cc1ffac76

SHA256
978394a09b7b1ff4e953ea900d38bd981056926f84b8c56fab70a8929f8560aa

SHA512
fa72841e3f58b2fc5121f5986bc94984e469faa65c94603203d5c1e261fbcefec1b5ecbf9f7bd0451ad8461a3ce9b06233914b06474f9407c2563ab93825ab5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
acdd6da5bad759f75102a69bfc3222f5

SHA1
ee81146733b736e8eb7fe58b41361317fdaae3da

SHA256
e2bbfc16d25eafc88e8fe8a6702eecab740479ac0535b5a732dc53eb7b4428aa

SHA512
416eaf51ffb3ba2cf389f02dba7c63b21a810c722c3b9ea6041b310490305894b5c40013ce3bbe970293a86d0f08513b279284d5fe5c134117f0972aeca9c99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae7e5187586d919079e9fe31c6e34c20

SHA1
d7dcdd409c62c37b272a64cae9d076c580f625a3

SHA256
050c0c39e2c054cd1ff5eb71715004fb316561092b2f6e88939dda2f8cde57ce

SHA512
e32dbb2711129e2d9e094789b27861d958bd1629e3b63a995af637a6b5378b04ef48c221e65575c46c538e325ac9b269aeeba078b59acd754bbe00deb1e6cd33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bbf357331487d8ad8a3160d08a54922f

SHA1
06459089eae1109e2cbbd700a2f105da6256f813

SHA256
4e9d07d1bb4dbdbcc237cee8ceab76d152b1b2d5adbabf1ffa5b288e8fc5521a

SHA512
cc682cc52bea0b5fbf1311bee27f4bc82a06e5834645e270bf3f5610680c7b57673dc8902a2acf1fd8af151ecc442742dcd8710584f4f1d2f5a5ba51a27faa28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
99B

MD5
ccce2a472b32e55f2131e4c0b30adb64

SHA1
1715e5b2946c5bb5f4a0ffb11eb137b4c8beb603

SHA256
4eebd3976d4db7585b093cda1deff73f16a80a953f38028613b3a689e70227fe

SHA512
264012630fe1c4b744806e622511cd5b59b5f776407cd6739d3ea637b084659747bc793676060a28b0a1d9ef12903cb7d8ae0aeffe0c2156a326ca02fe3a3a67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
35B

MD5
343859b4ad03856a60d076c8cd8f22c3

SHA1
7954a27de3329b4c5eefd4bdcb8450823881aad6

SHA256
8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

SHA512
58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
99B

MD5
d26bc1d0f130be246b3f8aba31eb0d2a

SHA1
73740b4779c86d727f9fabd37f9a5cc7ced80e7f

SHA256
5badbdcc540499f61e93acdeb5797eeb702999ccdce901f29ae397c3f0060966

SHA512
6250f11dd75b9655c0014e66b0dc7d51ac39ea0467c15e0f547560379367442cc3497acaf855ff9174309d16d33560e0e7bfa2f72def444f13765d669126058c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a74209fccafccbee404fa701fd826eb3

SHA1
29c7a40f52bc18400728b51eec11201903c72910

SHA256
4a56b41dba5d9d7b14f626d150ad22db135fb77b12733e41a132359cda3af69b

SHA512
3c28bb6863bc7596f7a3d54db88c4ccb74b62752929a7f5e94fc2e146859af4b980a4a0753d6d90938c5148a123f3e6a1ec903b30507e28d27f7c5e90571b4a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dfa2.TMP

Filesize
1KB

MD5
09cbd835de6ab73fb3a46fbd7e0ee4bc

SHA1
90574da7d3d80cbecee1b0199cf2c3d473bbb6dc

SHA256
2fde43b186cfadc4f91500a996b4177d3fef615607185252c45b006ca0cf87aa

SHA512
a30f3302d84a9d950355248390fad8230719e711ef621db15f5dcd1510ea600df4a268d5e79e16b829735567a5d02c44600a735567a492279174329523589e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4680a1f0d0dbfddc8695a3d474b6e366

SHA1
1999dcde5e0b00cdb29b732131cbb920fd2effd3

SHA256
a9fc1f2ac63e0c1014d7fd8eb912b8d701b6d13f76121589c74c6bfe2a0c49ca

SHA512
f4254dd61ea485ebf5bea6bab3003247e312fc8ac6c2ada982a8674f777d3cdf531e19238886bfc0196eb490825649f1431b53ceee7457dbc8241461920da212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1df062d57cbd6f4514c8c424643ce85e

SHA1
2b547ca6efdcfd23a57f082828a61aaa07d60968

SHA256
227262cbe9f6cf7398e76eec25c8ccd1bc94f31578a6ac9f6ebeec789d5b70f9

SHA512
2c35c62f7b29771800ad66235d7ba0eaec125c1158481c2cd42b11ff339884efc8932f69bbc4d8bb8338712d357a1b6aba3c6e8bef4d23264470a20b7d74aadf

Download Submit