cea086f3a428c6db82a34aec42b6f86f83991070ce217fd4a045f1d0d3609711

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3650d0d681839b2f6a4426747543ef6.html
Size

432B
MD5

a3650d0d681839b2f6a4426747543ef6
SHA1

6ec398fdbe3a699e48c55270331e60eea47ed133
SHA256

cea086f3a428c6db82a34aec42b6f86f83991070ce217fd4a045f1d0d3609711
SHA512

d2f3028259afea94afa3c06300ef2fd03ff80716a566d48bfc9ee2cd1a021f2ea8d4736c1bacbed91faf300bf9f961692bcb4e267a44b25d961817b34c993ee0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1000	msedge.exe
1000	msedge.exe
1820	msedge.exe
1820	msedge.exe
4960	identity_helper.exe
4960	identity_helper.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2584	1820	msedge.exe	89
PID 1820 wrote to memory of 2584	1820	msedge.exe	89
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1956	1820	msedge.exe	90
PID 1820 wrote to memory of 1000	1820	msedge.exe	91
PID 1820 wrote to memory of 1000	1820	msedge.exe	91
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94
PID 1820 wrote to memory of 3972	1820	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3650d0d681839b2f6a4426747543ef6.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff864e646f8,0x7ff864e64708,0x7ff864e64718
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,13201701924249742769,8851026971294109430,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e189354a800c436e6cec7c07e6c0feea

SHA1
5c84fbda33c9276736ff3cb01d30ff34b032f781

SHA256
826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427

SHA512
ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9e3e150cfe464e9ebf0a6db1aa5e7a2

SHA1
3cb184e2781c07ac000661bf82e3857a83601813

SHA256
2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc

SHA512
f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
28c2cf3e7d5f91edd1bf8186dda51136

SHA1
6e92d52201f6d45f1d8e51475cdfd39e2c58715d

SHA256
1f663014d67ac67d8a20b9976c4745b8a60d878df6db424a260f8c4a6e1dd09b

SHA512
e8c354047895790f6c31b0946a059b6b704307c81db47f02b0d1b91307cdaef9422c472a1752b46ab11850979abe9ebd0548219cd6b0a949b8f087b745c39248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
457e5002f124cfc314f2e1eb29655458

SHA1
0526e823d391e476a2321a0a9886a399ef2d54f7

SHA256
c0d8efea93829f55fd06ec44ae16c6ca24bec21ccb9a0836a80500f6c1552820

SHA512
6f990ba8c54a6395da8551aa597e00695cd6ce61db0101c79efd714ae7f552497dd9007680b26608634e227936e7dd9fc5c759f2c6737f73690162bce7edca48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1e8c90da7c64a1e843ebb739c2e52a78

SHA1
7600d3fe7351c208887f40cecaeea49a94b90e84

SHA256
74aaa11bd9ba02a826d600d696abb1f832f593245639eb28061ae030f0e6c832

SHA512
2f8e30755ed21383db95092a6bab4e96962260855e5018034ab839c2148ea195109405cb77bd3bbfd7db3cfa4c2af08ab649d819b26e009eec4cfba233030cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b06996be33477c988d5be694ea388086

SHA1
84e8ad0e9e17ab8ff16c41c898173ee028d43568

SHA256
0911292a1542009ef848ea7bdedb0319412aedc38dab2b2e129b43f4dbcaf7ef

SHA512
e9647bbd78d7538ed526f7436c9876a328ec4a146a8bd0f9911906503c2cce498dbaf27f7bf6a58569701302508cd0161fefbcc50b5d71ab125291f503c25803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57924d.TMP

Filesize
48B

MD5
ba0d0586dfcec80e8523c4279b756869

SHA1
a501c65eb1d6285758fc60aa748bcaf40b65b25a

SHA256
4f181cfb0164f13c894cad6c070539d9bbd26fa1dd02ae54da1c92799b6fdc74

SHA512
e454b0e3d5444d715c4b95f052bc6976b0456fecd870384f79c5f3f200f33739a81b545411913e2bc64c6aa502f77777f8d47606e7b4d229ecadde8013d9f286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\af12cc83-5e2f-4302-83d2-e554dd91cd69.tmp

Filesize
6KB

MD5
c0fb49ef5e8044a164bf9329dfb0d779

SHA1
443dca0900554686c0e39ab95efca5f617b96bb2

SHA256
bcc4c59564f6810cfeb231385b7a07519081d17e183b48fb5aa5d905ac0bf28f

SHA512
19f9cc2e4e72e8aa8d4516b810dc600d157a598a807fb0932cb43852da7aaeeb7186827c929a5a56d79d987c02650f2f2a1208e798645ce3fe56d9d90d080300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
839a28f850f0356d805c4aa23db28bf7

SHA1
7a08cf0181a533c38fdf35e8a5cc9de77461e470

SHA256
d6818986e224d0b6ce8921f3aa228cd212a2f5d0968053be1cb6480af763629c

SHA512
6706bab7b29ec33f22595b33c2521e744444fe0adb3589da0777efbba12963f8e6729f8bf42c57bc45528d26563a158ff239976f9521dafb53dc4553936d23d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
39acf039bbfa17137f5cdd898138b027

SHA1
1d82cae4dbaf2881896f7a78dd33701ce982fe55

SHA256
edab92118c6249f7f10cfbaaee623003e3ce0cf54bc664245503788498361aaa

SHA512
6422a8438af38dbc1fc94c49567504d1479164c2da59d93635f6c160815fef92f1d3ff166140a21fd2b39f378c7869970af02e8f951892e87142c00016579a9d

Download Submit