hxxps://github[.]com/kevoreilly/CAPEv2

Analysis

max time kernel
61s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 19:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/kevoreilly/CAPEv2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
1652	msedge.exe
1652	msedge.exe
4352	identity_helper.exe
4352	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 1472	1652	msedge.exe	83
PID 1652 wrote to memory of 1472	1652	msedge.exe	83
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3900	1652	msedge.exe	84
PID 1652 wrote to memory of 3380	1652	msedge.exe	85
PID 1652 wrote to memory of 3380	1652	msedge.exe	85
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86
PID 1652 wrote to memory of 4400	1652	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/kevoreilly/CAPEv2
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dbc446f8,0x7ff8dbc44708,0x7ff8dbc44718
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,15471230150498260788,8883395508513395154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,15471230150498260788,8883395508513395154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,15471230150498260788,8883395508513395154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15471230150498260788,8883395508513395154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15471230150498260788,8883395508513395154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,15471230150498260788,8883395508513395154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,15471230150498260788,8883395508513395154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15471230150498260788,8883395508513395154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15471230150498260788,8883395508513395154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15471230150498260788,8883395508513395154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15471230150498260788,8883395508513395154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
77KB

MD5
f4d80cadbaa0f396a0f114c032eb1563

SHA1
af83d5c1be7931bf1009a04621300249032400a0

SHA256
97252d2fd1858bcc9b74bcf809d90712bcb262fe5829a50f10b425b8ef8f5493

SHA512
691f81ce2c1d89bd46037c943087e72904dbec473ff4d4e7d4ec668c46780e785ce07a3bc387f759a7266bbfe1eccd648d04c167930d5107635f01ac3fe5cff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
86KB

MD5
5fc0688ef95dddd5ebb826c95a87f402

SHA1
58368c7a34609f307f54eb030e586ff64354fcee

SHA256
ca1e58e0a7bcceaefeee7672d7fc4a90b0951ef9cf0e21de77a15e3f84615842

SHA512
30a1fe0ea187506386b9c0d04b06fd454f59fdf153fdbca84ebdb8137c6af3530d9b04b6ef29605d4b9f696b4a07d5b855ec46f7c6c0ab029d6cad27c501b13f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
137KB

MD5
84f414dc30c2f5f4df760ca6c9237bc9

SHA1
1077b3a6e2742c8d2f3f62015fedf04a7b4c961e

SHA256
0fae770c571f81d83d41efffee50a732d8d2fffbf86d7d077a801be164fed79c

SHA512
a403397130624544fcbe2895aa4eb6394da6096ea982026d046b9d7b84cc03e368988e58a9c281bcbd0b4dbd762379ed0c569c28dd39b76b7cdc9728e5ddac7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
29KB

MD5
653a83e018ab09661a97da8d789b4106

SHA1
199994126dac4b82d82cc8cfd44a8c7165054353

SHA256
7ee6eb166df276874f16ce49b8ccaa5e13646443e7444377b346daa9d76db19e

SHA512
82c8da4c4224847620d258b168e09cf3c8d590cfde0de37b1f7ced631ffb2d289297251f0e6d6a726ef7375c184a47ac49f1df3fb1ef87286e7285b0a230df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
64KB

MD5
5a36bc96f39dcf9abcf991d4e3730445

SHA1
71d07cd9111b30514615be96927cdf39180afd0f

SHA256
353a6efeeebcccd66df56c744224daf40b1556cf32a9a8d704b4fe79dbb0d66c

SHA512
4f5a1b1fd53ee279e8e1703910081377a26f85e3dce35124c5abd0a87e57be0b02971174501e79d4f35cc8e828b11b100fd0556b0605305a62260662318997a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
46KB

MD5
2ef95fdbfcc7a061a05c88c15e837d24

SHA1
53d79fcb6a9e7a24b6294942c6197158e94b4bb9

SHA256
689991598468a414fcac1160c8b70a8ee8406c68f277a74f0a944ae7bb77e18c

SHA512
436f439281125c31d702a6a411b3eaffe7fc92dfc673bfea10d3a2c1e693eea3868fd3ba9d65c3d1792a843f14ce77ceeb0910ccc726f90b342ff70f870a39fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
17KB

MD5
13e691691a17e1149a179a5c870e5534

SHA1
7823ccb0d37f4ed27295599a8a6659d398375915

SHA256
9023d3a8811a5650d5d8f4d21ef3c5a195ee05e7d0aa94c05d37f07775b5ab33

SHA512
234c4fdff0cb64fb1267188d078059895159b6b6dd948219450250f1173e38d83487824e48e52b3c653e14f05b2c0bac975d258e5d24700680b2c65232726587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
176KB

MD5
88036461fa6f76524cf30fe8813c1c36

SHA1
8dd6a00f58ce4e451fb08fb4cebf9940c514b9fd

SHA256
9c2220bc22089d3617738ba536fbec5aa3d3d490b2f8762a665aa7063f3c1be9

SHA512
aac0fad167cd1ba9907a9f30a60815cc7d029dbc82b1f1acbcff9eebc7a23cb229ccdfb1bd4dd5ce123546d02305639ba9ede2f6ab35509f1a4b28f858b9356c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
148KB

MD5
c7d9ff343f0b8717f70049cfb0d7dbce

SHA1
f02f1868bb818e189c189bc4014baaabdec0ccef

SHA256
ec560ba84a440fcd80e2ca8e322edb794ad21ff97102041278056785cf56f637

SHA512
d13b08d6d6945e014f8a4ce0b0f4b5b7c700abee729f85aa116f19da3b490e9f5f842af9b10fd225968df84562f9b0f48423931fd6723eda35b9dbfea37b62f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8172b472577f58dc75508943fb1913b9

SHA1
f21ed951fb207d7aa0b61c88a248fc8667845c6a

SHA256
2680f92cc45c1e694bfacde49c1eb913c4167fc7c92537cab794ef79efd42bfe

SHA512
3d3ab50a93ac36b129a6f1035be78371f48817946b209b26dbac2032c2e3680f1f100d7922c31485d517fcf35f29d183692ac1554625e6588c877f82246bff39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e32c381d30e1000a0290656277f879be

SHA1
618ef5fd0a8ceb94b6699325f7ae08df9d2713df

SHA256
cba8f203541061279889accae9f6cfa5cfd7550ab52721085c4425a1a4d44ab9

SHA512
48969905c42cd0ddda2ab03bf7ccdeb64d2bda25473841def0d41b9b04c1534ea6c1d441a407ecc6d2650d38c8f0e30588ea67fa902ae32603a1b0f8deda7ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5ea7a0b32a2f6ffe574af70c9ef44f8

SHA1
c7ca5ecd0f002f9d11ec001304ef9424c1357e3d

SHA256
4279de44cd570bb9910e0951ece7839646e5b326dfc9d28fc90233aa4f8a49ec

SHA512
924781a7a2f9c306cc48bb153f7ef0d304b423c5c52c6f9f5d1b6fcfc7850f92964128eee41e2f5dc5b29c78d1d92a5a01341dac2399f225e8bb5a23aa5fde6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64e55be8d3b37b8167c67ab4695eb15c

SHA1
ee0a7268526a2a898d96195803964e94f710d3ea

SHA256
359a28c1d2bde947c767968d84cc3fab6c549de4f6598e9b75668e63bd9950a6

SHA512
0031da338494144e37abd203454c682be50fd23277faeeacbeb14d3d3b84bc48150167245d87c58b8e31d98afc536fbf5f076dd3edefd9ad1ff552873a0100d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df89b845b20a017bc6f8a4b5f94db2d1

SHA1
27d2b8b22071bb6ebb6a5df085a459535116bcf8

SHA256
152d8bc42d2e99a4c49d0dfc61520c1101cdd2039fc176ec65d3b404e748ecb1

SHA512
681d2fcb0b046316a6a768b8f780508f74a87308add0a61098dda2d573bbc4984ff76f73c0458497c5ffbebc16dd56d0d0a8d013266f2c1071c31ba3d8dcc0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1107df21bea089734e33ecc2d0df52dd

SHA1
69ab47d2871a86f9982b859ab54cc23535f0b410

SHA256
7c9997bdda1c6c60151c206f91270cf0b33b5b6bf2d481f5be8e9a64556a021f

SHA512
0db03d8d015b82943dc424e75cbdba6c6159f1700c902fc8218f42b345283e0982998d01fbc9c8fb233b54a42aae7cd76384fdb41f1223813c9d65c949c1a719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c5174e9e72efef943235181f9ebc2e42

SHA1
30462861ca4bc602c946a9eb2a6cf676cab7df9a

SHA256
2a94f2d6c1f6f8212cb7c38f742a612a866a7623850a6da286c6911f74da6bc7

SHA512
41a834963e0132099bc5a0543b2b017f42411ce6ad0c7376986b873353fb83c90321fbad9b866d13af924cc53e3c9004049da532f9257ffd6b8c030fc6de5b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3cf8efda4f827b78e1b5c8eaffd267a4

SHA1
65148969a2857d80591ac091fd36f44b93997e00

SHA256
ba14864d528da3dc531e1aec265ed6e8d911e1a810b5ff119b3ca07ec96b9044

SHA512
eef51c3c0b1736e5f4ea8b94e6329c1ea162797eeb69490aac31591945f73f6cb534d88e8826b6db23bb05b5be10f54a46a123a695b7bbae91fce88d52545071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5816a0.TMP

Filesize
1KB

MD5
8ffdb8870dfe95c1d7ec12edc8a03d5e

SHA1
d6dd40d19235efa65ae5ec511c5317a9de76031a

SHA256
d0b2a8f42da14d748c37788b486527971e9f0d1875235fc7813ec666db9ab42e

SHA512
abed66ee6e226dff128b391f3af0fd138670daff2a53336a2484fc36242f71177697518c52bb6717d74d88082bd363ffcaa167b203102ecde1d6e72190c715db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a296b588d902728c459133121a34991c

SHA1
4b3c197b03986701a0513377d2084059f0f365d9

SHA256
53a001a0268e214c2fd06d29a128dca2997c7dc087a03ca7eadabc2909f7da93

SHA512
384685b651737d03557e676b90ff64adb3ed2874f5206aa0aa36aed61b09bde86dc9763cfcff6dcf0698d66a919d4561f35c03a094b6bb610daaf5537cad1046

Download Submit