hxxps://qgah[.]ig4ib[.]com/qGAH/

Analysis

max time kernel
54s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qgah.ig4ib.com/qGAH/

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
284	yandex.com
285	yandex.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
4108	msedge.exe
4108	msedge.exe
988	identity_helper.exe
988	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 1420	4108	msedge.exe	83
PID 4108 wrote to memory of 1420	4108	msedge.exe	83
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 3544	4108	msedge.exe	84
PID 4108 wrote to memory of 2372	4108	msedge.exe	85
PID 4108 wrote to memory of 2372	4108	msedge.exe	85
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86
PID 4108 wrote to memory of 4908	4108	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qgah.ig4ib.com/qGAH/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff968a046f8,0x7ff968a04708,0x7ff968a04718
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9089716011918511552,16818692332459115734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
  2⤵
  PID:3080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4459bc88-f06d-4ca7-ad49-d4277c99b90b.tmp

Filesize
6KB

MD5
3d0b7da8a5cd843d781aa56c9ae059ce

SHA1
7facd4dfe13de6b4f7c027881204ad8656bda94e

SHA256
5a45b8752099556268abb29226cb80e3eff56d8d72405aa00ed5bfaeee47d02d

SHA512
cce6639fc78912e24539b82188adea7307266bc8d6f9a80ffebefa8b084230c6aa72c43decc7273a5aae44c4aded776070fee89070c19852e73eddd71c982f72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
121f996e62749da411b6ffc1743791d5

SHA1
137197c0f6171f6e057d78b8e4f6a53036610706

SHA256
cdb75dfffdef51e172e56d16cdcb13eab99d5a9dddaf0bf270c1ecdd33aff5e3

SHA512
3e0a648348f9d5dc16da0bf9381e135eec63bc32beefd7238c2fe696c97f621c2d8caee862d260128ba3a7550808d15c22b490c14cd96e6adac420bee5399bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
c085eae360b2e50c705a8d0e64e74891

SHA1
7e75f3326a72644ff94428e39ba132f64d5adf0a

SHA256
a5cecb4a64ed15c168c17ddfc8e78016fa723234ab13fec8287a6c135cbe62f7

SHA512
a1d3c9c0c0af88dfbd772324387ba00677f8aaa4d43bf7261e4d3a99d726d5e861bc1e170c65c2de7691ece24ee167847a730b53d0e25276952a6f9ef0d1496f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c5e5c35392f54dad1fc365fa56a3c66

SHA1
c506ec19c6359cbec71bac48c0b0a0c5c20ec6a4

SHA256
54f68426463851df166f128dad97992d6d7fa002425d251f760fc85863789b55

SHA512
a1e1e48ae61a1ddfe7d514c01c3ec0d0c3043b04e18c0563aaa44ebcdfed08f81ce87ca55f6ec3542c640e713b14fb6ac3fada55856727faa406d7a39b20aa72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
74c88ba3afeff5a5a8c79f76cb5b0a45

SHA1
d953e1f048fb96529e11652b0619124ec06c729a

SHA256
d987c0948c0a21e1823d025d82020362f3e4262b9f4381a73266d17cdb413abd

SHA512
a24420db46b715df5c3bce88252a5f23d236f69e8af6a7e49408915b0e5f2604b35bc8aa672786a93904ef07b3f8d1dad49b6e6a35c2f40317fab19ca496a113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d62e810f481cc46519373fa739ffe690

SHA1
4cf61d1fe0b4c56f41a079ee1c86f05e9b01eaf1

SHA256
70f2be1e628f3cac0c173faa51bec288f38a569cfcc568f349a4c5f2a07645ef

SHA512
3466bef0b75a39f3d3259b8557444d2f1acf9fbf2e924f38c7717030fcdc70245c1e263d379d1efd954fd800dd09d7d0b30e7439f7d6dcb2d4d34e65768e5c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e60a.TMP

Filesize
48B

MD5
e3d86052f43758671e7331d16d642637

SHA1
94354c790d42578a706680bcaba8df6c9ffa4226

SHA256
c8fa4e7ea8b4866981c7f076f2f82f98fcdd0d1bb19a580163ad290aaeba91d0

SHA512
14fcb31664921a32b11a7be39b6bc2161d84d0b57a39cc0adbf34cc3b0248c86cd3e0e6ff3fff42a15b64706ecbdb2aa5f4ab0a755475dd5ba989efbd1c13f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e86158d390d55d384c2e1de39280bc2f

SHA1
b884cd39120395fc16a11c3ec4339dff1454ee1e

SHA256
5d9e4fa58cc51769cadd556236919f6a76e84f416ba9d92df6291ffac9f9818f

SHA512
614948f7fcbbae50080382a7880e66c69fca05f1f40d18c7827ff1eb14b6f0cd94d5647ad07cb772d08bab1db6639fd723d66c223bc481751d5273ef50f4b0ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581bc0.TMP

Filesize
1KB

MD5
6480ee8925ab0361bb08e5a7c38e5aa0

SHA1
559812f70d4fda8bed30668e995c25699ac6972c

SHA256
84fbad237cd6ab2cc7fae5d3a4a42ec7530d1a19ff12b13f9e46cfb57b172d50

SHA512
96bda2ffb764252d9d3bbd3626903076b6a783e0d73ac9b6ff9109d36136ea3fc78c871d6df4ef7e464143444ad02000668acd59362136ba10ad72e3bcceb175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
93c5444f1e2723a9bc572fd1693b489d

SHA1
dba27f924e289b0c1be4d425c7c6aaa7aadb386b

SHA256
36bbeb208dccbb99e203dba70ba6171171ee3c19ce9040eca7fbe29aded88df8

SHA512
41b81f41713c7eb7662a570bdbd519bb4d7e629b230c27bf6c05be41077a3d88d9ee8bd4a82df24d67ff5fbac81c304316e3ec53ddb4b493375d5e4218da2d01

Download Submit