hxxps://www[.]pornhub[.]com/home | Triage

Analysis

max time kernel
1800s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 18:30

Sharing

Report Analysis Logs

General

Target

https://www.pornhub.com/home

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
4092	msedge.exe
4092	msedge.exe
3004	identity_helper.exe
3004	identity_helper.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 1464	4092	msedge.exe	83
PID 4092 wrote to memory of 1464	4092	msedge.exe	83
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3112	4092	msedge.exe	84
PID 4092 wrote to memory of 3972	4092	msedge.exe	85
PID 4092 wrote to memory of 3972	4092	msedge.exe	85
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86
PID 4092 wrote to memory of 4468	4092	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/home
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ffd0ffb46f8,0x7ffd0ffb4708,0x7ffd0ffb4718
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3809265388161385033,10595206932814757174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:3024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
6370281cac31f0233986013d2700801e

SHA1
80cdef164d0ef9105d8e84d9c45cd2c319160925

SHA256
24c6c68fe0cc1acab761ef4b4975ac02c60f0f12592327e6739e5393f55b02e2

SHA512
bd316451dd2eff152247137e438d1fef6815027cf4aa7e8d15ee2d93ba53593181982086dfc71848a5edd09d5094a68ce0ce33713b3796ea8a287c19feeaafa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
af2929d4105cda8b8393c2bb09b5a92d

SHA1
3715f3b53f23f00c02b1e0ac21fe036419445c61

SHA256
881cec90ecab353f1e7db6615ce79019033984ce04b528d70b97686c1cfbbe1d

SHA512
307d7b7aac5aa999a42e5c7a3b8baa0e282f393e4e20bf532aaf24d7ac77a116dbca4c422222cea579987147b29558a494976c2df1aec15bd19d343c97b5881f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3eeca07589720bab1937946ba3661bc3

SHA1
0c0fe03fd882f031317aa49c6085ffa87aa882f3

SHA256
8d6b4b610bd40cbd4c76b1ed14d8423e96350e4609c12cfe609821736c7df7d8

SHA512
bd18247e783b1ac237c749106954480e09aa3c9b95ac7d225232034ea0868e95b13e84410488dc647a2d6122a6c9c27bbc1748f2ccf198f76b70c22f410f2b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9bfcf05662c3b6851d7d0119d1ee0871

SHA1
50b8c988c1f1fbf3a1cdbf57e49a642f2eb5d724

SHA256
2b8ab050b52393e6ed631185522e3f8090edb377cbee69316e9fedf2bb9e9708

SHA512
c0f7bde957f04da7f66c872c78cf5d172fb15aae8bd3f82a29e1034c7d9321263b058d69e62b3e1ade75e27626d387104c09784c07ee994fc9201f9102e39fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4fd6ba6b4259da6530a2819d49bab4eb

SHA1
623929f9fd33c15471b9f4e2b1e99ef73e0d6342

SHA256
0fb2c0dcf0f5fff63d00e2c6efb8c86ce242aae3acc1ad4bf4905cdd794bf255

SHA512
490d8556e9f7d59f0b66be34dcdd5c493747a2f349a235492143a8a468385320897d68c4ffa764417124bc1d046ae82e6c0e8a35f027dd2b0210290e2635a01c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ea3b10bf513c04b70e9bcf93406ac04

SHA1
030f6b733b3888568fb21aee9c6b69d86dd5fc30

SHA256
855e4231f639fe95555a6cf99f3dbaa5196cb37af499da7841fb4c7d7f435444

SHA512
cf4c9f1385c3b8993fef077d1bd3672bd3180aa6be243b33a48daa58df881538cafa3e0dc37f742fbbbf51e371ff16d8b09624eef8926df20faf374a0da4f201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
50ff8e5fdf79698c7e0acf47009986fd

SHA1
8124191b9497674137694cd92f46831162acc79e

SHA256
5f1ef949bfab4c4ee5929a65e73942c91ab9deef855e9ab947ebb8b0e148fc8b

SHA512
bce2eb49c9ec17038c249a851d318d6952b3c458693b2b83056fafd00a3c623f0661bccb7643df47f7dc1a1979c8cbfb858043a3aab9f15debdefbc6e46fbc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8eda2622739ab1a94536a7f403373519

SHA1
ed474d459b9b7bf42879da37a337545b62c3a6a9

SHA256
e200778f1ad217b0981ed46b850ab104dfc87881626fb31ba2bd84a224e22e67

SHA512
d453c895ca651b623c3953cb27d46ec3c02c08e15ae8ca3599af4a08fafcbe1590efbc611c5c7331108e83bb9201dea519adca8385ea63358df5346836f74521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ec73b49a18516f5c1b5984fa557b63da

SHA1
b03e6fc3ad967d1071e387d54c0340a6f5917bf8

SHA256
679cbf801f11396d5fa7c906fdc2ef8be2bdc0b0ca0825693a1aa96e0595ee79

SHA512
b0c3e467b2c862bdb5804c348dbe703abe6b4a91754d0376f7112f54e072af645e40633e2f882429c0b97068ca41f2f058e42815cd7ef0c7d9db17bb687451bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578e55.TMP

Filesize
48B

MD5
942b8d2f7f8c8e3fd55d585b3665c0c8

SHA1
a66061f0519bc3b038d784da7b96f920e2d4858c

SHA256
f1aad53c576377b1f5ca8f238636cb17ba78abcfd960701b2f7724a0b46a1902

SHA512
f3afaf4a9534094ae983631764bb1f2927f141515f2b1220c6212e232cef8c56210bc411cf725b2dba29ca8f145ea5dc3f2bc37fb33aedb13c2b60745552d3c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
02a2525124d9ccd95c5fe11b1363b324

SHA1
26a74ff220ea0590cd41e336da39c806d7212649

SHA256
152a522a80bd37cb995b12bab86274be4ff84e7553f197a984297aed5d3f869a

SHA512
da4d5101509b07a28c924805ce15099c5dad9ee5f969ea26575e8cac57d710dc6791e012879c05149b013c0ec1562d91bb2c0aa59b8ceebae87a3fe68c82ed8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
1cf54446da4ba012df753f724cffd688

SHA1
fcf50b1c1454a23681244cd97a11cb9d38897856

SHA256
db103c011ed03d12703b059a365f466e9baa4df14eac1813d17db731168cdfcb

SHA512
fdfe4ba9156a28bf1448cd2479f4fc59bbe0679c05095e02fde696f984fb46ba9049be4645b60f1778379d8bfc3cb6b3eafb4c540d3010f48ce218fca6d1d375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b0b76.TMP

Filesize
704B

MD5
a2db96257946b3575a95130821a7e6b1

SHA1
9dadfa953b48a5b0fa69b36fea1debc9a7239ee5

SHA256
e23b081d8dc9f8111d0f943eb2166c398b515d1924aa69561b08d798a21e5cad

SHA512
17b56a97f153aa945fcfef7e1245e4b8400f3dc03a3ec2df51c788533f599f240a0a52ef89a66c4764d87a4026d497ba95ead7a955022ab546b3854edac1b693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c3a8583d77ff61f9993e17f3d9305596

SHA1
16926e2cf310f4e4818df72bd8a4897c98e3c5ca

SHA256
75ea714c8c70119ec12c63549d0879aad052e6c03a123940930a93890bb8bc55

SHA512
39343956948117ba4261d3c80183e23d2e3d4856905e4abc1cab24d9796613dc5b8dc8e70b8889e1b36f9673a2c1886a16fe556e71ea45e2f152a36d8fc2ecd9

Download Submit