a726336cf4e77a32f6c8d7e62c68de6d902b01271863540c09aaf3426de16aae

Analysis

max time kernel
147s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a241ecbfcec8a217293831188ece60fe.html
Size

432B
MD5

a241ecbfcec8a217293831188ece60fe
SHA1

75f61352da6bad6aca0f5d84641b5fb345674f6c
SHA256

a726336cf4e77a32f6c8d7e62c68de6d902b01271863540c09aaf3426de16aae
SHA512

28938492bea5319e7ff542b83882856efed989a4ecfa8aaa766d84f838f4532823df0eae09070ff1bd76048f0f3ebd11ea75db8244fcfe957651804300b21096

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
5084	msedge.exe
5084	msedge.exe
3996	identity_helper.exe
3996	identity_helper.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 3472	4376	msedge.exe	85
PID 4376 wrote to memory of 3472	4376	msedge.exe	85
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 404	4376	msedge.exe	87
PID 4376 wrote to memory of 5084	4376	msedge.exe	88
PID 4376 wrote to memory of 5084	4376	msedge.exe	88
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89
PID 4376 wrote to memory of 4272	4376	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a241ecbfcec8a217293831188ece60fe.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffcd1446f8,0x7fffcd144708,0x7fffcd144718
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,11614865010521022286,9783537579453573831,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
360dd5debf8bf7b89c4d88d29e38446c

SHA1
65afff8c78aeb12c577a523cb77cd58d401b0f82

SHA256
3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef

SHA512
0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fbbaffc5a50295d007ab405b0885ab5

SHA1
518e87df81db1dded184c3e4e3f129cca15baba1

SHA256
b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6

SHA512
011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
265334e756477a5371109c6f1dfa389b

SHA1
df7c87f979a9a240dd953991c3071341a8b8bf11

SHA256
22b4f582452de8899da7d4c926ea40072e7cf739077abf9d56fdf7992e2ef112

SHA512
7f5379d366d92612033a3911331f657d6f866c2390002744965dfa032131554e0d9ce27d555d5949c8da119ed9357196dbc72cd5c71ed00bad7e55482ac8b160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a7cf03a8071426d314144fe19fe43681

SHA1
32e619c42dfa97575c75b4ba5b498bec2f187660

SHA256
36d4fe5f64813aea939c78f5f3e107a4de302f2d472dd31a35599dcc5a1b1396

SHA512
5fc7584d77db44e798ac49263d55dc38ea13434d3d8047208484ab865fb60f134df84fd749b75c706ca796c291166ecef852040d0814de04e2747b20c77e6a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61e4019dc7f977c9887cc04959d3de90

SHA1
5fe7d8af85116fdd9446c682b7ee33995e9eb428

SHA256
21b5cd327d7a4f7efcd2e66992af890f6e791b0e05dc92ab85905fd755440cb3

SHA512
b5bae882d5751175cfc9d50dc428aadc986ffcb2b92a74061e384430d4dc25f09cd3028e93166cd78b85ff66956b0cf21f39a49a7b106be36b3f773ab4c9156a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
305bd96ca6b5bcb6a0eb978bda39741c

SHA1
85566c1462f4a61de7475c2d3ba26ae4a0f3063c

SHA256
f6057fbce86a552cc31e026f9fa497b1ad8497990f84865abbcf24d2ee746cec

SHA512
2a90d72e901bc5e28344e880869a4693910f4d7296cff59151736e11e14e5094ea46abb436f9b8a5762f1d8d8685909ed545b01a66d2f2dc24b18af14358d1f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2411ca1ac57a35e6f3f130e39896682e

SHA1
c37f9696de48c95de802d42195ffccb80b0529b8

SHA256
e902db832715c8c9f35712b0f91344b65415b6d0ddcaf5e74149bd89fd181c2e

SHA512
0b27452f1d95acde6f85af998a3d62e11664fa9ed2b348a4dc8512504cf19a6b64c388f75ee13b064a706bbd4a8dc24582b712cbdf73bb84843f2e7ccca3ddaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584021.TMP

Filesize
48B

MD5
0bf29b4c93c9790d8e921f8d8cff80f7

SHA1
22f4f0f834858299c7c09c69b8b47e83c329d8f8

SHA256
a3339bfc1d0badef5d5c1f85076c2320b1cf8d1a1a1cf64f272a66acb6df21c2

SHA512
95e509a2af40bb62d97f6b12e523b4fb50d954bbeb53adf3a8a4fd368c9dbe12b7aa0db620a5933d7ebb18cd690084db6769818cd440148d8a419f1e7f59a2af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
456b6c1de0ed96bef10a31420a9175ac

SHA1
785815d3cbe6ed13e58e3db4457de823d9eca1fc

SHA256
f83aef14d5eb5fb52e936743435f42ffa6ebed7d1f810fa92ca44b05fbc15bb9

SHA512
d5ab0d6b1897b8c212ceaa004216e0e3c64b9af3310614713c895507093667d3e4b49ce668b3cb4a8f37fa72bfbfe21b01810ca52170782ef726656a20035117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5840ec.TMP

Filesize
1KB

MD5
a32bd6ae4021951515b68e659f5a8ce2

SHA1
b7021af6b32d006d4c4306febb70a4cb6fb857b0

SHA256
c026f6dba4c452e122154d9938b430cd03eb6e7d8c7ee31396137160a415a8f4

SHA512
0cf7be2c145cfb17b710bfa4240e969c9f331193f7ed53fec45b1451d3d50bd43a16a316cfe5aae4a79c473c8a7fcc89ddbc58d478cf16a8ae117586ad49689f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dd6679eb-33b4-47ab-95f0-3c2561892add.tmp

Filesize
7KB

MD5
e6fc6147c93592e42a4d802c48d10882

SHA1
731cd6c6d05568ee86a82784a18f2161d09f46c2

SHA256
fb506058e813dae6fdbd478d09b32f3e1f591d1089c9bdb9017c845fde4cc023

SHA512
3cda66799060c33b23cf31859a406c7e33f21a9aaabd57e1503d49a0899f1ed73d3b473811e80e19a35ff894017825da2c7eef8ea8bb1d89b17f8fdedc370529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f7281860b6cbc1dc22e5d10408452f03

SHA1
956f49fef63b2af86c28b6628b81124e58a9456b

SHA256
342b45aca7c19ba3bcfe9b0240e42c967cc5c81a48524bd64e6f061d9dc34644

SHA512
ce68e1a3e69a95f940b3633268923aa66cba5eccbb0aa51a57028705cb903cbd97039887d297881a2851fc8476af4d54d8281e83ed2b1e755977544ba911278f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c74edc88ce3b5c9a2010c09f875f4c4e

SHA1
bfe545c6eefcec26bb27f132b73ff5c4997a22ba

SHA256
85f1f1e36ce599915772ece0613cf12c5a207db46a9f634ff25391b9903035a1

SHA512
9a7427895b9bee24e5746bb50f48c31052b55571c123a4dc10f2f64992cafb3fb28fb4689d7c2bebdc7e157ffd952ea945f9de5fbfcddb12fc603f79fc558cfb

Download Submit