ca19420d136f299d0bdb30462313d76671481eff2cd81a2a5a7d166727f7f078

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97a1121403d37df78c2cdd3f2208d03a.html
Size

432B
MD5

97a1121403d37df78c2cdd3f2208d03a
SHA1

1f1d19f6c29aed07f3be25db10595259c97556a8
SHA256

ca19420d136f299d0bdb30462313d76671481eff2cd81a2a5a7d166727f7f078
SHA512

27c426636f59456b16c7cbdf22b9c52452df56ca8d698e4603e05d9966931a93d932702a487ea085975ecfc7d6c56ca1112a86186346e61a6cf9d5df100db30c

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
5028	msedge.exe
5028	msedge.exe
3672	identity_helper.exe
3672	identity_helper.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 3456	5028	msedge.exe	29
PID 5028 wrote to memory of 3456	5028	msedge.exe	29
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4536	5028	msedge.exe	87
PID 5028 wrote to memory of 4912	5028	msedge.exe	86
PID 5028 wrote to memory of 4912	5028	msedge.exe	86
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88
PID 5028 wrote to memory of 4468	5028	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\97a1121403d37df78c2cdd3f2208d03a.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbddc146f8,0x7ffbddc14708,0x7ffbddc14718
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,10789971661981470801,5320666047229431502,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
42cab08e7ac2d5fb0f46edc2f49f4e1d

SHA1
4e04c1b45673fb348adba6e7b16287aef53d7a24

SHA256
49296671ffa425b350cf0cbff3209ad54a09e32a8b0d0b8e2d54c378824ec7a8

SHA512
82c131cb616a8baff2346f175e52471537bda42308033ea437ad701faaec5dc4f4ebcfd5ca00cf4583cb6f2de933f4bc79e1d10a7583183285257cfd293aeaf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ce0b7084f389ff8582be8039494f757f

SHA1
39aa5c60b5a4dafa6a1609cb4172857bb1abae44

SHA256
414f9a56d2302ecf2408c4a1d9169648f6c0c2b756b8fe37fdb895633082f5ce

SHA512
e7933d71ccf929756d38642f7704f8ac1fe772b7429dc2cf9bf81b25ba3d61512276a534183e3e8db37425f74801d23063cd93714988b59eebf02b4da81da26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f9fc96d8b2a73c6f085caa101382bff3

SHA1
11b30896de6cdcc06ff0f449c425452e991e57c4

SHA256
80a557c0f977cb301ed49ef1c7867cb554a4b1e6e015c2d6c8655fbf93e2553b

SHA512
c38b584ef7be4de06dd32c1671a6544c8b60101c3ed2ce1c7d1cf386f1245826260c5d9cffe66dc84caa97bf7514c0c8df04b59d63a778b8dc5928b51301b179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
caa270a2c42fb8b176fabdbf96e1ffd4

SHA1
5ff70feabf444b67e717ccbd7c0b0bf27a16dfef

SHA256
2e2d6d9b666b7a28d2bdc8fbbaf275b95652a50f8313e7668a3c5b27b922cc6a

SHA512
31cc2b995eecd26e66d6b48d0024ce404067d28a5d8b5e4b9a5b5303ddc7827a2edfb2f5350476992d8d4fcfff414b1ab9d8b1982b528558fab1197c306f3cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a2fd57575aff7b2210f7cf20f7b66af7

SHA1
05a8d7bb61c272797352459ac74b1c99c7f72474

SHA256
b6772e0fcfdb76ac711c55c77f8deb0247a6854c8518248e4dd6839a841e6237

SHA512
0089ea5ed6e3e057a39f63099fd1b91a0091105517d5677e0ded15f8b6f7ef5e09e40cad172de9e9bb20b5520755af040c96b60afa5a89d2283cdb381660c434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6db2d2ceb22a030bd1caa72b32cfbf98

SHA1
fe50f35e60f88624a28b93b8a76be1377957618b

SHA256
7b22b0b16088ab7f7d6f938d7cfe9ae807856662ce3a63e7de6c8107186853e4

SHA512
d5a67a394003f559c98e1a1e9e31c2d473d04cc075b08bb0aab115ce42744da536895df2cec73fa54fc36f38d38e4906680cfacfbf4698ee925f1609fbb07912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ad8996c1f058006b34583bef07c56e4c

SHA1
c033819ab11f6584a91e2a35cd4fe9334b316b87

SHA256
f236726492c11809d6b0fb526e44ae296e0dc3286ea3fdc2db141459fb2bf921

SHA512
8975eb2802082ce0174495dbf4476c0f181ae810c99310960b2d23b0d0111a33db8717a26724e5326f6a0c133c8b75ace05e1459ae48b3876ea4ce21d444bda1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a8a4.TMP

Filesize
48B

MD5
d292b3021bea8343401e6d5fc6430bfe

SHA1
7ed86498cc36eed4ef05567caca4023b3db9a723

SHA256
249da081b0dd98867a9afb01f58789496ef7927f21abb30b695857813cdf7077

SHA512
771e108d53721942664647732979c912b18f0928cd274f1f33b65334585eb512c78d58c5689530628ee06a2f9294333505a0003ded137dd3232c905dd3a21c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b3bf7eae500fa6982aa845bf968ea158

SHA1
6104e0e40c8aa060b81e8dca1ed6f55a110be07b

SHA256
a31a00bcdd23dae60a1cc4f980fb6fa90bad9d0020cfb12390e0c62d18e7ec84

SHA512
27cb1a14d71fa758cc5626665a95016f4673dd5f0bc9d374e9d57753b1e08542455d09d5f32d549ba963042309230353080118ad27d95d305936bfd0e9b77126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
df3d0156d09ee3fc99430b5e1b94007d

SHA1
bb59af6aa9dfc29803c6cee0d7525d6ff79051a7

SHA256
ed09e28e4ba5c0177a925f20066187c88e388e55c05adb0fd33b6d928a9db16b

SHA512
548209faadf0d5e89ea9a9aaf3eb2ac0340e96c22c75a21fe98e17243cac0df060cda40276ebb2b643ab494a6292ccd112cc16c701b8c2baaf19d2d83a160cec

Download Submit