ebd3da39e400c4af43215b65d0622ce7b148a4821dfc29bbe4130379e2f3006f

Analysis

max time kernel
1680s
max time network
1684s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
12-02-2024 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

749KB
MD5

083c6e9529b038049e8dfb01aa4f0024
SHA1

d9faacdc367f80c82a32dbd21658eeb772bbe6f7
SHA256

ebd3da39e400c4af43215b65d0622ce7b148a4821dfc29bbe4130379e2f3006f
SHA512

686023554c0e39ebea87abc589c4f504382c4d7059d22ece53f85b513246b16b85be70ed7e567b27eca6e5b231995756772e2946f84e8b31b92909b048269103
SSDEEP

6144:yJkhSjhS1hS4hSHhSOhSAhSNhSJgPokO9wrRnKw3WsTZyBNblbtF3ngVxiwu+FI5:yahKhWh/hqhlh1hUhsYu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
2416	msedge.exe
2416	msedge.exe
2348	msedge.exe
2348	msedge.exe
3376	identity_helper.exe
3376	identity_helper.exe
3480	msedge.exe
3480	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2348 msedge.exe
2348 msedge.exe
2348 msedge.exe
2348 msedge.exe
2348 msedge.exe
2348 msedge.exe
2348 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2348 wrote to memory of 1844	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1844	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 3384	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2416	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2416	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1340	2348	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0xe0,0x7fff18033cb8,0x7fff18033cc8,0x7fff18033cd8
2⤵
PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4926156394346823800,5548276645839601808,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
2⤵
PID:3384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,4926156394346823800,5548276645839601808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,4926156394346823800,5548276645839601808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
2⤵
PID:1340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4926156394346823800,5548276645839601808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
2⤵
PID:772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4926156394346823800,5548276645839601808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
2⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4926156394346823800,5548276645839601808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
2⤵
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,4926156394346823800,5548276645839601808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,4926156394346823800,5548276645839601808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4926156394346823800,5548276645839601808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
2⤵
PID:2072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4926156394346823800,5548276645839601808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
2⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4926156394346823800,5548276645839601808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
2⤵
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4926156394346823800,5548276645839601808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
2⤵
PID:2612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4926156394346823800,5548276645839601808,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4776 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0bed556ffeb1e69835b408d733b041f0

SHA1
e2aec94abd489a26f36a9694c7ef3903af6409b6

SHA256
7d60b9117a935eaba25d7273a5b5e8ba04ece22672661ecb37a3c8a08f61def3

SHA512
47d492a7c72f9d12511f070d7d28451b1c52c5f0d446890e704b02bbc51330b1890c5ac4e050d514ff1bfd9c64421adeebee114718042af5aee3f5fdfb413fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
25055c96aa8086251f8af6c048d801c9

SHA1
ca9f375a95e016947910463d597fd23807d97d77

SHA256
bbbb952d8d90da8c24c3a30509479cfe0c7dc1dc38b18c4c2c51afaa147eee49

SHA512
aa71532fc93cfdc11360fa46c907690a7218c49260be5ab05129d2ea4bd07306ef3190675e61aa565fd2d2154c56da238e8e67d8b4323889cb0097e5617b4271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
64f16f451cf1f0150ee6a1107db290d0

SHA1
6d4b4180d53ef264b82653a0d3ea5d822859384b

SHA256
0210beef6633fe5a47654e4b45e68fe6dbca82f453bb8959ea6d8bb1c8653e89

SHA512
0b55ffef534abfa3f3e63f2a36876121b61e9b59c50510dc04a3f8a62637922e512ee8ea2401d9063c75d876fcd181fd6464a52f5c3f99b21ec54d0b799b47a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
167bd9f2b90cb966e8df165f0dcf22b3

SHA1
ba772c966176a454dd53f4354ed2b59738ff88a4

SHA256
b8188016dda2507f74768bf55236fed3cd20e2c6c146ca5067f50a68ad1d7af0

SHA512
c3dd2ada6cc453a7c98b92e97829e5de24c0266aba3dfb92006c36db66d5747afe89046915c1c56dfbf3c68750e8d42c88b795cde9f0b3863a09ccabbe78db3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
398ef0b1fd01bde3b14f7a3efd4c2053

SHA1
32acb10f0058dad95cf9446ea40361b2afcedb67

SHA256
6bb4ae1454473875f37274a7abd2b3b9b6b394b96758f412e29ed18b931076e4

SHA512
9eef9ef4ddf9cc9281d846b74ba419641a44432ec106708c097d3bcbb30f1d4197fdc41b463cccc8b1de065b226913d74b2d9db11285c6042a19f7ced4c1795c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
5e1542ec05a1840cfb56ae87d1c2e16e

SHA1
25bdd95b83b7c614a6446609cff6ecbcab58d9d8

SHA256
41acd6ffea81ff1b8b58a4693696a397817473eb899edbf6606314820a8e40b8

SHA512
12c32368cbedc3d2515907ab740c75022fc4eaecec9b45734f346db0df209e667b066b2fcd891e84193868ecec8b892e7b484c66a8b329562bad53a69b25c0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\e952982e-07ec-4fd5-87be-52b8f03bf52e\index-dir\the-real-index

Filesize
1KB

MD5
003ee93fdd1c999602999bf5a41d1bb0

SHA1
a77dd13a7ab981cb1391f4698e3dd58403328faa

SHA256
87ca222ec9b5ae3c76528f1c76cc6a7fef710421a96bc1730fdbceb61203e794

SHA512
f516a33232889ff0e1afb03414045dd2d029e6045cadfa318a82699a79eada940cd197694bf79ec0e3b44184db071c273a64d71c2e5da192d3737778b2d1e16d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\e952982e-07ec-4fd5-87be-52b8f03bf52e\index-dir\the-real-index~RFe58117f.TMP

Filesize
48B

MD5
36666262969f553f69660bfd1624a860

SHA1
e2529b213017830b5bdf10d2844b8dabfe84af57

SHA256
c77a33dcdd3bcbd6aaf53b0c129a0ab385cefe5da917926567d06e31a5b8b8cf

SHA512
b73e88ed57213f77e5e033bcf2121d31c92b0b60994050f6527f26fc25b0b8ae83f4fec010add31ac3f359adcf52fc81da7bcfe9e8dd00130c2d1cb845cc15e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
73B

MD5
20fb90c4756475ca6a9e781e7344ab55

SHA1
ef8c1e2b92b25592e8077971f76b1c566ab44495

SHA256
79f8256f2d99813dd1133212b762d52e91ba980096020127f81a4f603da299b8

SHA512
8ff40864f500d4d8c98a6909a2937a339c0962b164085ce6c3eb7d9be4ff5a39d104a915e9d2d95bb1712aad385e7c20c182f2c7bff0c58665209d21e88d6ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
130B

MD5
8d4836740ddbe1f7b2660a769846b884

SHA1
b3b28e43cbc28aa67a0f81b6a6aa7b60fb5e509f

SHA256
573ab1323c31399b09950bcfe4251d826727b8fa56b350c509dd0acdb20c1f08

SHA512
88b322325ffed6055c02c9b8f575432b6919a2fdc035bbc5358746336dec06a71900628227836443cab23fe9d40ccecdbf88016ee6404de796f4a1abb1cefe95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
66B

MD5
9669faa29de009684309ae6f65581ab4

SHA1
e9634aa3ba229e27be709a065b830abb0c300cc1

SHA256
7a5a00d35c4c2178ff3e215b149e5195f6c1897697875cd05248f30864b093d3

SHA512
3444c9fa3fa2c0d58b6459efcf8ebdfb55c258c3462ac00d9b615eb0d7c3211971f6aa47de22791c9e4f8d82d7df0a361285147ff9031afde58e7a226f8e6034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
68B

MD5
32a904a5a2f935246af100ba73c63a75

SHA1
511de49822caaa827ab70122cb4dae0a89bad5e6

SHA256
cd3fb99add1f42630447756adee02d7afa94ff3b04f520049ea975a6bed83ab3

SHA512
4484903ba686faef76a0358821035e21eb11e43c6a627f0bf920d4154c5a30d5b822c1ef6cbef81052be71a3c6fe804a5978248310db72c4431bf0a5204ab931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7937c3c5a95ac6a4edd261e2e21013e0

SHA1
8b251fe8895d9f8e91000c51b2134a88538aac1c

SHA256
2791ed3a198181bcc47894e69193fe6786670e77546941166636fc27ee1bb424

SHA512
0ebe76646afb0111fa9b75389c6f596e9fbf5683bbdabf8cd42524770f089de64ca254dd1b92961c880c8211dc34d26cc9cbbca8c54439af42ec8a5beec6babe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7e1cbcc36af27a96b0762784fb5db34a

SHA1
72a63ace95a93a11a38a503cbbb30e59ef7ec420

SHA256
1c235e144b71bb53d4cd4cc48ed36518d4306f41b30b42eca4264644438bf5b8

SHA512
fd87a8630e64496684e3963354efb76e043346631b35c06c895a6db74750bd8065df5132a78b32c1635855958ab25c425856936919dee5a5229c340c0cea52d7

Download Submit
\??\pipe\LOCAL\crashpad_2348_QCYURLUTTIWSBVHE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit