0e87412a07b99224887f7a578d1b820b4040168d4f21219b14ee1e39e1e71d38

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6423e40bfba5c6a52f566f74442dadd.html
Size

432B
MD5

b6423e40bfba5c6a52f566f74442dadd
SHA1

efa7f314e4ccd0e081cfec4b9fedae5e98e4391b
SHA256

0e87412a07b99224887f7a578d1b820b4040168d4f21219b14ee1e39e1e71d38
SHA512

2a0b907105ab30c7b716bb98fd19a9691434a2906cd37024ac8478b889d353cd2fde66971b687fc873719050394db9ef6e5835a60faf942a7eedd1cbb19b0384

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2984	msedge.exe
2984	msedge.exe
3228	identity_helper.exe
3228	identity_helper.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 1244	2984	msedge.exe	90
PID 2984 wrote to memory of 1244	2984	msedge.exe	90
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2756	2984	msedge.exe	91
PID 2984 wrote to memory of 2912	2984	msedge.exe	92
PID 2984 wrote to memory of 2912	2984	msedge.exe	92
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93
PID 2984 wrote to memory of 1072	2984	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b6423e40bfba5c6a52f566f74442dadd.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca4e846f8,0x7ffca4e84708,0x7ffca4e84718
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2744547446180869555,1609403940793612540,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
51d6352bcca79e7509be08b5ff6d3a6c

SHA1
94c8480425d20e59bc7533d779a137c9aa8c4e36

SHA256
c2d31a0f326ff16c69a37b2a58cd3690afad81d2c57eec600c7d9fcfb5b69abb

SHA512
ec471595f5ebd472a26b832a05ad2cd070e792ebfb1728a272c9429c1501a1ffd4ee80ecaf6c46f4470836554f668c775d53ba917d09aa359ca52d3ab62be4e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
1586b92c65971195d961eb29e22fe600

SHA1
e0d7c0744c6ceba045b39dcafb07762591ab9a8c

SHA256
1b2ae2097a77a53a743047d2256e9606028c9bfebb9da492eef95023f14c0432

SHA512
541bcb8a2bffd8a2cacefb8f88991ce2082b12f18ad1908d3fb1b829396ffb403b8a1035a1c9d33eeaed9cb4de15c5893b76b76def3f43a131a051567cc5e4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ladrecaidroo.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c579c1058c8e3fafe69a104724cf3b5f

SHA1
ebd5117508532926f70ff3bc21db6d28d98c4f3b

SHA256
92625aa54e3e27c1c21c270c3b0ed5fcba5ee8c56f5f829643f6c950c4243134

SHA512
7588a85b024f1254513a782700aac4f69891f41c294c9ccabf7de9efff2c8586244fafacce33e3ad845f1412d6ad5c25efa28e40b2f5cad72e5d48db739e9d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a96b32b917d187f23856535f0ec2aef

SHA1
ad5d6a310d378bdf62a9e735ded3c97354633a68

SHA256
05a90e998081cce81e5d358b0d06e03d99e307b043ded65e0f7b5b83f1a40b20

SHA512
3356b3d8d40c4cf2a5bc6eac3a7c0947ac40f6dbe0b3b100fef7e98e98fde4ac67296a9002efebf94e17b70706ea922eede9f1f4e03d1de7e648ca7cd690644d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
745eb157eaa8aa816604b1723323e772

SHA1
584c8e280cd5fd7110b1903d05656b6f03905eb3

SHA256
6cd2e14cc9b21d1b8e95f599a7aaa20dbb0ab259eab840f258781ad1d172c4ca

SHA512
2a27ad3e8e1159351600cc4f231a701304acb12c28624a26f7e6b5f26d03908bc07a43b34272e6ccbdc5fde4a41c23ac9b04012ec658af47141c823fa31e437d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b360a38e2849d41f176c5d77278035c5

SHA1
eb22ed2e2bda2f84753886e759500e3005fac82e

SHA256
892bbe5aadc4c5126edd7ab60c6eb84058a2e9145c090e2a600bbed582e4c399

SHA512
35729e14b7e28b8df48ac153de87eadde30ed18baccb1e122ce0cbf33e305f15c323a069d8defd6b8c212743159fcbef266de2c38ebe03290e8b7f30b46e1fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ecbf2283856217fa8592eabed78550c8

SHA1
23c73a4badcf94e14c694642fb1e242ffd2c0a28

SHA256
fdaf696328e4d916211faee38540f60c272cd7e46bbde2c8b0cc5eaddabf20b6

SHA512
c7c8979cf5ce54e9947ccdd5048db7eb7ed90dc1147f140b092ac1ff85be18ff8adde59bca49514f4be2c5e9908e85862ba9b21a2c16a995a93455df3adc6cf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f8f86afc507eb0aad3a18d1956ed3b76

SHA1
ec2f8fd006c1a182986d0bdc409c7427a939320f

SHA256
2d64a9d9b2bd4ac658d1a2a4ddbe48f4294a867931469370154fcb42f21f83bf

SHA512
7024086809217b72e3f99f7dbd43aad370e5e932901abb476f15f042c19c7f4c665dcfb10ade9a8d40ede65dc7fa347e853ba3eda92a64e15181c00568f9d7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
74456a389e4534c56fd9044b81cc40bf

SHA1
7d860c33360822bbdcf1c55a59273dbbeb120fd3

SHA256
c0ad7fd8f865c34d5ad4098b93d076b00a198287f8f5d7eb364c38f83f6a24bd

SHA512
a64930755c595b7244fe5876fead50b3e8413ca6d283bd93d6deb6682872f4c962b233730f45dc53d5e113351cae93a88d0299304f2ddabe680dea0223ce227f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fb1d84ed560f715a023206f201a9c645

SHA1
d50a3edd68d190a1253654d7b138d825e3717d89

SHA256
1a979a57cbd0c6a8e96e31e16044d475109f87a71a7fd8b4c2f1380e7c5a409e

SHA512
970299c793a13f363648937fb5ac68b28a24e9bbca9b1fb6e5fcd92f5cc3877e90f775294dfbd4b842f2ea175b2665ba73e5165cd12459844c2ba2d4a5f6c906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cc1a.TMP

Filesize
48B

MD5
7f8dee7b21b24f83db1ff1243d7ea5f6

SHA1
1b2b8a97e6e86b93d6672af3dee65e2241d1cd42

SHA256
d3f9a9b94d48ba91143cf5254b60d7a7bb98f8454f99138ff04660904e9a5d40

SHA512
cb8e515bfb26fe89dc443c8f06e436e76b64bf915e6b20ce51b872fb33a1bbd630777ac04d8a49662abf92cdbb4f4fe2d7cba53dbc7028035b26cb51c2663823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
435136f717841e27120d38ff24ac3d9d

SHA1
53c9f101fc8be9c72281ffb92d6fb6760241f72f

SHA256
7e78d23854b4e4fc23aa78b0cb6baba5fed3175ba76f28a244eafad5cf79cb4f

SHA512
9b8e07ab011a7ed120a7d6f6dba10a05d6345d6e53fc11805e9f1114f19a7c94478e435e85e7beea802e88c72f7b9d8bcc7c47505f0dfb2de4bc2c12d847bded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
282abc3635717d4aa77f55915c9b212b

SHA1
871e77c939396ff270de3aa34340ba0d867e8517

SHA256
ce0f56bed5286c373a4a859966ee58ada9392e8e7fdff992c555e59c4b69fb17

SHA512
ce3eb9a0c0cc4ab7c08b0e4cc3cebd5a4b1e7b627f62d0e984e239c0fe2407270c9fb4fb7e0b6ecd92deafd60c222b8ce247ac66649788156c477b4c3855b44a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d43390c7b0869ca6c955acb3ce11ab3

SHA1
a3d70001c58143cc33115a4a780d205e98c85536

SHA256
db45d634f6dc37649286100d370aaf6d7f70f79aa783517f3ca4e852c6d21cb1

SHA512
24adc2e104843dd6bdfb4f3cfb36b9f7b5e2901f2fdd4aa62d7ef3aa793503c54a5b8db1f4d298f316d1cfae9a6d511f89b79cd58a0fe3accf34af6bd104040b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa4b56efdbb6ab575e4f1c74954524ec

SHA1
9d4e36797cf6aa39c9bb3abc31976dbfcc8b1cf8

SHA256
86c4dd8fd384287f5e6f1b6f5834e490fc07ab4740f2b864ecee2a69269d8029

SHA512
0f1d0a7f64fcb066e0b3e8301eba21d7d40636e95c5272dea6bfef77da2d024047a9a3c92b07da84025add5c509bbd23aaee1c249945c7090940d431560ac134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb8d.TMP

Filesize
1KB

MD5
8afff4fd6e0bbc0243018273f4305e57

SHA1
641f18a5a808de0bfd42ee755afbe7cae834bd6e

SHA256
19ff7bbeb751ab19a96964c1a0c6d71db171f595a1a3121a85996e51646e9a84

SHA512
8dc92d53cb4bc6af941bd7835410c4bbe9c9f09ddbca2e3e0cca21ea9cffbc81dc1049ad941a5d874d3ba8460111fb0736036a2dec200278261dabf18a7a1fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ed0bf8e4-24b4-43e7-aa1d-da81b71925d8.tmp

Filesize
1KB

MD5
44b0630f1c247c492a1ad9140b966e16

SHA1
fcdb8d43c5e37e7cc59699311ec7bcb13ffd14c6

SHA256
f4999de5291a4518b06cb7e307c401ac2a162f3bb40a2ec0c0a183d539acc53d

SHA512
df4d43816ad58bf2ed98f126bace875a2601fffc6f9ca3dfa9c1e03f655d2260d2faca397caf9dbfe47442bf01daeef02d351cf626ac734ad6387d8892c3c852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ae7832a14874860dbee87f5fb0d1aa12

SHA1
b35a4aee4b84556a21635cce7515ce5062d07237

SHA256
151f7ed6ec13f86fce7a2c0cd23b82e1759bf28920920fb7c3a6c22f0914ef65

SHA512
9f7ff0892433b3646a961540d192be81c1ac884c347a54d64fadd248d2727e47553759280c292ff2f34f61902061231e2c7ad5cbfcb3c37bcca5ef5aab1d0d9c

Download Submit