5ae08a9218f3e95d2949ebbce54dce12ffa3b6fb92f95191e800f714201736d9

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b973ffb6a075a84d1773da64074df0a8.html
Size

97KB
MD5

b973ffb6a075a84d1773da64074df0a8
SHA1

b49bf4f41b4f57c97d1f01e8a9b0388b602f3b58
SHA256

5ae08a9218f3e95d2949ebbce54dce12ffa3b6fb92f95191e800f714201736d9
SHA512

4401ffccb3a6f064291ef82afb546f1312bb544d9a4e28872a830ab168837802a482548b70b61eb9a3c70de218c047edcb7e224c4a139b3a6ee6670a525d4b6d
SSDEEP

1536:EY08b8VSeO32Y65T7qQJAwYCaS6cgRrYLvJX:9eO32Y6hqeYX+LvJX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2312	msedge.exe
2312	msedge.exe
3760	identity_helper.exe
3760	identity_helper.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 3008	2312	msedge.exe	85
PID 2312 wrote to memory of 3008	2312	msedge.exe	85
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 384	2312	msedge.exe	86
PID 2312 wrote to memory of 2220	2312	msedge.exe	87
PID 2312 wrote to memory of 2220	2312	msedge.exe	87
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88
PID 2312 wrote to memory of 3796	2312	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b973ffb6a075a84d1773da64074df0a8.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc96ae46f8,0x7ffc96ae4708,0x7ffc96ae4718
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,503813325755302250,1517396087215708329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\85c00bcf-5051-48c8-b664-e91f87c80485.tmp

Filesize
848B

MD5
c0565e552568ffd6903c59995052bbbe

SHA1
673a857fb92e2632ebc921ada212e78c136a3882

SHA256
87a210edaa4b8e95e478ef2ac76be89925c0acf748d160d0753b365f723054b8

SHA512
28e157bfd59b5efb2962a81f92a446e6aa8702a3d3b8847ec19d6ea98f293661278cdf5e230ce61c340e3e7bed9af81cc7800807472cd49440e132e94cddfa95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
21KB

MD5
ab9158bd77cfb3310b79f13bdb8b4335

SHA1
a929ce2e0439cd283d8317790f5e00c1c93eea8e

SHA256
e321804d2a4f9293089cbbcd0ae9287daf5f0406acb67eed25f84ba82dd463f5

SHA512
02ad736bf6e531e31b8bc2b886794dda002175313f7ad9f4a5edede8ec8bffccc9600ef1f5b70c8280aedb9a1cae0dab9cba7c7a55d190a7662b92dcaa68398f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
54KB

MD5
b767a6d9687f675ff12741efbf6215d0

SHA1
0c3207eed6df6b2dba7b70f01de68b950d2417bc

SHA256
c951af82550a5ced4e81464adb206ee2fa6ed7bdf96e5ebf3e263c6573542dbd

SHA512
c71c6d1cfe03fa91f1f503f7920d5d958e04f6460b9e8318e0a0025dad30174e327278c68eb2cea8fb019d07dae0b0d861307d4751fa05b310dc4524abd7641b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
8f6baf1de84433b7e556dbacef408462

SHA1
1cc106a401120cf3730bf9d3fbd8700401d4d9ef

SHA256
6fc89dd89a741c7fa584b29727b127fc7163b23bb37229afd831cfcfa37f875e

SHA512
420bd57202a95996a4619edc99416085ed35ec9902b10970d587c0309813efeed03c99ff563726008b88c42ca9a813cdd136691d78a896ddb53dae6f02479106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d088c6bd77697eddcff650eafd33abce

SHA1
ba04d5220b1cfe4c1db1420e6b415fe3c1f712d5

SHA256
163f3a843b858be18d6557705586c57bd98569c813d13ce3f9fdebeec02593e9

SHA512
dce79a411b153b2d7a7d1845aedb5372d28263ec897abdcd41c7b232dc229384f8dfe037b0c1471b38b59f2f2723f0cf47cba0d7135e24c29c9c13b1b8d34033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ddce5ebc84d38eda11869d665689f8a2

SHA1
29797d2a48087b4767c666390721f44df24d70e9

SHA256
6aba394e51362434a28133579487375e1d5a1e2ba25c55302eaec615fab4d662

SHA512
b076ce569214944283d60fa06a947685ec0a651456a4daf0470398cc86f476fec9d640f67e307953f7ee286615a1bfeae98da9330fdd91652bf3961dc3abea79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
52bbd97cd462c97af84aba81d1f987a6

SHA1
4bc39e1eccf6f3afff00fa76b155454a523f0989

SHA256
f4fe3e13f90674d73cc43ac2835cdef58d035548830a4b24b63785091142812c

SHA512
a18fb36ad76e39d8dd38cd5db5cbab488794fefe385a173cf1ef843d660272ac57660966f4c727f2203a58bf2a36a2ad635c985fa2b8f404c3ed246bb3af5324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
4af0bc4205aa9ff49bae2e5bedccd541

SHA1
c5c1d8856be286a04ac7d1f4c4901c4df20ab998

SHA256
92118ba98757911ceb6398027c6764e664cafe737a84b6400c44bdb47931de70

SHA512
ec6c3239200b1ec7f50fab3475c4ccd112bd4855b198ff9f9a00fd57e70704dd2c8385ee6526cf62b950c99032450683d731b772cff0473e3d47085a6290cec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
817B

MD5
a41e41e6ce38deb63bf05be4b05c3650

SHA1
1f7891947d263c96db56346b80ea543b246839c8

SHA256
e541c5dbb58c2e548002ad2fa1e5eef50895c152d2cde329ad8f5682fedb0d1d

SHA512
41a6acf1290abdbeec9d6900bd22daf321e9ddbbbd213faf3f9c234c05254418abbb09ae6c6425ae670e4c172b855c94ef9ecbba69379bcb4f27cf090630cc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9060e2c3f5bb458b2b4f91bd291545b3

SHA1
93915741256610bfa083785f426a8c5ca46303f3

SHA256
663cdbf45ec05b646d6fc4cf938ebc168076c15130a147a1ee2b136e9a00017b

SHA512
ac9bac689242ccecd531d4a9ca86078fc40fc430fc118de33cd016f2851e7038b06b4e5f7f5c2899d63491508fec4f06b2ebf7311427a6c0b0ccf93ed21618ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ebda162d7c713d26a40f2fd8f633d2f0

SHA1
9a2383af0ee852225e7c09e7a4f69ce28990cef4

SHA256
ae7b849760ab098c15508fe72746ede47d21413e0362c2898094f099c9e612ce

SHA512
b97f53616b30b8ffd7f6ad547b2f078cf1a05ecf41d9af1c23ad2cd40d626789e388f5dd56e833abbe22f7ddc0ff25d40047de890014f279883a4c97d2dc2d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3186366e398f8a58f04812c336f70129

SHA1
2cf378ef6491bc04c20411e32fdd33ed06096f5d

SHA256
ef14fdb52211d2c4ca21b4ae81abb05a4a3d6c401fd61bb75272d89fb0856588

SHA512
f0adf56d3415f971c262838bd6432d3fc1e2d982ce8cac76cf6576c35b4459982aada8701b77d61adc9eb0c7da352d16e00fea839bc6f4c39d6552ca10fe82d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c3e1451320071924e0afa6273fb463d3

SHA1
95fb54f4223cca8f759b113b76f45c2427227d7e

SHA256
415111a8553d996dfdde37d9fcba4b9924477a8857e26005952cfbb3176d34d1

SHA512
388920ab4311ff384809fdc09f7bbb4a42b85a82729ca800fa793af1b26affb06858cf71f08b3c5b3e5407d2abcfef72adfb9654b59bc254d6c3ce22086289ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
25ba059649912437b10946876da01aca

SHA1
4c53be1e901d6c65d94949fdfd199f5a51d6621b

SHA256
e35e4d48c51bcbc3c26601fa3bc5e7dfd5926a5438f97294b9b57d6d01b09807

SHA512
f5dddb31711b85c260e54a52360bdc784e79d41bddd2e80f3504d03162e70b13ec23a37f4ba79610dac712074fe58cdc65574d7023a43fb1b8aa61714169b5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8673d49f413dd80557eec79c1b92d867

SHA1
dd6c724030451d09dce37a3db2f684cef75226e7

SHA256
740a5b0d323ad0a6a86ce6f93f31e349d3c6613769e31d49e5de8ae6e9541c7e

SHA512
f7bb7210d90cf6291ddeeb36a1a1cd4f0c945b90cf3f4c569107b3d5d35b33cd228f5c64820edcc425a6e59f0a82873474da369c193bdfe838b01997f2465b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
260f2b39b32071a4e1a9a24d34cb0a1f

SHA1
62ff59187a29e6902cfd43db5d7641d8793e3b58

SHA256
3dd4f02eb92a562d0a9d69774852564e0001658cba74a182501d1dfaac5ff7d2

SHA512
31c5affc5cb0d8a82ceb41ee1919d5be5914ad5435ee9ff1693ec4bea55e0e1a508aeede04cc5ccc954b70198531f6667aaa1b851214dfae3865505eabf4577e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3764ee80f54f839fa809c427f6079cc8

SHA1
21ea6e6ecca36b012fb6bd1c3f983bcaf7a00080

SHA256
1efe6e83a1d2f404bcbaf7772c670f526e36b5c50a83a4b49731c2fff7d41664

SHA512
ee0b5e434c59c65840b364b00545ff9b229fa3fdd3d22ab2025ff22484fb447dd4a50f1f628bed852449913364a7477f15663b7d0316ff1fa6037d97b1c68973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
7dca57e06db5579e6853589038eae8ef

SHA1
59f29756919f9b11dbc6381a82381dc6225b9c3d

SHA256
1bbb39c98adabd32f090ffdde80303c03808d792fbaa38de92310c9603722f09

SHA512
71b80c4c2ef7b998943a8eca8dd6f890694ab4ed80d59efa6cec825b925194f5df7b5da92d33ec43719f99ac31630bc642a67dee7f6bb3ea5ca680f4142e717d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
5e193f65d9ee8ba80fe413518ac177f8

SHA1
7d1fecab414000a7c22f112099d56b58cad656a9

SHA256
e6f8e737f882e5c97712be1c2594f2f61e354eef1f70451e8fe8318ecd1eb828

SHA512
d15b7012bbc2f85b58aaa30b92750e60ffe99ebe47cc157176a6e563a847f456d9001cdeed47fe1e02bd2f45705ff813cc275db58cea98db659ea2d064c3f379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe36.TMP

Filesize
201B

MD5
585c45772891cd3c8ded8bf668ebfe4a

SHA1
c121d0a887c50aacfdb94654468ad8ff55d6ea73

SHA256
59dcd4052097ba7a14ef61549641bf483fe9281409ebe8e246f52e4d7a5ad244

SHA512
2c4f5e9dc6a55909ea1eee8b56d173ed96df602c5d50ebc4ce9d019055fa2e39648a8cf5deff571773d4935ef9743894964cb68c63b1ac71c6da65b45cdd1801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
445c4ab00474c1429e3e4c9910b9ffc7

SHA1
e102c0e35cea1e393a7de086678188dc0e0c6293

SHA256
270e8d45f3ced5eec5a34a83a505ccec5137d9120cd45ee4002c3d5ab4112a7a

SHA512
f4f5c380fe230fd6d06507edc70f036ae6057b1d2f864210615ad95a373fc75a819db7ca81b6a2a2db7d7ad5b3face0e90bc7eac1e79cbbe7ee36d3ad0516ee9

Download Submit