hxxps://linkmix[.]co/15414602

Analysis

max time kernel
149s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linkmix.co/15414602

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe
3476	msedge.exe
3476	msedge.exe
3980	identity_helper.exe
3980	identity_helper.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 4092	3476	msedge.exe	84
PID 3476 wrote to memory of 4092	3476	msedge.exe	84
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 700	3476	msedge.exe	85
PID 3476 wrote to memory of 3372	3476	msedge.exe	87
PID 3476 wrote to memory of 3372	3476	msedge.exe	87
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89
PID 3476 wrote to memory of 4936	3476	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://linkmix.co/15414602
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa03a946f8,0x7ffa03a94708,0x7ffa03a94718
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3032 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15697936670790995969,15396477555976083016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7295d7f3-15f4-4e57-a2db-28b6fa6a774d.tmp

Filesize
6KB

MD5
7e42e4c91558aeaf1ee79cbcd94779ed

SHA1
a8d4c953b121185e4c6953855b0fea04650ec61c

SHA256
d714c4a1f98879c100222146df5cee190e32e82118a1bf9fb7ffdff7210152d5

SHA512
cd37c90a987b04d53344cdaf2119be037a64e81bc476bded835c111e1db7d2e802cf7e7bd01ffc8c9211391a7b8b3be8c111d22b01a9bd9c1f6fe815771bf02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
23KB

MD5
d0d3f0905a43569e528255fe8153c572

SHA1
2ee354bfa30c77b282e84a1167c6864c27daa525

SHA256
b9f975f15b3abaa5efdfb30ebaf303a7c5e7f36d3933a5634b6b792daeeb39c6

SHA512
1973f678a0ffe147a0162593cb74db5bb481a7db3c9688a32262caa9b28aca0c3c75c4bbbfb834902dfb1fe5fb1784b49d0456866e19c6b3ad6ad8c0edb602d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
29KB

MD5
c7d1adad71be3b1424ceb9f89f9a429d

SHA1
25459690ccc005ec3ee0233fed58e840fdcd65e3

SHA256
0b457b04c5965f7fe38b41d42b500ad8e1de6afbce77a02a7ba8f9b49ffce792

SHA512
1e077a8695c65dcda634e2fee32e849311f15eaebbcffbc129f76d1205b89ad767289c305c1827a0642fba5cac3676ab860811049a6bf2fda4b1b07e25dabd26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
21KB

MD5
d16b0bea0b6d52a1d30ca21844b2cc1d

SHA1
904223c2efa651b629daa43a6381e83d972286e7

SHA256
ed6a8a2323b8396199732446cffd080ba5de98c557c81ac5f2aa330c2c074f13

SHA512
225466ce43cb46526059a6b97d5db10e21ee8508d7c1d56731d4e0bc9423596d7dd7a128c916a4d73909210eca9280bcdf1c30c31ba2ac79e8a4525f866040c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
f8c5d6a7d682a51c5f6bbfc3419bac5f

SHA1
475586a6537ae0884ad17459f7ce7e634d6b63a9

SHA256
2a85aa02538c54018e5d962f9a4c10c2dbb0d870b17fbe378b277ac423d779ed

SHA512
ab045f41996154d9e7c06109e637312433c9c64ba70dd3ca550aabe9ae4c06171d4739d9bb916358216bb9f479c4e3f967d9ae54c3132fc7a13cb69b7582ee8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
577B

MD5
67272d148577aff1e129c299e2df9078

SHA1
e197ec9e76a553efe750037cae7d00578b20fa43

SHA256
c4b006753e20e136afa7a724af93596f54944374f97354a414be64096490dc91

SHA512
d60b0a1ea063a274236e4772bc510f43d26bfd633f35b427b17462180e7de972a7e99668424006e98b4e5cfb435eb55c57a753f37c2c4403961755ec31827128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0de8a3ced9aaca1c83d80da504c73bc2

SHA1
912ec3fd16b30aff78646b7a63c85dfaad732a1d

SHA256
7de7e2e5bf9d46bc9a768d6f4b140e87ffca5f854f2b78b3364a32ba95073ce0

SHA512
08a684a6dc52a599bd14a1557dadf8cefbe8765ab873a10530d2eea657fc64ef8cb51356d8aafd63202fe253fb3654a75304483dea1f22b2f159a6e84a472deb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e9f74ea5694b2d58f70be5e29d00f2e

SHA1
dadd0f8f85867387655a2e0aa34700b65ae8a1cd

SHA256
06bce11161d196a4be0596272ee56f09e9ac52202b19f48958de183a69a5e4a0

SHA512
6154c89b258f8c43fdb59cb5ccd1ff057c5027ffa465fa0c237aa601fbae6bc4f2b21609f9a12734eb2a0e5c7cca51b381d5d468cfe32bced16666244a1f829c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
59b7691bb84c32c9e2df1193d5f1e079

SHA1
6a9503cc6d6c84a242f842daefaaa0e7d615eb31

SHA256
138f9c58102cc550d737a7a2fd2fb2d57bf372c8ab58c9ad0a9b5ba7bf80ed9c

SHA512
62cff9cc6a55e3b83c708faef42bbe46667c60d90031ef8808dc74398ad9131483aa4468636e22bcb99543907ccdec0a6e4e0d714fd450c2b46dfd2c1b7ffb9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c8f048d1774663d51dc1ab9320727e09

SHA1
e068ae2a4caa8fa528c185b2acd713f69f868bfb

SHA256
043b3cd9446b8a8d7b205a63a2cec77d0e98892f1a492ef4a173b224c7da2616

SHA512
e597f667d168f782ecb5c45e86711ff92969457d0500836b465c962b0cca12ab66a7aebfbf6ce29a95615821d8b9d0c4f489297982b56acb542e2e14bdc3b031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
30dfa8e31004c9dff2d4e08a3259a021

SHA1
5309573cdaee373bd3fd6d871113848dd24401b7

SHA256
c62ea22b592a3143f53449a6abec191ab58ecce846ad1b4a10435e6858ee8535

SHA512
c874871c54667b7a99549d9054e9c9b61a948a4c3ae63ccbdf092a471b6b764193646960bfd501b4bb7cd742d22b10d7a0ba93900a82453d331efe1cfef24f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
2a72c37df098e99b29b8f080b3110ba8

SHA1
d93ee1b7ba8ebec413401761a480814f5394361f

SHA256
e4c72dc618b3948540e054c5c0c215b54fa14c38e9ac26e7e83fa17522d39d76

SHA512
c9e13a90faad44ca9383c7e92370a7db0dc4b76cc9f41ce5a0edc915ff5d9d401342fcac492c404844d8aa931d924638b5aa82836dcc51df1ad170f35086d5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
3def6983c4edb4142032f5ccda9ad9f6

SHA1
e7575d4544609825b663c0db4b82b3e0dae8c284

SHA256
4d94e17c6bd3b266418ffa50bf395c94f2973941097ed99b92829c1774aab813

SHA512
dce656a6142cd2d3617185cf79755b976aa40496bc9ffd7ee69bf2d7917a5a263bbfb4a34976b4ab14a2d62a07ce865b0bb5217dccdd18be69b8bfa75c316699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
236a04fe3587a0a80616a1dff4248dec

SHA1
539dc8b33da2a5d8bf6e80d49492e9ed06a6298b

SHA256
b8fbff70f6d47bd43285fb1dc2b119cec2986452167c88e7610f9c917def082d

SHA512
983ceb0b27da9268acaeaf55fcc0da04a9e5d067c83ecf2b38085d71872c9d62180ebb435a39db56d3c09a4ed6ded472ef5d6095e338539f097b8e92aae02cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
027a2d46a656360019611c506bebc57e

SHA1
a5a46732a7cde066286826f7becce7e91fbaad22

SHA256
882a6efeb5ba4d88732dde5e89d6f66d31eefeac6c05bc17d2576065df401f41

SHA512
56b4ae498c991e4b8dfb74c32f561739094e0ed94ebdd84decb171e07deada4142beafd5f177f3eace41ce9ab1f5150d72d95e77b6da108ed624962897a8dac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
3d2b76b85a3af83fada010912e6a91a1

SHA1
5565068867281455f88eb40596adee67587447b7

SHA256
41241a6d760e39f67f3dcc0faea0572340a4e48af896959cbb966f1ff1ba0c58

SHA512
ed4fb63fe69c281b3285670e58a4d59e066708f3c8c35bdb871f4c0343db04ad95e398d8edea42c12aa414b8f4084747951d4c35377a4ad0491bd5c6b60ff078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5854e1.TMP

Filesize
203B

MD5
1d5b280a3b0bcd8659e15df734770557

SHA1
8e32feefc1ef9cc3b33b079bd954aa59a9453018

SHA256
fbb3b54ef44f70389b282eead25c45c8edf9702ff5092307cd75876cc719511a

SHA512
5b4c62888f8a04e731397a62d900964f9a234f6bf4ab1309765ac5963b4b78ed8588b22cdc86bade695cbc524fbdd1f198f6c46a0992de958159cf2000007938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
96bb4fb7568cce49f2bbd4542f6f65f6

SHA1
852966bc5d50a9158b38426b902fe2b014b02203

SHA256
c593e2179ccff57aa360f686d746479b8672eaac0dd2c1d119b7fe0a3c2bb219

SHA512
d6167a77660a213e74e0fbe8dd64f7c0a8dac289d6a5505e4930f510b7a21d1863dceeda85d1dd1ec937308a9f5a219ddfd2d413f303a83591db417a81cd0979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2639bfe67954f1f93128d08a019d4134

SHA1
4dcd05ef8da4b4f20be252aa2b0b74a1d2897228

SHA256
0e130c150d289b6becad62494bc4a27388ba2e7c304f15c594aa9e20dcad8d4f

SHA512
d38caa12aeb3fcab05971039e9a0ca27ed09277aba98d4881db764bc7e75c4d7a01ad8d84e8000b6ce3af51bfd26e6386b10856a1c8996dd46f64d7e648685b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
10d48eb13c7e15fb1235c16e6bce496c

SHA1
25ebef02a61a111d350b68d4486cbef923253195

SHA256
c9f6eb8136b782f272b479f2e394b6edaa5e2854bb3453d4ca77192135bcbb4b

SHA512
7210509846178d45ef2f38df0b7894bc673c0cd99565084371931103c549add934b522575bee785442e74f70ea0e79150baf19094b3ea6f0ff70980bf8e3dfc1

Download Submit