hxxps://github[.]com/pepeleaks/wizworm-v4

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pepeleaks/wizworm-v4

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
48	camo.githubusercontent.com
49	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1588	msedge.exe
1588	msedge.exe
2120	msedge.exe
2120	msedge.exe
4052	identity_helper.exe
4052	identity_helper.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 3220	2120	msedge.exe	86
PID 2120 wrote to memory of 3220	2120	msedge.exe	86
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 464	2120	msedge.exe	88
PID 2120 wrote to memory of 1588	2120	msedge.exe	89
PID 2120 wrote to memory of 1588	2120	msedge.exe	89
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90
PID 2120 wrote to memory of 4952	2120	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pepeleaks/wizworm-v4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad63c46f8,0x7ffad63c4708,0x7ffad63c4718
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4128 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18142823667142382730,6896521147076179273,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b657987b954884d02831d03d038b641c

SHA1
5ad93e45a477d44c33555ca4949bcc79fd779c24

SHA256
7987d9dea7378e8e331b88ba6d71a083db1e2dfba37c4963eaf1d23898aaff5a

SHA512
e6c58e3bd1dbb4618549b406230c426f6a85a4f247efad2402bdba21e6551d23fc50cd166ea636ffe36257228099d5fbca6b3ba51eeff625faaa48eb18b4b048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
657B

MD5
8c108d39f9b5ba11ff550cd27243abfa

SHA1
1e289c0896d4f481a04a3c11ade169e02e4c1b10

SHA256
401304b79c0a2e87c449400d8434d1d3ecb4d88bead1cd54cff9bad7220d7cc9

SHA512
32a22e910cc4f2e6cff29ee6e4aeb19d5530e97b7a59a7d0d8a7832174bb726ec724f362a816a5eb6e89c3ee05cefebc149c431480c54f8a97009cf64638d9f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9906c7d103d433b5c16481aeb9e1c2a

SHA1
581b9231c0d4abddc6b4e4032114ce043a73de84

SHA256
f595670f8fe9bdd0994d692a5f7a1fb639b07e38de51f02a0398dfd71436512d

SHA512
af17c472529c4fb6c728dd54c0c6c6ad48e1c6152cfa13b16ea5a394d163efeb58de65935321ba88868ffc86a22b3f3cbb11bef45cd12dae6d3f0477dfbae7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
093c992b0b11c5951159ed3a0b87a187

SHA1
fc2aaab945db3ac2bb642d0e4a00e44d5bc551fb

SHA256
251beb25c446a144f36bc066648522bda300b05a4665dd05c86df58a55c61e89

SHA512
e9506c1416552ee8461bb669b0c10c07af2713089513e25a0b3da49ee900103eda76530bc8cc5e29c40aebb975c7a5e034bc199e23bd6dfb48c8027f2c1ec9f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c735bd829d1ac7934b1eb6348ddfda24

SHA1
d6edc05147146d799e4e6b70e07681ad918a4ba8

SHA256
15326d65551abf3bd41ff97f4b666189f927fd088716651ddaa5b0da2956937b

SHA512
b8be66f93c4f54b24fdec0ca324a8c869b0ed836638ef1fb9a9b428010f5fc380fd675d0490fd37ff38f346bd6c9d475fc4c8710d96a11989ec60914c4ed7af1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c17fa21ebbc4e7d925ca37c8cadcdd44

SHA1
acc657c2353a1ba67027b08428a6f9385aac96a3

SHA256
e4a9a7bf85b9289abf8923ffe8f82e4284acfe98ffbabea6b167beb13fba8e92

SHA512
0fdaf1688b68cfcadb9a2caf9f6595509969543a4d145b81862cd7c90bcd49535f87327787f4d14da65b7d259ccc4f5fb25a8a5180d5d3e390a88ee15cb7c4e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d5a5d99fed16248186958ee7c83776f

SHA1
74b644c3546eb9586a6c93f60c33c918964e1e50

SHA256
28fc54ac8a8894e1cd9bebf718467dfe0610198faf3e3727c5fd19a8c02599bc

SHA512
59b97d6121428639fe9a0718de701f4eaa23905535295f296a11ab5dd0754d932988b51261fc4e6d30768cc1e5f890e9e6f96f72016773f2de3c376a2fd2519a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5c75094a067f7cea6ac41c8077c240fc

SHA1
a640974600edd50c0a6f5c5a73ab9575c627fa33

SHA256
068fb89488fcd3ca043312dcd460af0938bb410923629faf46f7de02009926b8

SHA512
773b365ccf58a29d092d2b23ec0006590bf80303d7a6c0d91da098ea32f80f9e9d137a8cec7403b3205771694381ba8c984d0bac4fcbeca2906bbf77b45dda19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581400.TMP

Filesize
706B

MD5
08599806823ea99b383a8d8c37e79765

SHA1
6b7d223138bfa8f9760f065bd20eeefcbe3dbee8

SHA256
8362c3d1fde5c0a6440a98138f7af04ef9f824115632ac27573fa192b87f5b8a

SHA512
dde2b5a0bbeb7b49206f0b6be510279c8ede89e98d4f31ec16dbabfff3fcaef0ae96a8d8bea0d2302ec2d92d5fdf496984893b035433bc525374a551efbe9526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e6c92d2ef3af77e9ab8012043e7e4547

SHA1
a8456a8a97ad3868f3e662781c97d236b19ae83a

SHA256
30522966b7f3d75913bf0bbb93b9777b8b15fc504c5867cf64ee2b08c8885651

SHA512
819a5aa5c798b011a6ec1be439e2585ed55e2a5591f58323f4bb30bb38adf8f25be252a684dc491e88d42624005126f5379f22ea0da19eec2e95cbd2681b8599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dc7d47d0146cdbe6a0d83a7d327f98a9

SHA1
66e355a9312b03da243079551ffc2733b421d3fd

SHA256
352f1e22b8c062eaf2d4b0cf4cfecbfa614a1ba0a65ce8072a42d82c17671f9c

SHA512
397d584bb36d5ef14066592f0dc23fd189bf8195eebc499ed058009014e3473545e368ed11b9094968158597d69176fa79fb117612a55ed47e800b239faf6b48

Download Submit