8b826e8b46ca581f378a35935e12277a0a43a97a05a02ea65bbe4dfbe58ae15b

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1b9cb41daa900be34749d875a1d1169.html
Size

71KB
MD5

a1b9cb41daa900be34749d875a1d1169
SHA1

b96b6237167fcedd97ecf5a8ca4bd7a287babd7e
SHA256

8b826e8b46ca581f378a35935e12277a0a43a97a05a02ea65bbe4dfbe58ae15b
SHA512

aeae8558beee4e79b96ea37ec5f7a8ca788ba945b022f86134f6e69b205fe016522b4b158181369e683eb2b28cb03e6898400e7d82131b31622343df2e74a46b
SSDEEP

1536:EzXwgr8VSeO3HyZX2toaaS6cgRriJxBf17De:ceO3HhtoPsJxBf17De

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2244	msedge.exe
2244	msedge.exe
2372	msedge.exe
2372	msedge.exe
2800	identity_helper.exe
2800	identity_helper.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 4532	2372	msedge.exe	65
PID 2372 wrote to memory of 4532	2372	msedge.exe	65
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 3848	2372	msedge.exe	87
PID 2372 wrote to memory of 2244	2372	msedge.exe	86
PID 2372 wrote to memory of 2244	2372	msedge.exe	86
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88
PID 2372 wrote to memory of 5048	2372	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b9cb41daa900be34749d875a1d1169.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed99f46f8,0x7ffed99f4708,0x7ffed99f4718
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9584951165337194608,15063753076871269986,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f6d41bf10dc1ec1ca4e14d350bbc0b1

SHA1
7a62b23dc3c19e16930b5108d209c4ec937d7dfb

SHA256
35947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770

SHA512
046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4254f7a8438af12de575e00b22651d6c

SHA1
a3c7bde09221129451a7bb42c1707f64b178e573

SHA256
7f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b

SHA512
e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
21KB

MD5
ab9158bd77cfb3310b79f13bdb8b4335

SHA1
a929ce2e0439cd283d8317790f5e00c1c93eea8e

SHA256
e321804d2a4f9293089cbbcd0ae9287daf5f0406acb67eed25f84ba82dd463f5

SHA512
02ad736bf6e531e31b8bc2b886794dda002175313f7ad9f4a5edede8ec8bffccc9600ef1f5b70c8280aedb9a1cae0dab9cba7c7a55d190a7662b92dcaa68398f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
54KB

MD5
b767a6d9687f675ff12741efbf6215d0

SHA1
0c3207eed6df6b2dba7b70f01de68b950d2417bc

SHA256
c951af82550a5ced4e81464adb206ee2fa6ed7bdf96e5ebf3e263c6573542dbd

SHA512
c71c6d1cfe03fa91f1f503f7920d5d958e04f6460b9e8318e0a0025dad30174e327278c68eb2cea8fb019d07dae0b0d861307d4751fa05b310dc4524abd7641b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
fc09fcc72da0369c7d2d2e5b322283c9

SHA1
b48832b69b43d217c5719fb2bc88690d9223c1e4

SHA256
d8c7d710e24fdf3fda306e67f2f5c30e6efc8bf1b5ce03b59b0a6475037ff4a6

SHA512
36fa0e67edc4e6e09d47b5f56b657759bf3ae62ca09ae7417718e24d3c3905edf11dfb4b2694b7c63b046654e4e46507013369e66e39abf9fafdda710d60e431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
aebec9c897c3010730b4b718cd48fcb8

SHA1
3a377b81f2f93ebb776a8dc5c22c66d5f3412eac

SHA256
75a4643d660f92511af534ea9cae82f6501f9837a0f0328f39d833d6eed1f7ed

SHA512
d1e92c0dfe1653841fc395752eb235c55304f6c93f0f83389132b9ebf28ef83d0473928438bf6a6f1397600ab19b8ac71e09931722dace28a06a50df407f4129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
0abc295ea4924ae55a9f77695178fc3b

SHA1
7d8be844ebbb93121a4d9cbab632a4d009ce8a12

SHA256
e3c45844d0650af5f75dfee88426aeaa0ad2a01d9c6b79e3c86230aa498c67ad

SHA512
a38588d12288d1870ad8053e1582c4a3b6ed732f36bbbbeb96637d3dec4e358c9c77ebb3b63ccc8e2bb6a83585f0252b2cc9254783769a616e0a94ca4e2fc996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
896B

MD5
51e0cdbe9ec2cb1a7f30ed28f3b2e190

SHA1
86b732ed14aa9e7b2bb66925fa93c430194ae90b

SHA256
997cb13e210e90682a753fe47e8e1c437623fc94566681b47bbf7f5533dc65a1

SHA512
04a498544c3dd8487976dbd10cd43f0ba270452b9e53d95ced2d4ffc21a3854159e7b95a8121a52390c6acb5d088ea9c59e59ee5523193cb99b24ca936aac232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06f0d4a4f605057700a467920842aec4

SHA1
57151c79e0c246829421e287ef5c053a3b8526b6

SHA256
fb202396b692aca95300cfcd06abc36bbade1cfae12b2fc0408abada716b08de

SHA512
73711e60a3b1f9ca80c7200fa3ebd9163641d8797f3921b66a3e0418eb2e448010df58481169e033349b17a17da797c8a436063ca0cde9f96328c0f4ae5db01b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4aff179dae4afeb87f26aa4b29c269ff

SHA1
98a39a46868a5922356e60ae2a9bb4a9dce16cd1

SHA256
34b25ee346527fad273737474ece9c363b68dbfd96b88120e9dda8539530e22e

SHA512
f9dc66f6949c100257ea8dcbc7d17a0367a3d76a32597c5b8731c3875439986738ecebf29dc21fae6cdadbadb55bb53c37d957eac7e53e05e8a3d7d47e97855d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9104cef38625f9ee46bc7852c361527

SHA1
bd10ae7d544f37778ad309ee95c0d9d3018e64c0

SHA256
92924d6571a1ac7140120489c0433e891ddb11ebc85c867971c53ca00b42498b

SHA512
c9d0ee4e2770587fc2af066a7a6eee94bd50b10193cdd1564d31b0c9deec84f5821eef349c3d6809b3db1770f7bd69460739aea8774a9013a0cf18f5bb31d844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae0e711277fa4935f22a6e18404690e8

SHA1
7618b0df01a057f3cdf54a76af4ac899800bbecc

SHA256
0bac249a903cdf1dca1510e92d9ccc536de956b774d7aef90938efca28603331

SHA512
3678522c46cba3a3999b1e06b6a0bf127e8ca05c60ee143e08239845cec2bf763b395e59a5df7e0a1b07c4018573a5921b802e1d1ed390230b684c294c08fa98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa6f43f333865f0d07a8fd8f36153568

SHA1
f46295754145bcc4ec99141477d3751c0608b618

SHA256
828a088cc64cf6516dc7acac825aebecdb305221ae3cdaf4b709501eb180b184

SHA512
7d611b498b31e118d2c65821c993ca3be47b0a6bc70c1c2b03e87d4645c0785b88f0a68bf991a95f6f7049e4ceb1d4e703c62d4aa35ada3dc39036be3c2e3f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ebebf0a7b0d891827bd8366d06cdd77

SHA1
7c1c53a48e395919b341440a2f219eab64dfcaac

SHA256
dfb670b1a0b7cd90bee91ee5f390b5f89eb25d575b305e60f860b0d5ed8c70f1

SHA512
cfa944248c51ec8f9470b1c0c82f6f626bf5e49ebbe6f19c43a635fa8e913308e5171f8f6c7b4eb5339ca19cfc9354732b29da0e45706627d033a46e9ae0b045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
bac99f184a3cc2fc43e8768b838ff37c

SHA1
2590f8ffd458e4a5f1e7f829078d1ef42908f029

SHA256
ccd7010fc84ab5dea0348d479dcd34dec359adec3af9b4559b992569927fd517

SHA512
989e670ba35e54f4d5be17d70b39766356335bbb5abda52a6f30e4924bed4a29f11d86773777ea89df4c9dd5abff7b7265b413d40db2ff6bbe9902b0fe03f532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
a50d0106966eb81759fe9feda5e5c036

SHA1
4b31ac8ca0b09440ba3e6320e0e44efc346d67fd

SHA256
cb4557b9f58b5f75ab33dfb25b73d47d75a577948dc80bba02f0f3754cfaf907

SHA512
ae3201a4c2ed44a3bfee3440ea3a477165db38dc670ef1738f4a473ad3f8b518d1cba12bda72110cf2022816c0a12c23d2cce62e5baa77fa030a3b7e711b6006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584e3a.TMP

Filesize
203B

MD5
47b59a29bc01c807776b34a373f54848

SHA1
dbcac1f0c7c1d035acce84d24ba62dc6099addb3

SHA256
04c340995d18c9dd88a322092e06b9eb7d94dd442fff9645c29f2dedf7a35179

SHA512
98e9fd451afff9edfcb5d98ff338e56e254e4daadc70ba87994a236774a625718e774941652cab94ba3f00be577f14b2d5c0436317be4b736929ce7fa6f2ca52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3150c3a33e66014f1deff7b3ae8aa8e0

SHA1
ea575c2cd50af7d7f06faf4237cccb366656fbbf

SHA256
faf598396fd5f5fa93ca4360294d17999868c864f140b72a920c4772a5cea753

SHA512
2b018c5caf3dd44a8dd938d3c47243cdaeb8e69b61fdf36b994d2888401769ab95e530259c7093e1f0fc0fe61116bc12fb596af4b483f8c336756e91c3ad3c94

Download Submit