090d5654f666759a43327b2ae384711f85f33e72c3df8e66cc673f33a11d551b

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-03-2024 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6a5bafb355f2ed01af30c32f7e55f99.html
Size

432B
MD5

b6a5bafb355f2ed01af30c32f7e55f99
SHA1

ea7c9d79d855ec86ca949c72e05a79f01928b036
SHA256

090d5654f666759a43327b2ae384711f85f33e72c3df8e66cc673f33a11d551b
SHA512

228a7ffd416c8beff2ce2d17c329526f816a0cd7a138d1688c7dc80ebe764048ccbb713f2e66157582bb39942d806b1899fc49615f4e977aa55c74340f9897ea

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
1404	msedge.exe
1404	msedge.exe
3524	identity_helper.exe
3524	identity_helper.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 4856	1404	msedge.exe	88
PID 1404 wrote to memory of 4856	1404	msedge.exe	88
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 3768	1404	msedge.exe	89
PID 1404 wrote to memory of 4648	1404	msedge.exe	90
PID 1404 wrote to memory of 4648	1404	msedge.exe	90
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91
PID 1404 wrote to memory of 5012	1404	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b6a5bafb355f2ed01af30c32f7e55f99.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefe5746f8,0x7ffefe574708,0x7ffefe574718
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,467578408117577313,13315148593514673142,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
5f81b75676d059ed4ca27e1533891fb5

SHA1
22b06483944a695702ae4692c546f485ffb35edc

SHA256
98308d373814e4ce259729343e103d02aedafb86bdfe791a590288d19ee59d9d

SHA512
b5f274d92b84bf8d071cede6e6ad771bcf50c715ed9f41201167634193d415b3988a1dcb6ba5ae6a9d5074cf9dd2f079371460e0668ccd3848fc52b9697f23eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
761f610824cee407b836b5303291ffbe

SHA1
5bf640d7371e941a4dcb3c3e3628c0d84c0465f3

SHA256
70ec99a77cd1b8d15630fd7b742b8294f30c8beda0b001bb47cca308dc4e0c1f

SHA512
9fcd1abc36d8c5829f116eaf05f02c1357b9521430a1a761ab33df165ebd08f90e0d30c2b95260a8db69eaac43d132049f2fa9b472a4704c169c5ed787b9043d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
49a7567fbfe7f3bffb6b88755061ea98

SHA1
7df9e91d3d837df6616e87191e65e6704a83d90e

SHA256
53dee1468b76cde2dd70b80a1fb38f57800d38778eccd2a4c1b60e84008f8a6c

SHA512
b4fd66bffc24365e5d86d92b157e4d9866b1877005f40e6a200ae4c33721b02166b157552c25e59de20b531c1ff891029e78f5ffbb4cef5b1207eff98cf8aa86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d077154b2f1ac6911d3a0d82e8f2105c

SHA1
30fe5b899c6fcb9e8e6da10eadde30b99de05ebf

SHA256
7319870babd4a378c5c3e89e7f9bddc29f198b529c42c42dd32c955377a3e77a

SHA512
dd4c8084f215fa41115d67e84782aba174dd0967672ec6e10cb360b0024588f74773e42d3104349c86cc0647afe38957167d6db3cf9e0ef08c7137b1f32c7ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b5afacf897ead3f92ba0b687dca687f8

SHA1
bde762d05b04c32b614753d6242bc0c669338502

SHA256
cb0c262924800c7d0fe681c13175f082f65328315d4823714e118bcbcfac1834

SHA512
1f0d9c68fad28fb1f690d78485a91f0578856b3b0151957ead60c7de457f65e8c07bd6458c3a5007420bee2e6aa00b70cd418694ed507ca0fdcc4b78e1614752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f0c4f4b1c221b0b5ae138deecd5de4cb

SHA1
0642487e1dd1867b90c6327efb2c3d7f6370698c

SHA256
b894377377abdf64c52ac8cf326beab7e5266db83d6b727e01bd59f894e655fd

SHA512
d1eb5d8d0cc481b94b395d8e56f97874f899d770821d2be8ae4607418b51eb9788379030f1d9c825d405f88064c39a4af044a427d99ee495c803b1a9906c7651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bbbe.TMP

Filesize
72B

MD5
ab0da46a099226bb0049551bccc81ec3

SHA1
0fc5680bad3ab9b5eeee5bb0c7dfb1fd0a5cc93a

SHA256
26a37d04db55c1b3e3b77fa8349bf8b2e426976eb6e041f09ed2dcb21935d40b

SHA512
470677249d5038d89f3d84e5b9d1fd071f57feaaaee1966ddbc31ced235bec59f5a5fc4e4b05062cab1f0b06de83e01f75a59e593e2d2339af03e642ce3d5fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
cbdeaede6ba261c4a9771defca1cce8a

SHA1
fc0548660b9d7b6fab2e03bed5daaf7e6f7d93f4

SHA256
bba94da5cacc1a701fc909917b92e3ce13d896dbb89e00d757f722e7bcf8bc4d

SHA512
5b080813ef05f867dfa794ef1d33c65c40c850864604e3e0f83a28ad54b79e6c348f50897a8ab8cfabd9d6e11f9f3fc716c375f9fdc6df349c18eb61ef5a432b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bd64.TMP

Filesize
704B

MD5
394cee5f71e01928d95da0859bd6fe2b

SHA1
13e2404b87df71398e113f3879158b0e6acf60e9

SHA256
09c881135057f0880ecfa4a0c7d17649a3b4b74dee6778c0da45b9c9b042416c

SHA512
f2b0d6b9e54bb576a984621acd3a00d1663734c41eec1eada5a1d5845155848f84f3a304426696ccbe750ab8fa49752cf1079c91c205ad8c94ce40de2378e939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4e4ad3f450bb6187129c7bf4b0b15aac

SHA1
01151b81be91dc7bb236149c5eb711e95851fb10

SHA256
77223ae3e4437e598b5fc498a001594d386a7801d65a1cd5eaf5db13d749da13

SHA512
22345059e5c47400090ba2933ae369e288259cfb2acbdfcbe515fc9dcaa6d285f104c60130dbd86fc4d2a645c23dc5bb860a834bac8a3ac9bd29705803d75d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fbfd531826c2c18c60f0c8b5f0afe0a7

SHA1
5701d356455626839f1cdc2dc5ee8c99157575a9

SHA256
ab88e570630e18d4a8138624786d89f23de06c131272e309f1cf0c31d30436b2

SHA512
acf04a1d7de3c005776364d1747c2b91c3d2c47cf92a16947ae455c31a0d026d849a25cdf3e3555a44ef61c4da6f471e7f6f50fdae6ea471b2e11c226bd80f79

Download Submit