hxxps://empire[.]goodgamestudios[.]com/?w=349268

Analysis

max time kernel
408s
max time network
411s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://empire.goodgamestudios.com/?w=349268

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
3012	msedge.exe
3012	msedge.exe
2428	identity_helper.exe
2428	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 4508	3012	msedge.exe	84
PID 3012 wrote to memory of 4508	3012	msedge.exe	84
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2476	3012	msedge.exe	85
PID 3012 wrote to memory of 2732	3012	msedge.exe	86
PID 3012 wrote to memory of 2732	3012	msedge.exe	86
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87
PID 3012 wrote to memory of 2536	3012	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://empire.goodgamestudios.com/?w=349268
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8450246f8,0x7ff845024708,0x7ff845024718
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,10635583364764897439,11122659852746907151,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,10635583364764897439,11122659852746907151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,10635583364764897439,11122659852746907151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10635583364764897439,11122659852746907151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10635583364764897439,11122659852746907151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10635583364764897439,11122659852746907151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10635583364764897439,11122659852746907151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10635583364764897439,11122659852746907151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10635583364764897439,11122659852746907151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,10635583364764897439,11122659852746907151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6616 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,10635583364764897439,11122659852746907151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10635583364764897439,11122659852746907151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10635583364764897439,11122659852746907151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\667fe364-cbd4-4728-be66-07a23b3abdfa.tmp

Filesize
10KB

MD5
6639858637b8c599668b3fd1179ba8ba

SHA1
b2fc89461b84e7b89a731c0233f754403e5111ae

SHA256
21789959a1c185cc7664e17d1a086cc660a1df1cca8a89637687dee7e818a0e9

SHA512
29196951b1c774f511caff792f7dcbf945fb7b54e50281e0394d2eb778f798f2a47dbf2b2e74f4b06ed457b448e3c21fe6c4482c92303a0fa4dc684bc346bfd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54a5c07b53c4009779045b54c5fa2f4c

SHA1
efa045dbe55278511fcf72160b6dc1ff61ac85a0

SHA256
ff9aa521bb8c638f0703a5405919a7c195d42998bedc8e2000e67c97c9dbc39f

SHA512
0276c6f10bb7f7c3da16d7226b4c7a2ab96744f106d3fea448faf6b52c05880fe65780683df75cca621e3b6fff0bd04defb395035a6c4024bb359c17e32be493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d3901cd618f65d66fb0643258e3ef906

SHA1
c9b42868c9119173ff2b1f871eeef5fa487c04f6

SHA256
1f74c3d5f4d41c4d5358e63ad09f8cede236eb66957f9888f42abf98b238c086

SHA512
89c122ea72ae3f26c94e34040e0f0a856506c8490ba36fce371a731b3f0588407c6356cca2ebea37ac829a67c2b398e298a64d5a72712172f69071264ca58e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
546KB

MD5
c8323a3e8a7a2fc4bb9bc698f0c908b6

SHA1
f26f646b1df56cde45a188dd685946eefe62e7ab

SHA256
e8154cf811478e6339594c7f1cc449738ea3cc423c0ec684db055f1b72109019

SHA512
a91f90716c0c50288e89c5066151fb812191e39d70b9a5b5bf8ef2aea9d0effd4f27cf9d39af56861677ac61827194cb1cb13d4950d2f2aa8ccdc42a9bdc9ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
566KB

MD5
126df71c8ee9585136b7f481d5431369

SHA1
76e4330066114b77f40f6b3a7db5cd944be4fcb4

SHA256
1a750865cdf567d2b2033bd94fae9f6b7a84eab5fb7ab4ca4db0e297d741a919

SHA512
af7a96eb8796d63e2a4952f2460ef9456d31822950e2b11ba66631a864499220d4ba1e3ba5c8e3bbb461c808be72012291bf08872c60e4ce4d264d99fe774236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
ebfa845588dbd0d832d55e5e9a6490cc

SHA1
025deed5495385c1528bf03e7eb0e2d2c956c1c4

SHA256
222fa205452ac0b86e60e41c6a027e5f954c5d14079cecbe73ef02bf841dfb99

SHA512
143632f69d3911a44da0269e8258e1d28a90e5593cb06f0d42abd6fb62bc4624776c90b06c537909fb0bf5dbecc741e473e33cc44e285b4e123d1d73ac9df8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e54da44febf03a84f772ac3bf93ac5f6

SHA1
0210a94bb11b1df18563dd3b5db2cad5663df52a

SHA256
937501dabd4a2b2c924ce50644adcf142ce3eeb82a3be8f398b5fe845e47cb11

SHA512
54f4f334f7e726ea70a7e0957375eab0d175b2fb397944f95865f8433a83e8f992c25abfd8356eb2f8eec531156b77e77fd2103e6a07952c9a83aa2824d0311c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b6a7d2cf796b9e88a06c2784b3087d18

SHA1
a57f14f8cc179a830cd74503d7368c3cf537debb

SHA256
ea1ca70b07efd74ca2237c056e4de42dabae0c816b69f7cc373a2d318b1ba3f0

SHA512
f23e92841b375241b3c75845a7300553888ac815557090735b3734c1cb7475370e38274ec193ddaddc6f7f07780ab07e4cd7b4c6fc680bf110a2b2380900eeb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef1b91aa74101826addde9b32841cc8b

SHA1
cd060ad6e536e6623ab800e278c0f2b6a2a2f202

SHA256
9f6c7481def3738f8e5843653ca473d67a3b089ba9c468865fc7e24e67e22004

SHA512
7847e6c17d224fc8aef1dff68eb9e647add572bd8eb91e54bb16d65fe187c9031b19031aae50e2fdbf85a6b1518a1e4f906f37c624a165e54e38af882e2323df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
687a6fad3ebf99181ee0ae53f367d96a

SHA1
474f09e25457b32fc0076919e837211488387b54

SHA256
a93c7b20edb507fdcb9d5a182aa1b9eea3305d9226a885ac33f5eb6c040eda4c

SHA512
fadd63538a8a549fcb35be3b9c097f0b3274219710c6b027aed13c77b5ee6bbbaf9a607a095c537d6d56d7357eda79849171ce856c9c024f1595f586bc285043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
750f7caab8ae81fb07e54be0dd64050f

SHA1
218eb36a9a4b508311f56ac6a28652139eff2a51

SHA256
fc48a25e7e3844ec1104098e2899781966c9afdbe112f3f2c1fd0fb2dee7e1d2

SHA512
733e8f98d9199fdd7c75e6e28e7379a223452038d55d2b0b8f272aa4c8ee61f2497bb63004db4f1faf6c014d45fb242d095f60e635b27f0c5a8243fb9fd28cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585530.TMP

Filesize
1KB

MD5
5505f41695a04bb109219a164f30297c

SHA1
664b7508c9784421d2f1696b0d1b82c0f62311a7

SHA256
3a477c6c945cc8a3017e77f6d8fda23e7b00e37849197d50ce83f8cc8fd37186

SHA512
752cd0487f0ee91eeed03c83e63dbad543a1d898d35b2cf7f8386f7d69dc62112bbfca2d43c0a01ab50219ee27e039d1a80fb798f1af70c75783c34f0ad2e15f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
527e31c3cede62d29e3efe0a1a1e8de2

SHA1
576171e4571ec92ae7f38ec5eb2292936fb81969

SHA256
634c461e58159fc824451b33200556bc5681540c84d43e3768e60c79cc88740a

SHA512
21c36a0515dfa946657e34b02ce48f8b1ab46d9aa61649c17b3d4a1481f376e793dc471358abfcd839fba449cffd211d9a3f5ba706a7e5f8e451210baa102981

Download Submit