b60ad403d749335f7087d1b8229178e5be11b24b12d00696f55aa5663f84b609

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0b2d2e79963d6097a78180d5587d0bb.html
Size

432B
MD5

a0b2d2e79963d6097a78180d5587d0bb
SHA1

8ced375f13d942227748c1d5c23ff37c5c3fb98b
SHA256

b60ad403d749335f7087d1b8229178e5be11b24b12d00696f55aa5663f84b609
SHA512

8a30bce33125e474b2b18ff0fab4fe3fcf5f92a5ed243253dc868e93a4cbbd002ec51a696782efd18dbdc34c8af7f6e9051a0e8f59551f2bbad3ddbbe4ff1df0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1420	msedge.exe
1420	msedge.exe
3668	msedge.exe
3668	msedge.exe
4296	identity_helper.exe
4296	identity_helper.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 2932	3668	msedge.exe	17
PID 3668 wrote to memory of 2932	3668	msedge.exe	17
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 4004	3668	msedge.exe	36
PID 3668 wrote to memory of 1420	3668	msedge.exe	35
PID 3668 wrote to memory of 1420	3668	msedge.exe	35
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37
PID 3668 wrote to memory of 1868	3668	msedge.exe	37

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a0b2d2e79963d6097a78180d5587d0bb.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e55b46f8,0x7ff9e55b4708,0x7ff9e55b4718
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6804134564464987870,17550328457543411420,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a65ab4f620efd5ba6c5e3cba8713e711

SHA1
f79ff4397a980106300bb447ab9cd764af47db08

SHA256
3964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76

SHA512
90330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
854f73d7b3f85bf181d2f2002afd17db

SHA1
53e5e04c78d1b81b5e6c400ce226e6be25e0dea8

SHA256
54c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4

SHA512
de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
cba584d5e1929d522b40f8456f24b47f

SHA1
22e1e7ec0b5021db1a3fcd760d2e14106228f3d7

SHA256
8312a6a0e12db86de2b955725c7f7ee5e40735519a8599c45074f6ce2cfb292f

SHA512
41acbe7d0fa5dd2621ccc0af797614e25cae5c490ebb7e487bd90c8b9db79fae21ac53dd8a16580dd5e9c81a6910caafdd7d07c333121d363dfb8d7123d71220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
86056420ca3cf6cfb95e150e0aab8810

SHA1
e39dd51fef4add4f8ee292bf3cb1aaf1578d935f

SHA256
94075e84ff34d838e4cc9570161e7cf755b8de0ed6ad29075e4f4f69c3b07f97

SHA512
bb339680c7ef64600e2ccaeaa2ffcbfc7e87832ed45a504fe2303de40b314d0e1db03932926c693ba2236a11637cb6dfd1e1ca5e7de41ebf64b23bf4589d09e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ea2076d47f59da996c7f57a2ae5671ce

SHA1
cfccad9b6cbd5e167d245763bead2be898619239

SHA256
ff5a20a1781a68cdc5bacd51aeb269bfc94a12ed95f96bec2246bc712c918cf3

SHA512
7c4df5df4d20491b502edc515c5b711389a233acf4a981438fb2de63f85bd48c9347683294646d2d69faada9b37c53e606391e4be8e2d02fac20cfb9c9856313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b2bf6d3194f2fafefd191cea5ed3ffb

SHA1
a2899f72e69c2c55258593fd7d27cea969948202

SHA256
1688292b8da8557fa0a56454ac10393c4aae3421df4b28d7056a227fb9746e2e

SHA512
00c2538871c3c9d30ac436d556a5ddb5e4b5c1c9482097c866a10b53163cb47bd8eee8f8ffa48fcb7ee96ebdd0ae15b4a4bd4b6292cd09d1917804f5a47abbd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
79662f73414575bf4101cbd90a4f5455

SHA1
807b13f4d3c9934e2b69682feefd6420449c3fb2

SHA256
b8bf2f4684775f72c511838ddd2c2c47ed152fde9e568284074c9a3f80e3c239

SHA512
7a1279661456e2efbfae97bc578b2ad9392f1827207b2c4b25e1a78c48ffa6be2acc95806ac15691c5d30600882dac1fb43e1e720de55918b2a2e97e2bac9e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2cb7548abc584af30acdfe9e26d43ceb

SHA1
5e1c8d468fa4cd20bc30e071ce630d2415e3cf1f

SHA256
b4e2a6c2e2d8caae844b040a87caafd8ffd6f96b2dc8dff661adf7b065e0f3ed

SHA512
778ba53b3b575f18c92c71e0aae99cf7e96fd940d3bd835249149eaae094c281417f958c0df448fdbeebca1f438d8a4f7b84675d778176e42ea1d784b928468f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579182.TMP

Filesize
48B

MD5
9d48214be71b2c4479b44ad96af4a9b5

SHA1
b6fb032d33f851089d4fda2fd30a690ab8c69fe1

SHA256
5adcb7f17c89d138f8e1f9ee2bb5cc1cafe221d54c131541f56400630cbe1939

SHA512
f2fd092127ffbd59b369007bbdf3198a4353464413dd5b57e8f0052bdd4d71eddae506ee310fef84cb84a871d3bd79fdb2c2e97f55efe3a2a3b8386d908c2f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
51f0fbeff3e225010b4bbb291f3fe716

SHA1
7d782d8d08276a530aa5ba98718f59681949b7fd

SHA256
2e7a2c9eb03461c46ace71e06255a842a8770a3c103b71112a12b08ee79258cc

SHA512
af807fc16e3d3fa5b41abb3cff3d7e040a3f916b61b0899cb8491238300525c15f4bb331598f0987370d2cad9f5826467d2fd9bb2555e7a3662904b38a464972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f48ed73c2b9392f8de88e85fa9ead1fa

SHA1
55d200b82d3fd65c26ddc2f1708a7e2aed5fa3e2

SHA256
ea219bab9989df4208b5ff789c11ac07882785ddb46ead9327f976f461903cef

SHA512
065015fd6b6190aa0f2a17db2a0320ac5aba6c37f1b5c33d92e4a057a4076af1776a0b37b61e4577a62eddfb71862d46fa9be653c4dda97a80c6604c28646a37

Download Submit