f01bb0d65aeefc78e0bebdd350bd20d83277b239001d5032795a8256e4a36962

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 04:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a2f538f4de68a081952ec271d11bca0b.html
Size

86KB
MD5

a2f538f4de68a081952ec271d11bca0b
SHA1

a18d18dacd419be4c57df8424cbea0f05284ef6c
SHA256

f01bb0d65aeefc78e0bebdd350bd20d83277b239001d5032795a8256e4a36962
SHA512

5c602a9b8ac35408c26c03a9fbf9ed14666976212b5534f4bc21f4f15ecfab14d3fbce116075e5b79e6e3adcf96130ca57a0e3f133aa85550450d5fd521fff4e
SSDEEP

1536:PZMEijZeqLbEijZeqLGAcVAcriGLc8iv/srjaMPNUKVL/Tzas+:PZMEijZeqLbEijZeqLGAcVAceGhiHsr8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4328	msedge.exe
4328	msedge.exe
4416	identity_helper.exe
4416	identity_helper.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 2472	4328	msedge.exe	88
PID 4328 wrote to memory of 2472	4328	msedge.exe	88
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4488	4328	msedge.exe	90
PID 4328 wrote to memory of 4992	4328	msedge.exe	89
PID 4328 wrote to memory of 4992	4328	msedge.exe	89
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91
PID 4328 wrote to memory of 4948	4328	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2f538f4de68a081952ec271d11bca0b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8a4e46f8,0x7ffa8a4e4708,0x7ffa8a4e4718
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7528 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5634121466149958269,12580749096805722447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7380 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
343e73b39eb89ceab25618efc0cd8c8c

SHA1
6a5c7dcfd4cd4088793de6a3966aa914a07faf4c

SHA256
6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223

SHA512
54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4c957a0a66b47d997435ead0940becf

SHA1
1aed2765dd971764b96455003851f8965e3ae07d

SHA256
53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163

SHA512
19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
21KB

MD5
d665d41e652d713020dccf0a25a7171a

SHA1
d3a4ac6b1f17825c105958e3590cad5e4e7e3a2c

SHA256
1af1748db5992e49dca425c2a4978e33860ac81a80ca24e08fd9a6556598f8e4

SHA512
5102ad0f2eecfbcba57acf1d51adfc08746785fc68580aefce8e04005faeafecdee4c1460ef7f62d775f8c9fe06afc41c60b768c41b5f7b0315acd45d5995d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
44KB

MD5
15d236690ae6ed6285bc3260340703be

SHA1
3b8475145f5f25c9b6b93a260b30ada4a4279b76

SHA256
bf521348d31946bb4e6d31c338e6efa0961ee907f4f871b1e9781a849dafa792

SHA512
2eca25be9587131ba4e4e4fed86283dbab3f959299d79db056619da072788c6480e5244095de5c84a58c40bf1f5b7bc808ec94c84fd7dca99464eba4f511bbd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
764943d68b4b75bdc1660deca98e73fb

SHA1
fce02412736f0535d6f3c8731c1e8c987540fbed

SHA256
1cc95c59806a4a95deb79788ad44d8ddd6014babbdbd413c32343b2f2f5897ff

SHA512
2d7dbbb45a448fdea3c10f77b94356329e1651a1d83231c89e7c5afc526c3be7b3cfebb53b0ff1c4e97db97c5e4cd036df0b2ce76c3acbd242f9e5536e79bd53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
8640b7da7c7b0fef663e6cf60ba0ffd7

SHA1
360eba9bdffa90a6ea78e083013d518e4e256615

SHA256
9473c36cb4526f34c1e07d7590599dbe56e150451f1e0bcb966b2f61ef78fe4f

SHA512
a0cee5ddd5fbf57b8ad63be72265933f7535a90e27f2e639092a87695df89d728d4feacbce1feb708bac248b9960aa22e84032be5f1338d39adc22581cca7025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
52e4b1d96ebd79fdfd9e3f3493a82229

SHA1
ead0ce4126af30dacab1cb93df4478d34980c877

SHA256
564cc66d7df4f7040c008905dd5c8957202b6c2a7420f519a8ef5057de25078c

SHA512
4a97c7e7c6865e24d7f088e581306e69dd084f64a295910f185ea14185565fc3b31aeca718770c6d58efd6753e364e91fa5bcdec7d9d0688cac908d3cac46f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
68a5f066805bdcff2aeffa22335dd0f5

SHA1
c96b6d0f3fcc0597d4df3d13a72589120bc6c934

SHA256
8c8ae333a2af7bae4f797b222945e2e4b64921fd29f5f8ffd60e562ddbc696c9

SHA512
1cf283cc4965c37181705ccb5d3406170ba9d923209e15e6cd173abf37ba3b1ca2478a5c7efb43ca0d11a743f3472c1a7a33549af1c171a0d6476451dd811972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1a8d5bdc6f15c5a401397a2e23351b2b

SHA1
130b1fe150e7343ce56fc80263c0c768d995d590

SHA256
05275ce34730b2e7d60029d02f213ac09092858421a6f27f87921cbd27d29a70

SHA512
63a8aa60e8e46a5194e83ad1ceddb9fe98139d72118a5a48cdc9ec08d739a55d1248aa8e2e5a0a1ab8637f178f89e4f11a11c0379c0ca2fc1a5eb25f785fb3ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8acc712a7fe07eb339689580283707cf

SHA1
21552619f971104648f2182155520ae79fb1a9a9

SHA256
6bab447ae1275fae3e13ad379f0fb362ab91b7b00c83b1fb3e916abaeaad0935

SHA512
219a2141a56f5a41aa12ac3e5222138ea9cabb99081ea9cc3536ac53510fba8417939379bec73908da117e4f25011c58df9a9b242d55832b58d30247c4f2e291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
07480553f00a647f50433c26a787da16

SHA1
42afc9c624dc5b5b8826104fa6261dbbdcaf313e

SHA256
cead0d977264e18c42b2031a56bd3ef3feb758e5ab3adddf1cec5176ebe85a5e

SHA512
cd56d3020e0f7733f339c106b9b638a8040a53aba4227ed3c7a48f87bfa39af8dabee573048bdf38b05715136fb9c557cd2e85f36541719ad8f111dac12ef896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
42f5d1787ec6433939a8d6793618ddfe

SHA1
c607a7876fb6c4947c30a937adbd881895d240d3

SHA256
a3b2f3fd2cdf444b5afcbefc3ff66b5b9aaea061b9dbd7d3f152c2503d2b6058

SHA512
edfeefa72722d304f109c7b3cde4b388be16a770e3a1d9522e0695bd532f08446f4d998cab1530fd320d74068c3bf5655de4ea1108e0e28e16604ddfe452aaa7

Download Submit