5064a9de2a9c73015090f13d2e96e028f7cc9151330d813a253ae3b3242c921e

Analysis

max time kernel
154s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 08:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

115KB
MD5

853a7e12d343d3362f66304b3b4b7b2f
SHA1

7e7ddfac823a380b3af895c2ee11ecdccd00f053
SHA256

d9815b8026fcd8d501ffcc3bb0a9c3726c75fa363bec41b6f5a4ac4a79cb5b9d
SHA512

f2b8b3de6b50ed85cfe77378539473484085c9597383c4b790f9c4ec09f2c173db029c327c1dfaa814c16074944dbb80f9bc024dc98ca3a6b18a46458b8798d2
SSDEEP

1536:SJFjj1hMkOhTRPcitNF1j4h7tc1erSW+WDnqxzNbxigMuJK7HE:SJpbD8IE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
5056	msedge.exe
5056	msedge.exe
1808	identity_helper.exe
1808	identity_helper.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 2408	5056	msedge.exe	87
PID 5056 wrote to memory of 2408	5056	msedge.exe	87
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 3936	5056	msedge.exe	89
PID 5056 wrote to memory of 4412	5056	msedge.exe	88
PID 5056 wrote to memory of 4412	5056	msedge.exe	88
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90
PID 5056 wrote to memory of 4456	5056	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2ed246f8,0x7ffc2ed24708,0x7ffc2ed24718
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6820 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7816 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,2935604129552624839,1355582217866307091,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2092

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x30c
1⤵
PID:4076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4db60c9bb06ea5452df26771fa873ac

SHA1
c118183a1315a285606f81da05fc19367a2cdfe1

SHA256
f168242e74bfde18bacb9e18945a39bb447188eba916c7adf0f342ed8d82281e

SHA512
180ed98f9d5a14a22687a099c4a0ba6b586610f7b8b4c8de89f3b91713b07a2ef3726fcd318cb4e270b1745213b898037d29cca4b490d0c91833b797d69ac406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5b0bf4edca2187f7715ddd49777a1b2

SHA1
eb78099013d0894a11c48d496f48973585f0c7c0

SHA256
562016f9159ef363fcbe62ed13ee26052b31d4f67dc5ea6d60864a7d5dfa50a1

SHA512
1039b98cffd32ca4c9e37486b96e01b167d76b19dd8440a21da4932d677c463f4c5ce2260239e8337f59bd61ff3111905e23ab71d3ca5b20e7d2935fea7952c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
d34df8f5283130bca31293c650565e4c

SHA1
fca833c2aa5b5f25fcb937171b40cda008bf2543

SHA256
fa5a38ffe2e54a6ddd912e142816a2f2dea5f9d99989d0cf0b31675f42da2836

SHA512
81a1b83643bfaedd159c5aebded8985d43e8cf124d84a2fe68e6e3d372262894a95965b4dc52fe1b18b7c7cdbe72c250c0b4c3b4c28610bead0acbdc9f1c4fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
2dd3bf713d2bf4af8b1cc93d0cca3910

SHA1
ecc639ede79c76185ac3dbc0919e48dfe078036e

SHA256
6302b7bd52c66d0ddfa0cb8731c41afcd56095d9a6ccdffa6ab9ace903cb120a

SHA512
1a991ad75c35a50340ef97f0344d88a490a4454a986e18e79c921e61ea23a9a9b94700fd594015e882c320f222fc6e64a2d6b84e165b467a1e69eafe35a145fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
07d55b946cf8e63c83c7562c9956ce76

SHA1
a5abed064bb483896ef824dcda976857a2b432f8

SHA256
88cd670f54ca28bb00de5d511825956728d2d9f21811b303fd16b496db6dd240

SHA512
18ddb71c48b14ca271d2cd1a398952af57dcd2f37e5a44538120b10baa9ec3543eb1c0fec6cf6bd7a760a95db2749230eb410a93309a8bfbe5efe1a0dc3df56d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ea0ebc68193c3cc2ca3cd371f4e4b3c

SHA1
56a02afe023f9f5ffd20341ece96a9826292ab38

SHA256
bb5354ffc2667722a7a6eae00cccfa861954d48dd708039ad5e51f181ee6f8e2

SHA512
669b9464e22e286aeb7f1338f97fc786b60377d8953a0cb173debcfc130a67db23067613e06ef367f234038a56276a89d3308386f1011707af076066b9c3be66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08eba4a1ec3c14a541ae4c4dc69f6c50

SHA1
fab9f677e4ff171fc6ccab19362f4341fb2ec639

SHA256
78aa94e1a3ceaea4dad8a34c8d00924b689040e7f563884f1f6b41d6b8118756

SHA512
675e6b71c48e69ce5c27ffebf16ff71460938264a14d765f06da03514792f6a04f6647db682bc925b350e1f20e1eb77daf56a2d74f49a13a5564168c93f33b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f87e613411840088205895489f90e37

SHA1
6697fc5d974dc415a75c5f7e47663ebd6df21308

SHA256
7d4a2f8c4912be555f5b0b4c4f59b8c0909c82b3bf6138cae319cf12d1406681

SHA512
7928cdea89f78f0450dadaf1cd849e45b1e5771703e4f7eb8a17180a8e5a7b36bf3f6f850e759a2ae4e93999fd368c67df1de2254fc0886a4a1a9337e1483b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a8b817b9af131f576509daa6a00964a

SHA1
0cb28274a6623730976082c49bac60990be381b5

SHA256
e2f618a9e61d4d71c88474a740309d4fc46738ff3beab54127a28396cbfdf248

SHA512
f5d61e24fa6b9b7913fe6db179adb92b59075f58f0de7c6d757144ed99a128f7496b1d25b12408fb04de610f5f7db920b67df04410aa12bd65b4ddc9996827fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a38e.TMP

Filesize
1KB

MD5
1a06898b45541b43e46f515581c1bd45

SHA1
e10472f52f3f8a73fe571c92b0843e490b3f5d3f

SHA256
bdb44d4a28580e0f57a0c80d54119c36a37b87101f9eb42f6d3c67f6eebe36d7

SHA512
e3a86967a27f8733b954c220b6e0a374c2a7cb7c7d85711740e00f83c87e318d58b7ae45237004aa80a4cd5a55c693c998b3e1fbfaa0da90e27e78ebe44e4e26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f382290d180108daa5eee4144a165451

SHA1
81c0270cb71d029100e626c052fe646d5b4d0ac1

SHA256
2ea418b7caa916ebdafe3dbb49e38604dfa56b158f0aad09bec2fdf65fd3f302

SHA512
4d5e22acc4de657566a926b6f7fdcf9f89cefe8d90b08aeaf21b64bfdf7678291bde0998dcd70ceedd37be07bf22d6d9a621eda9a30bea49221a5986ae9cacbb

Download Submit