hxxps://mchccbackup[.]github[.]io

Analysis

max time kernel
480s
max time network
505s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06/09/2024, 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mchccbackup.github.io

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
4148	msedge.exe
4148	msedge.exe
3208	msedge.exe
3208	msedge.exe
3812	identity_helper.exe
3812	identity_helper.exe
1144	msedge.exe
1144	msedge.exe
1144	msedge.exe
1144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4148 wrote to memory of 3704	4148	msedge.exe	78
PID 4148 wrote to memory of 3704	4148	msedge.exe	78
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 1940	4148	msedge.exe	79
PID 4148 wrote to memory of 4012	4148	msedge.exe	80
PID 4148 wrote to memory of 4012	4148	msedge.exe	80
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81
PID 4148 wrote to memory of 2264	4148	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mchccbackup.github.io
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd7d6d3cb8,0x7ffd7d6d3cc8,0x7ffd7d6d3cd8
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13555610030540263137,17512301666087641546,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6668 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
37KB

MD5
27eec7e8f48ac0d64e62ec535a19ed37

SHA1
0454ae16951154ff4d64dc2dd20f780b6da87ee8

SHA256
9107d29b79f5c0e9d7ac88f893e0afb7c672d536b2e41de469172c8b7366e3d0

SHA512
f93033661c1974d9225b7e05543d7efe62574567abf7bdbb982b36e5b0be658937a7128de10376f9e39c20a2d40688862fa0e76aa53b0b8c87b99ee536fbb175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
18KB

MD5
af73a83498e939379445066f4be6686b

SHA1
bd5fb87bbb126fd672ec96b3a17e85ef92f8bcdc

SHA256
680fce4f4484948006f144bbabcbbc43b898e82ffe80b1f36b2a381f48507585

SHA512
e923a671dd7b9f2a3ee90b93eda9ec5dad3e4084053cb6c0a2002f02a4fdb0706f9d5c1859a8c2495ba08c6d6f641ca77dcab41987d1da08f8c0395a9e5cdd6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
51KB

MD5
258276d099898e538f88e0b732419967

SHA1
ecdb088fa404374a65188e40f3483280e58c0a15

SHA256
e1a0dc227f12ae0d0071c75a6347094e3e9fd7593133321c42c768bcf6e84262

SHA512
93710244b99f2be9269b3ad901753c9dbaf971b2fe44a102bcfb3a208759bd1fa860e1cdf7c2b31aa69cce06d5fa4c9ad03c7e96c232f2b0dfae57285698d5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
31KB

MD5
23c258254754397d0637dd9451e4548a

SHA1
21cb45c0ff1eac6c97692caed7986431fbae9243

SHA256
d6403aaa5edc765b6fad679df3c6a729df3b756e35adaa2e3843300028f0ff35

SHA512
208329bf6a0c564457772f4560461a93fd11a957fcca09294b4aa53c331f1601f2edc0b62062d956fb1392a300cb9fc41dbeb5b65e068d601e0187ff3654540a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
25KB

MD5
56dfe4177caa3623ddb2663ee2e4d10d

SHA1
53f26d0e7af032fd2852a02959fef417e308829f

SHA256
5b19079845058a15ad6d00b5347248f10c4131a1ede2d592626a5ac0647e7092

SHA512
221187939e48ffa89521f7e4163470cc4628ee7cf77188068e069123c2dd337117bc0323f4252c7aa10245b37cba545fa2cc76e0264576367668cd2cc43dd4b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2749f372512a31763c342d9723487a8f

SHA1
302be15430d58a28b0ed0c3555aad6d96b5a797e

SHA256
0222624541df28d1bcc657854d8930c08522b6c2691e5e9186244c1bed40d22b

SHA512
20cd29b61fb52c30cc62621623f5059d40fb7c2c6d22ddc4e337f6037f489b3c2ab87ffecb4a58e02d6df3a3f83869631b541e61fa312a0c3e31fb581c8b5c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f230ed3839272de51a63bc24ade015d8

SHA1
614a13530570fd6d4d0dccde95837388a281b054

SHA256
d128315d6d414ac985076aba0c965a94062213a6eadda415de23e5593b3ad195

SHA512
5400704d0b93b833792214a61a2d6d6acf93f62652b51346a8fd2a64b99a1ee9f12911f445a6fdc2748151b8798e25bb061bc8edbd1eaf383c29f97af36f9cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4d897809f702e788fb3585bd1334af14

SHA1
83da1fadbffcfb6c8ce56c8476f6018a0162b3c3

SHA256
6fc16a1a64aa53b6d9407b298101e15ddd2ea458c5bcb9d2f806a79aea19e710

SHA512
02b44c24a787d7ce7a3ead21128e81bb5889f2692eeee9931e4f5306471b27e1afb077f85f64c2d1ef183ca5c7e3e401a14e24347bf2ccd16de1059e79250b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2cd7dec96593d2da220252506f80da5b

SHA1
cbfc6785a7e8646baafd64a490930e560d8ed428

SHA256
f9b0ab6b1614bdc6496e87079f09ac38016c1447e556292a2ba4e68b5988efe9

SHA512
b4f5015fdece12df88dc2e670abd4b552a3908803c07058dfe7141f48f73cfe696237e770e4ec6413856b40a63a6bde2606d2f2b40d72e85224edfaf3bed35d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
122cda5d110e0badfafcc5dd0b56e14a

SHA1
1974ed055f5a92c781bda3511732156b5dc37fe8

SHA256
8bddeede1a98811597a073f33243a7ccc590d901564525278e84964f66d15635

SHA512
77f60a0a18aee03fcb78d49f001455fe6232ac510a3af54fa55def06e5e0b4d6f4439b4e7f50865d84d83b8d71d76c198b85789394e38a12ea39866f3427e841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db7dd392973a246a34890efb182c81aa

SHA1
f3654b3ae771d3db914c60f483b8e39f2eb13eb3

SHA256
386738acfb1e7f9e32ed91cb9d001341a1b75c6e34659e4e64e298a479ec8838

SHA512
1c89ca5372f0aeec34aaf65b1b76278daa8f4a508288ea0a8cf20a0274fb474d99496ac3f6d8ecca5e19f96ba58a4d571e82204f2c9bde3ee210a2e101b877a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
5c8a5a06dd6cb6ea2fc846bddb54ebd8

SHA1
02fcee5f47333daa25d36de0dad5bd0cf75ba1b2

SHA256
ba8e7984cad821d775cae66b4a1f0745ee6c0724f5b3ea16828e1d396b0f47c9

SHA512
d674949c9592a31de1211c7770a40e1507f673174956f32e99ff6c4367b481c2383abb53a0ad3d915a5757b0b36d0a2c804b1b04bad35a9b05976f58087275b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
845a65c4afddfcf33f72bb4f13585479

SHA1
4890920b301e679614e222e630fbc1bd838dd981

SHA256
53a4607fae9847f7577468b71c96f67131d15dea783d13c586c99017107e74b2

SHA512
d969e5f34c4664f0448d4997fc2b78c86a902e8771ae31c54820ccce5459c3a21d84b574e9ce7b1146008f5e845b148adfabaea24d301b0f67525b63b62c94ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5829f9.TMP

Filesize
204B

MD5
fb486b6c2764f04ad4402a578cd81229

SHA1
0303a4b3ccf9fc3f56bb82cc7aaf5eb1d81b766d

SHA256
5590fd506ad180c10d5eb90bdcde724cc0a25ebacf9c7a8ebb1709a80a7a2421

SHA512
3bfb5978dffa87a77447798b8db1f137fd2f953a2f524a8dbed4e634037f26937cc2f64937b5a5f5c4e858b2ad53f974fa26c5dec7baca8c5d73b2ccda204b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dbffc276-18ca-476e-bb0b-55665e69fb3a.tmp

Filesize
7KB

MD5
4e2011f13cf6e3e6d97efa5f7dbd9d89

SHA1
5fa7e55002c2b353a3d3b846e405e3b83ff985d7

SHA256
995b5679300791848b2fd412de42a88993cdee34722123c44ba67fb42551c885

SHA512
2e215beb967472c2e3aa31a76775f9465a1d59dc29208bed4469a44bf2f80c4db52f7655604d1860ef967b41c1d8f86ba40a5d5bc4d1804df7f2727fefd1a0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
01ca3e60d6a7707ca792f7487581ae7d

SHA1
5f9c8b793a3a7337ca89aa2e783f1a7cacf364f6

SHA256
b4202712db70f08505ae123da239d728a624554cfa9e7aba5a2a83035b33c682

SHA512
fc5575e27cc63b0f0c9c8b8bc7b0ef382cf4d7d368b5a5d53f2f4bd76ee26b24dbd7bab019b64614acd00d8f0c0ff8d77d3b86947f64378c6907772fdf78a66c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f107d0ef00ec6a70df7615ae910786ee

SHA1
1bb25ae4a97fa97c9e8a59feb13c5ed3f2638609

SHA256
491920bab1b33afdee5accd5ebf0980608835e5e2845a36822d33b23e63a0e83

SHA512
1565433a588468e9425d2f527de77e3ddb3c6cd0732263d4767fffb35d74f4073e30482332a2924079c0c54921baf1919b3772782ee30109caf8c094b0186d8b

Download Submit