6c21db10ab5a7a22c952eeb26f5e3f4289970c3b181b412649dfbfe083455202

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 12:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bea5dc0f3d27da66d4fadda62cc7a99e.html
Size

161KB
MD5

bea5dc0f3d27da66d4fadda62cc7a99e
SHA1

545eb076d97f19ad10f04a735434e5e49861ff01
SHA256

6c21db10ab5a7a22c952eeb26f5e3f4289970c3b181b412649dfbfe083455202
SHA512

c069937769d57d8b3088484cfd47b0108aa6ea45fd00ebc760f84ec6c7038ade84fb52e9c50935ae956d870f1c1debabafdbaa553b5c29f06f8140b6e7c39a87
SSDEEP

3072:RZY2sYJ6rHfgaToXdYKlGZyD9gu7/O/fI/dV4/BtM6E7N9llO:RmoaTo4bu7/O3/BtN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
3804	msedge.exe
3804	msedge.exe
2268	identity_helper.exe
2268	identity_helper.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3804 wrote to memory of 608	3804	msedge.exe	91
PID 3804 wrote to memory of 608	3804	msedge.exe	91
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 4464	3804	msedge.exe	92
PID 3804 wrote to memory of 1396	3804	msedge.exe	93
PID 3804 wrote to memory of 1396	3804	msedge.exe	93
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94
PID 3804 wrote to memory of 4508	3804	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bea5dc0f3d27da66d4fadda62cc7a99e.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc52f46f8,0x7ffdc52f4708,0x7ffdc52f4718
  2⤵
  PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13575386009854802115,2890287663117404569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
74KB

MD5
1c7e1982bd31c4ac1f58bcd3bdde7267

SHA1
d672d5a215d6f3cd05138e121dc3a2aad8a584b0

SHA256
f7c3dc7f8feec3cc31ed8f65dcd3ebde31629c69e62c26ee44cb0dfc55c3de83

SHA512
33caa8d1f077129fc36e4da0f50aa8fb29b204dbc7e8439781f8e28a953da49a63a1057a83aeb1b33012aaeaf205ae62c34d1391b8885d375c486aa15ec4000e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
22KB

MD5
6f52f16e0c8869759029f92150fac68f

SHA1
d7171b0111ecbc51953fb6a6a0fcb639c9aacdb2

SHA256
0ba65009d2629977348e7cc30414a518b21b8fe7f50351fcead70764219b9bb2

SHA512
ebcfdfbd773d2e7a0930684c7699f4e557995473c50ed7875cddaf1ff03fd889684400c6f17558b6f801ab5c66da0dccc312cdccb1b2fe8e8784e8c0987cfe11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
263KB

MD5
9fef896dec3b4a2d7f55729f0a96a4df

SHA1
336bc18374356aacaa55afc7a37d0f3e03e7798b

SHA256
e7cca9304d9bd661a6858ff9cb88d180e85e9ed2fdbbddb1f1492457f53f376f

SHA512
ede9e679f8f4cb70846752fdf35a854ccb50fdf568eb6160a9d7f4db9c0cd448f368cb199958cf57f96520853aa84eb9b511acb00fcf43e0d790cca4f3ada86c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
16KB

MD5
5ee55e2d9451c0fe5eed40eccda7890f

SHA1
85eda8de1a5407cb375a30ca0553331dded4cb3a

SHA256
988b4554725c9d2a77d88b00af69fb20906476c0dcd8c9f267398ca7b4a8d8ea

SHA512
f234c48b393e9b88b678276dfc2da00f41b96c218b1e09701cdcc054c01c40597fd0b2e38af1571409e27600fa6e8490d5423395e7e9a9327034bdcb5dcb47f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
35KB

MD5
29b661fc1e9cf7368c9cf3e167cec1ac

SHA1
d655284f99581cc6a238f20425c33f83c18d5d49

SHA256
4b6275c7977f0cd7698d38c7726149bbb2a9902d33e7dd48a192a889c19f5ab6

SHA512
876d15b2c677a243b072b8e027d46fb66694dde10d8ef56d4ddfeeb56e352fb12aedbcdb57a5ddd13cd4795f1769a8775f083a73ced2b151acd9bba4ee3bbe30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
559KB

MD5
5a84d645f1827666df1206e03ee3ad5e

SHA1
d05d7b62e87bfd22b06e9b23eb01e4bce234424d

SHA256
91703ce557ee04ee3a8c4efc81f8cf6fd2cd31af731d5e774acaf159a9320814

SHA512
138d00613fc1f8e9d6ad7a0846d85242710fa70216b3ad2e6bfd6e62ecf74e2f59fead5d88dc89e98d1e04541d44d20a67e5dd727637b732a9a3a019b1112f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
351KB

MD5
0af426e99113d71c1b3504dfc781e478

SHA1
d647db9d4456f975b8cce63aa1799b7335272ec6

SHA256
c0cc3a3eb2b3321c75207e168163d9c488f1014c07f41926c360c5073d08ad0f

SHA512
142d4ccd18955f18efb6b327634ef47bbb179c8981ec9cdd27b6470944dd202bb3abe58af8ccfe1090be26a6931c30b798c7bcfac7412999d40ad0217eae23d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
31KB

MD5
548260b20981c0be2d9dcf8d01c08c24

SHA1
84230120f8f1bd559eca3fb2fec6acf6cffbf4e7

SHA256
2f8a612a714e5c928525fdb193f8ec12f7965a6c0d63dd8e58ccae239358c8bb

SHA512
9308e58083e5a6989b7646de95d251c5431952dcd55e613e9c7100d817e847da0f4835bfbd0df325d9ceeb4fb9680d3e89311997b801b16bf8426893a2a34c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
16KB

MD5
9e6d1dc6a267563e3b6cb4edc7947574

SHA1
69dc6b47cca7917ac9131cc98229a990ef677dda

SHA256
e5ebbc697fa824a977d4daa49eef7b67e61a549b9b7266d0fdbdf950e1c1bde7

SHA512
c67d34dde0aec9eb86da47c6d0c2c41b264ea4be050f186c233af63d0b205f151a7ba00ab58422fd99ae2e4f04b7c086290403570e75635b9bf9a7beb5581ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
453KB

MD5
218c5677189aabc5d56375fbc7a3d951

SHA1
e37471a41827479bf757487a2c71540970249b3f

SHA256
3cbe999a649069d3022a7bd5614ed68e55b5ad25b37c72a70a33355c96821ca8

SHA512
87ca3094a09ba2911334564425e467c600370414313cda877c99e7ea918774857833300fbd970ef7d0bc49702a15ae27880311513a0059133af61b7504438b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
31KB

MD5
25a3b86e77168849ad03a76dba99d08c

SHA1
805811f2c8404e0a18c0c2344e58954675d1daa5

SHA256
067b6c9d6e6eec7d3d47a0c966c120f6922faf9727112a486b158b90ced68f3b

SHA512
d5caa1d95772a4ff3f52ad76cad82fd10dff23eff13d59daeab944ec860fc5866406c0632d03fc5fa056691b3d3995cf099e140e4fb85660e85dd31e4eab332d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
21KB

MD5
e203fc5bc329eaaef0bb6778f44cebb9

SHA1
cbf7c5c9242f306d7c4cd35852dd451e4ac1b344

SHA256
efa2c5161bc3e06e63ccd9ea01b0aa1eed256fb61fc60f9c092ff15aef31e22b

SHA512
ce9f3127c8380a90326fbd84d233479e474b295453386e0fc34241baf8bdccdab81fe10d68e58a14e5ae2212af35dab5ccc856dea14e74cf622807322f80f741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
30KB

MD5
65bdc5bcb355a574fa3266e1ec30baa1

SHA1
1266f61ada4662d0105b4985f997a59f38cf8b36

SHA256
d94f856691e94f2d7cf523ee6f5099436bef54893ebcf2ef4dd598423ec1999d

SHA512
62bcd5a23d3b5f40d4e7ad3903a6d1590bf276cc147f426d66e6ba511a07c23b467e38562adb52f0139cb8a3c234e175d7b490ac00fa3855b020c8562bf541d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
24KB

MD5
32958a060b47ab5c813c76be2b55107d

SHA1
e51328a2e03cdf3640e9905fc0963b879e31af91

SHA256
abc277aa69a3e10817ca96a3e48d70470275af652aeddd88ac8d4779b8be6760

SHA512
1bb45ca5fd38891c78107ca564a7bd6531995076e9b0d26b9dbecbbd3e0af05ccbc97f870bb2fb24e81a47a0e70e6abab1865ebcf1b974a7964b94f002133fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
21KB

MD5
73a04e12a522bde9b68e8b5d9f938279

SHA1
ae4adf00506e79e13db3bdc42cb18ca399eb4932

SHA256
1f4025e82ce6d9b7acea4443fe9bf1cc37a91364b44eed92532327a955fd88d1

SHA512
d5c45e6e5ff988e6875d15d06fa08f8deb454552055570f15c4d7df8cabe44bc79d67c4f2d054dc59f3a13556e08e5ebbcca6132d5c382bcaa832e93c3869d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
404KB

MD5
c96a93edfc7da7eddc03406bfbac7661

SHA1
c5e22e93bf24eb5ae1b9c8e16e5cdb84b575715d

SHA256
18b7674637785c39b7620deeb84b55f9e134f4e66d2a73febfb2014e193deb74

SHA512
e019019ae1bfdee463d0d4346e7f470c6fbe7485472ef3ecdd5595796d922ac47cfcbb204759f804a7978faac4d63f9b2c3d0e2fce87b51526eef5d0d5cb028b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
793B

MD5
c36ae9f3dcdd20ce36d06c2e6a80595a

SHA1
a3297fe9b3da73459f551806e497468e244a2770

SHA256
e4bb05a9d4737b41f7a6069b6b7d223df6026a266aa01a96f7217e11d76160cc

SHA512
4cfb9f58e14fcc90704d92e07d790a38e38124137f834dfae03f41765be73594443bec22e8ec6e78d918841f711e69291337768181c31564e06b7bda0bce8308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
793B

MD5
d88730c5f18462752897547c7f6f4afb

SHA1
e3fff3fd1a6587be200d8a6948a1ee05128056da

SHA256
b5bffb168edad81e23bf3fb1a979e1e0173c6e9475db70dfa45c50324b5fc912

SHA512
f60b74d2012a9dc76bdef94406c990e7da3b05c4d71f87862a7ba0281ce4b3d0326573c98a077b8fe07c0499ea17feccbc25cc4a9e6ef972ce6de578252c2157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f825df1f2848929e48d129f70cf2a22f

SHA1
258d3f4fbe2ce95c7d0dfdc9e5bd9b1bf71f06ee

SHA256
ba0bd45b66a83efcf4662b826b76db959efa23f9b2199b92f73ada83ab331af5

SHA512
5946b0486f6180ecb0584c60a7aaa20053454e9538a22f564c23b0529cfed18038fc2c8236b4c9229f7e6cfc8dcd784a05ce86a02206bac7cf6094429ca008c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aae70328b337846e5f8dff5c9ba43361

SHA1
fde49e69119aedb023ce953a752bea375452c81b

SHA256
8a375b445a02d0d51706bcd04dbb952a84a38437bcdeae633a72b5f106589e9b

SHA512
6286774e8062753530bd63cf7c52cce0152fb94bd77a87b0c1a261d77df2fcb9f62acefa66990933901a932e577ef73f4320357e964e81edfbc0368b518571b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d7695cc283d7ddbf4a86ae4dd1b5761

SHA1
b3a7b6cf8648cb879277e78dfdc238043e40f031

SHA256
9c29d36da38699c581c718c1155f61f4c4f8c6648a27fc3b2e003fab5a55114c

SHA512
4140b651f64517c1db3b750f9018f9fa7099656d1a38ab23679f3a6383ea3738061969bfcd6d6f5cf6673712460327bfa61f697ab38be687c6c23c78cfd022a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c673b8d0861a2cc8a59261ca6f3a0552

SHA1
4acebec824a183d09cc60da977f6c766d6dc3e01

SHA256
2dcaf1ecefe56cc30bcaeb466489245bc712419b8397e6672d306d657c361c90

SHA512
e744d34b715becfe4f281ccf1824985c4fda44029758532c37c19b34d08ef15469b13a40ed357c282317e3bf68bfc27d55a8c5af9e0895587d227d9101612a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b747d60634ca758b659f35a248c3c45

SHA1
6d1505d8fc50f473a5032829af547cd203585259

SHA256
50b69c5f4fe3f7b2aae9e5740df45fadd79eab7162d226734f21fb42366b2ba4

SHA512
b5cf5b203cce85c7175226391c55a23d9a0e370db509106783457a2bbe57e82db1c8d2bc5f9b3b609281aac22188de9421e338cc265924c9dc8b6ca7178b9d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bb685751-d934-43a3-a056-767fdb552631.tmp

Filesize
6KB

MD5
e6105a02b19b9b635a1fbddc92ca0611

SHA1
d07ab332c5d4bc9b561a294ce371e0a5c7b9bcac

SHA256
1dd8e8212c8ada715ce6f1b4dc588c8dece829ef22b4f1e50144a2459b8a54c9

SHA512
70a3767a2615910d4a1c46397068620da4e03b63530492bdb205621c6f10920f57724f809a136873ec1ac867a0b2f3f54932c5561802a55f954b8003ca7ffc71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a158b13b7bea7dfacd4f697f6f7c76a2

SHA1
696b0f8653618fd12d5dfcc520348300bedf3f40

SHA256
22c4fdf17041178b38bc1900df157e2224f46e2d685fe21c9afea767c866af23

SHA512
08e61a34a96ff238dfd37676540c57d721d39505739974ed1e5c4b33b7f65455516bfd9502a78eac8ff400816144cdff8db1ba4c481c0ad0afa9c49ec3f57f39

Download Submit