b03b3c8578e7cc71d8647fd1ee117573198755753caf9cfd4ecebd38eda6c154

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2024 07:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

897KB
MD5

0f2848fb3f2a3fc6a465ecf1ff55b891
SHA1

7d8df71b97abdcd963d35b306c502f08296c6dfc
SHA256

b03b3c8578e7cc71d8647fd1ee117573198755753caf9cfd4ecebd38eda6c154
SHA512

57442ceddc2bbf8674c5c5cbc48562944b05504bd63d16721daf945b2ee09ca91066ac6e8fa43c3c0c048c362b78a06de2c7459beb1300cc6bd8491995fe9b69
SSDEEP

6144:w0uhyrhyhhyShyBhykhyOhyHhywhyY3G9AmYYlpWahD0DMfGP3NVyvxvP3JKwhRE:wBhShih9hUh7hDhCh9htW9plQahD0DVl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3124	msedge.exe
3124	msedge.exe
1556	msedge.exe
1556	msedge.exe
3744	identity_helper.exe
3744	identity_helper.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 920	1556	msedge.exe	50
PID 1556 wrote to memory of 920	1556	msedge.exe	50
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 4300	1556	msedge.exe	89
PID 1556 wrote to memory of 3124	1556	msedge.exe	88
PID 1556 wrote to memory of 3124	1556	msedge.exe	88
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90
PID 1556 wrote to memory of 2080	1556	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9994346f8,0x7ff999434708,0x7ff999434718
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17687827833230881509,12665349855458053176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17687827833230881509,12665349855458053176,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17687827833230881509,12665349855458053176,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17687827833230881509,12665349855458053176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17687827833230881509,12665349855458053176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17687827833230881509,12665349855458053176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17687827833230881509,12665349855458053176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17687827833230881509,12665349855458053176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17687827833230881509,12665349855458053176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17687827833230881509,12665349855458053176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17687827833230881509,12665349855458053176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17687827833230881509,12665349855458053176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17687827833230881509,12665349855458053176,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2644 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
58670ac03d80eb4bd1cec7ac5672d2e8

SHA1
276295d2f9e58fb0b8ef03bd9567227fb94e03f7

SHA256
76e1645d9c4f363b34e554822cfe0d53ff1fce5e994acdf1edeff13ae8df30f8

SHA512
99fe23263de36ec0c8b6b3b0205df264250392cc9c0dd8fa28cf954ff39f9541f722f96a84fbc0b4e42cfd042f064525a6be4b220c0180109f8b1d51bbdef8ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3782686f747f4a85739b170a3898b645

SHA1
81ae1c4fd3d1fddb50b3773e66439367788c219c

SHA256
67ee813be3c6598a8ea02cd5bb5453fc0aa114606e3fc7ad216f205fe46dfc13

SHA512
54eb860107637a611150ff18ac57856257bf650f70dce822de234aee644423080b570632208d38e45e2f0d2bf60ca2684d3c3480f9637ea4ad81f2bcfb9f24d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e934f2cbf9968efc01b7e3f2cd724b7e

SHA1
df3b3e6d52bf593eefd6913445df9531616357c6

SHA256
8417eabe5f7ad686ace2fce19f70695ceb2e9e323a1c4a823a6f1d81a3963d16

SHA512
e9ce99de451af15dc6a1a02c8af3b1ef4577b1e571296c4fec2b57260aac63d5f52188208e34332160435341d53532cd78e8afc682204387faf08cd336368dd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6971868443d9f263e461199c237c1540

SHA1
b72ef620eaec88fb11ac6935d5ddb9ac9ca27e8d

SHA256
3af7d06bc5d22a065edec73042de5e809226944acb9fea11ce4f00cde9e4e87c

SHA512
cfbc846a0214d41ebbd642cfa697b4c99ed42ffc45d6773f6265b393dc1d5d6d0d937d6c2b142f732446ab7a94b13b0fd29f1025ac15c3000c6d56fc2f91d14f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f691aba06fd7a2d11af7705566e37b2

SHA1
c967b73725bc71bf789d4297d87ca91420b3e2a9

SHA256
edafb73981c03791da087edaaa8c93f43410efb9194a127b2ea768cc94d7f0cf

SHA512
724ec8f1df493ec832d4ca9e73d72b1637bf74450d8d1b01bb534565362d517fa9e9049e3a79b92f70af75e1c898e5e73f5ec74532778490b715898f066b6e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31856d7b6d2384939fa6e6d597b5f158

SHA1
083e6a5ad5f102381a15920df3fde73d1aeb0e86

SHA256
d2b463b3ad6e291e208d053f5dfeb3cb1570a6931936633a1264d508b457df93

SHA512
baf4ddc384f536ef3f73cf02201034c3f44c45846778d3b8cdf687446f2b4cfdae83fc127131b90ed19ee42886faa4aa415ea8e21ea24371c07e194a54fa4f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f21f3f26d6553e6f0c8e8f889b123162

SHA1
743defab58e1c893c640fe9d160d475e14ee1b57

SHA256
c04b57c043e4bad1670c0ddb7c013163f5447b88d885f01679f1ab7cddeb6d5a

SHA512
1274af7937b8eabab2608db194f3b338089ae845590941d95a5c9cb6a69d0e2e5dd712c75d2eb022ccccddd97a7f68cf2e28f0932fb2d825583f02efb8a8e938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db40916418d0b4c578dd10f5409fc737

SHA1
304759c6906909714fca6e9bad6d86551897a901

SHA256
c90ae0bfeb3bcf69d765e55d7c31f89da4fd9c2a27e3e6c2c16ec9f85a70a683

SHA512
142b9752ad0a28972705feb791f81e47e7d5b254fdbccaaa67f636e00476b27aad5d782d46c2cb51a3c566f255edf9d13b551fbd7e793443465b9a1ea9105044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\fed73857-3bc8-43ea-9e22-8ea6ddd923d6\index-dir\the-real-index

Filesize
1KB

MD5
ed06ac3f00f6301c12ab63fbb4dd1adc

SHA1
aab87b4b75d10771e05d661e8ef4ec44f5d7ea50

SHA256
5df0568dfa9438928b1c36374f9bc5a70c3255a109388a76bd42ebed7886216a

SHA512
087d5f847e3fe0a97dbf1afb10dc5046c3986085cccd53a42520157a2cf48def9e36d75f68a668965d355d7b6534dad718f8fa49c74976d43501e985228f93a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\fed73857-3bc8-43ea-9e22-8ea6ddd923d6\index-dir\the-real-index~RFe584234.TMP

Filesize
48B

MD5
9745fdada1b97fad55e96d091ef05f27

SHA1
7e6f3a05df9d54225a78d822ba17b31ed3de2a08

SHA256
5cfdcbc1ad1a9ae6b474c4c823cad1eb004ead0159b3ebdd4274ce7e1372f350

SHA512
ebb4ad7d12737088b90323e6056dd51b242306b78b75fafe2087fcc25aeb6951ebaaab01cda421fd75fa027b64e6a9703f20e530839e65814a70b5d138a67ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
73B

MD5
ec398497a544783f3f96fa04c9a8fc00

SHA1
12c310b86c211a5e7812bc3db468b0a78610fb85

SHA256
729149415af4ef5e89955749a0f5771fa853c6d398cb3c5350b71b00d5d1c04f

SHA512
9adc0e675ff3a5eeae970f350d4880d200c98bd51e5bc4fa75aedd31c9828c6cf0c515852d5ff19b5703fd21f6c481ebe0bae072ff5291b11cef17ecd4bb7278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
66B

MD5
7c19c3c65e47cfc88dc61ec5a70cdd2e

SHA1
c85c42343726c13c13714c4c4dbad23e7491ffe9

SHA256
b481b523c9185153b0074ebd409d5b9d59fd886f4d2b7b45ead8e01be78a78ff

SHA512
2df786c1c2f8f16f4c3accc02873a9bd964cb390b787b93a826e226e5738e5720f206c4fa4acb1dd5355e868a34e6b8f156eb91d1ad0985d42fd0d0dc45de2da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
68B

MD5
7ab743f463b4ae8cbd95b8a133971139

SHA1
e45b42abd51698d3bb9cb9e07470c575eff5dddf

SHA256
7759c2bf666bfc1df418e3f9a7b15b5f0853d24b425e4851a51612a5214326e2

SHA512
337543c8012b85f1d4d6699da8f532baab0be9d5b380209b430d28eb2810e99c7e95f1b909b91cce23ece997a281e2a4965ca331416cf425129a8e14c011df1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
130B

MD5
22736cf4ff6d6a247e1af2b63202005d

SHA1
981036a84714c2329c4b528057b0391021eb081f

SHA256
83d7626b6ec54b1bcf4240216b3001a63e97ea1c044d64c8af947a29027efe8b

SHA512
46958c86d1a3e93545ce7d48bc3dc08293af937768888bc30d9f864109744f3f07a764fd4c868f9e0db1cb1b5a399edec1b9213c5c7dc5b8a7e8d6d88310da56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
5148ea788e86b84d910b1a0f4ce50e46

SHA1
8a8b4d281f8630e4a54c0a415a12a0606c1b2c5e

SHA256
4b091e07980c99405a03d0814c51687ea7651d34878200e77ce1dcb23aef418d

SHA512
4f02361f1561998e78b0c7c45247a374c58658b89e7ec4e739f055403bcfbb9d522be300307d8eb7179304d7f7dedf840cf21ad993d913f4c10acdfd0af6c0df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5813a2.TMP

Filesize
203B

MD5
39197105f24659395ea828589ead05de

SHA1
5b12e0bd9d4d4c8d390d758bd697b89b66a80907

SHA256
26c8e7b97c5190cbd25e608e4926ca6e0692e0788ec2a81c798239815a029cd2

SHA512
b2fd08079943c86120a870b41fbf033b2e10d664abbcd2af5ddbf23bdc8593d4436951882c69e706ea47e09d0f3544058f1fba4b94b6b6a026ea7c8356cd82f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
abcb6da438d94aab0041157715c3ea49

SHA1
88ea80685cee8a025478541c289354a7f0352d53

SHA256
ab5239736ab8184babe5220ca1fb5eebae1ff40c5fa8f5cac87bfa0db051d4ce

SHA512
88453613b9d25007907db8e44ccac4b5e63a0aea5321111d3168b793bb4dcb3f9b554d0e549b8084e544ce860535643db6ac8dab88ce689a5d271d4cc733e553

Download Submit