b5efc9899f7c0456c24d512634fd439727419e500226f07a80bb3561a7b1f16a

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25-02-2024 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a340aba154ebd8594db789b5558b2f04.html
Size

430B
MD5

a340aba154ebd8594db789b5558b2f04
SHA1

0454c2488fbe4d1e55f96e617719ee51e76f6ed7
SHA256

b5efc9899f7c0456c24d512634fd439727419e500226f07a80bb3561a7b1f16a
SHA512

12d6078e010850390ccc2eb25b8a3cee0850fc917a8fd5fafe48bd5f4ac6fa277231bab75df9dbef1026cff5c741da20e62629c94ec9a2380024754bc1be0962

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
1132	msedge.exe
1132	msedge.exe
4180	identity_helper.exe
4180	identity_helper.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 2488	1132	msedge.exe	83
PID 1132 wrote to memory of 2488	1132	msedge.exe	83
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4512	1132	msedge.exe	86
PID 1132 wrote to memory of 4652	1132	msedge.exe	87
PID 1132 wrote to memory of 4652	1132	msedge.exe	87
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88
PID 1132 wrote to memory of 3780	1132	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a340aba154ebd8594db789b5558b2f04.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdff8846f8,0x7ffdff884708,0x7ffdff884718
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12599992360301563161,5481818962242776700,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1264 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
360dd5debf8bf7b89c4d88d29e38446c

SHA1
65afff8c78aeb12c577a523cb77cd58d401b0f82

SHA256
3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef

SHA512
0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fbbaffc5a50295d007ab405b0885ab5

SHA1
518e87df81db1dded184c3e4e3f129cca15baba1

SHA256
b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6

SHA512
011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
3d39be9c016fcdf26f3a9523eb0d8577

SHA1
6156b4c7596dc02a19806c744aec383152f6541c

SHA256
2bc9d2cc75242dea3bf5f0d8e20d1ff6dbc730fd3720a666542d97c38ba6aac9

SHA512
f189d0b3b92c0bcbff7f8f0d9e6099ab9927cf6e78775da801b71c2ad500dd68fbf81b5e57475ebc5e3d6cb45f6e3cd68dc7d6359386329b3f0f79d741d76a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fd8386a72c8f056b3c34c9b431f2160a

SHA1
0a238ae6377165741cb0adb47c06adb0ec64ce8f

SHA256
aad4a3835ba2840a429a67e52cb622cc3c115549f0f3fe097761844f88ef1dd6

SHA512
0d825f4578363dfa4f8a1da76c54eceea322abb15a5689ec74ea77afb8f34eb0b9a2435f09146d60bd6941913b21f09033f93078fc0236c901986d0e010262c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
789a8fd91beca400672ed3a3e1980cfd

SHA1
996e553feef720bf286e98cc045649fac3b382ab

SHA256
2a3c6a00e0c09a0f2f82f9e4df5860c8e09f10f8abfa1b8dd990e45bd7a1fd00

SHA512
7bc26ad5889e238683e6bfdc17fda93fa53adedcf78b8d5ee274893975cfd94de0cfe995ce779e3e1dbf42592b10bd9ec1b4933972b63bd15299421bfcb7ad00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
54a6db9020829585b08ab03e5b9ae139

SHA1
3f3eada44d4583a3b1a61f8a6486808173b09729

SHA256
65c9a2be8a6acd0170819104a477b07f3ac051a6e3e6cf3a5a91dbe50a91bac8

SHA512
bb7268fb658b90d21a1c946a66bb3d286eac5db97b8fb8aae42d9722509d0b01c134194b9be588ceb1353309c892461295dbbf93f8b5c25edd1e5afb61eca4b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e6ee6235e13441896422107eac68bc39

SHA1
5290a3333dc7bc3a09e3320217940d255a886ce8

SHA256
a9293a06bc9ab99567826411ada0433472c4facfb23c33ec25f9fd7a03e4c66d

SHA512
4f410b63a4a069bf7a2068f7b96a1d5426419f6e20b5f1222e75b5d33585b92d3578c9b041b4fac03f477d8e714bf9ad2f8b62555f7f02a382d39e90cb03c911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
73d96793f85db2be43be85ff55180bd3

SHA1
bdb87efea36c74c1f6060c3c51e1f572537d3dd6

SHA256
657a4c4f53630eab294c08b4b54afa6de72ac0e5a91eea66f83ce7f3d2df92a6

SHA512
f7f674a3c87fe7e9830fee63c55d3e6b13d71b41841a949b091cd195bc712bfbc7992a852af001e83e4a83c93d7659e1797d921988aeb796dd6fbecd3a77af3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58363e.TMP

Filesize
48B

MD5
f25b47856afdca5e4e6f4fb9a74ba30b

SHA1
dddb7cb2a7b2a748fbbe764509f3a7a5eb160a0f

SHA256
5689f4ee2d22d348ee342d0ac7a3d40948ddea2a17034c52ab7f936bca61cecc

SHA512
0bc45324aafd76efdd7563f5ac2667da9c192d2042a6d2f99d1466837642fb89a26247ff943782a35a06b9eef5f2cf66f1f864df96a44a5a97856c5b058f3dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
39f76a2b9dac66ce20fbbd1822a45fe7

SHA1
bdd3ad46753e525a4ab5a8ee8028074af03171b6

SHA256
bd5f238f9325a194834b550d6435d92f45f7fc18b7e09812ecf32e7dd573b22c

SHA512
3837dcd2fd555b9a13758ca9b39862e20a08f3ae5e46cd17dee89903862ebbf7a155634d49018427c05b5f7affb16861ec864d88f4bdcfb2fbd2abb61e8e403c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58367c.TMP

Filesize
1KB

MD5
f9a4ab34df64a20132dede790df1ff7e

SHA1
3f35a8bee93c896e32804b10c100700955a7c983

SHA256
d78caf258d46aedd93f2a9c0c4826a290fc0c152fd2061e2067521ab7e35d8df

SHA512
c095a1678a5878072f7d1e71aba36996081a10cdc295dacfe436eb5d6e964a1f392be4a9841ab6e25832e771a659494a1d7575ff1ad4dbe94673d923cb7851aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
490e27880e648031b4ccc3ceeac05ed5

SHA1
d628960228fbb58d681abc84de4874cabbc44893

SHA256
30c91e8154d89695497d9a6d59882a1be0dcb493b967140582467b81dffe695b

SHA512
6481da5c05969b602fc3546cd63c8b508b7e1d9687151e24c5f7b8892ffa0c0befd6d83f7c2d0d1cd193fe3c085689e01970fb2a5b7dcf9409c137cc6b1e0a22

Download Submit