f10664af08e9737d10581509d636bb26883f861db5661642af16a6d9dee0d346

Analysis

max time kernel
570s
max time network
602s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

733KB
MD5

8fef648114c907ad1878e9d538c680f2
SHA1

d47144909f7ad8f02bd7125bbdfc533a86ccbeb0
SHA256

f10664af08e9737d10581509d636bb26883f861db5661642af16a6d9dee0d346
SHA512

e3ed2a25910fe0d9ae5748d9de91f9a5d46656acb3cc3810ce7d9ae153ac9d1811e3a875e311b3e8a862fae7af82f58068a5f668b333d1570577a1d84616b138
SSDEEP

6144:MR1UQiFgKsMSzrq2NVYblsICXWSDn28m7DB:Z12AG28mZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
1100	msedge.exe
1100	msedge.exe
5808	identity_helper.exe
5808	identity_helper.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3864 wrote to memory of 3380	3864	msedge.exe	88
PID 3864 wrote to memory of 3380	3864	msedge.exe	88
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 2920	3864	msedge.exe	89
PID 3864 wrote to memory of 1100	3864	msedge.exe	90
PID 3864 wrote to memory of 1100	3864	msedge.exe	90
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91
PID 3864 wrote to memory of 4056	3864	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98d8746f8,0x7ff98d874708,0x7ff98d874718
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5492 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5111100540242691072,13589659739711903704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
9980be1ac226f4e0203e847a4e1f11a9

SHA1
0fa709eaf4dae6044fac9ea83dbef066106b8d97

SHA256
7dd0a1bae79ed1176be417ce2f6ed6a9200d69b6473a450dae2d6365f95e69e6

SHA512
a91982d1116cd885b5c53282049b948fa998c44f2d1925411122e28e411523bc46886b832cc54e8c69d9a1920133bf5bfb3f1a7ebe43e3e1338cf6f59f3cc08c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
2c73d95881352e78aa84f23be4a19026

SHA1
41a41f6c0ad1a4336d0f0de11bcf42e9ea0aa8f5

SHA256
0fee572895196546aedef677800b399b47ba0ea6c1b293b1287c929e26eb5837

SHA512
56d2f32dd64534050f55ed57ae7c0087ab7139d9b431d4cbbc8a2fe6ef2dd84933cac89fb696c84123b8a595ade55ff066c8ed65e48c38b96624c9009b582176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
697B

MD5
71acabc55f2ebc172f6b8a2b0ec890f5

SHA1
1114b19d6417d170a3bf237e13477980bbbe4909

SHA256
6d2484b1e317782f6c2e42346c2c8522f8c1d3afacbe9a04536f87878c61230a

SHA512
fff23304c2ba2962a4991455ae08168e545496592c4dfcb7551e7e41ae04d26b7d2845776bdc424b245d13457d61ccfd10a3f7cdf87144e0db9405f2c4d61369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
283402c1952cca4680d73f5a7c009e80

SHA1
094c5e8793e8da6542bfaf139ed6e0a5b29a8dc7

SHA256
e86216c541cfcafe72bca92689f0fe540958d2e4a1ac714485bc5aa9a248ff5d

SHA512
e10bc4b7e8fbe80751adda2fa8e97f7f80812202347e5117a4cb46290d39b680df52cdbe468d522e65762e14f02189c594ec7291b973abfb93be01ed8968c159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cfb3c02ff08fdbd744d317196fd990e7

SHA1
dc83f7b1342b503dbe96bc060baa62235598a214

SHA256
ea8d390b5259d26b0e4574145ed7bd60a7218b26f402f699fd8e9124d2e00156

SHA512
fceed35d1905ba02e8cf8feeed4adf7ec71b571fc56851f6948763aff31edc90a8f87cdec9beb4857805f364a87cf24920aa9b74d600db339b70702e13ce1ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f78202a324822a85b166843c5bd9a07

SHA1
ff400d92e151fdaecfaaa815023ceda51de5b2dc

SHA256
84918e7dcf66f9afdebc09f83abdde5131725bbd99538e8b5d982eee9109a1a7

SHA512
60dfd2f9beb97c40277ab874711ae5f617bf6e91fe8a0260c4ac458b9e0278a95bd63e93bfd9b0623d3b51ecf19b9da31e7f649cf98442ed29a9c734928d2669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7af9e2969a1b3f66de6060d019dd52f7

SHA1
79b77d9bdff6a23587accdbdeb86a13c9a9b4ab8

SHA256
f5c99d5f167e8c9f26b43404d9170ab0ad6445eae5802e78494aa5d58dcc2639

SHA512
7920f7b93ddeb2eb8d217c2b1ce21e6f07d5acfd3732f17893614482bec255767b9ba5a40f9815f0b35fdb1c01c2fcca42c9e05b33dab4428742acb571e1b01e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7923f172d10ac72a6eafabf2ab2c1bfb

SHA1
d7e1402bc81595b1e90c58e37d2bbdbdec11340b

SHA256
63104da6c1607c4b6884f7a34c39db6084a8ed5d01f4be950956c0586d5aec04

SHA512
bd2af9b8ef570fd2e36bdef44b6e996ec8b052579f06ddd67fe68870072590f879076d2d305040d855f4d5421768d0c2f2290f4756508502162ae897936aa978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b72990575eec5dc6219b7518dca47da1

SHA1
32e75985e2d77f97a67d3b02ffc392115c3921b5

SHA256
0fbea9b047fde0aad628bf17ca438a3ed0b65f6043ea9c757e6216fa35b1235b

SHA512
009bd8b479ea60d59fd039dc940da84b15408ac2fa347c2db00c12a353fb2bfd022e32620515d1f405182519f1243565544cce59e092dbba4a9138e2b1db9039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c4268b5d73c85166268b0c36cea26db4

SHA1
cf068e4fb8c71f1030b47569bda78d69b5b53951

SHA256
b2de71a34eb43d795c9f2b242264a7356aed759c9be4d5252ee53bec58f9435b

SHA512
59b83d2217fcea30782a08e191d67659a28c146286d00fa4ca5bee0dbb5db144bc01bb651798afbd3392120f5e6f9da332701841fac4e6d30c42ba4fcf8d1b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
af40121e2b1c4b82618a07faba15cc79

SHA1
f30db3c360514a4bce7b2f02099dfca2f48a1bb6

SHA256
1e9074924682deffe6ddc2d8f65aad6f9ec65ac2f38b99797ffc9a2a2074dafb

SHA512
581f85d1bf27c1ff08dd1171104fae964f47a6b08f95a2068efdd4d3858466e08a607db189b6301707fcb8640cbfe22eb3374bc7d7c7736a15bb7148910db553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e625.TMP

Filesize
48B

MD5
a42241a903ac902a44ca8099e6efe960

SHA1
0ec45a7828b03697c42b2c754f9730da894c865a

SHA256
d4f4d61d748207b36754b145c3e33c3ba239864c4e86d3635e5790adb0847db6

SHA512
0e1012d1a38d6f4043a1768745106e696039d195ed01c155cdf14cd096e46119d0d13a929d03b7f0dc6b4f3c14d5fd30d0c22597593ec79340cfe77680bd7f07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
52d5d8e53efed4ecc4e8afe284bfeffc

SHA1
1fcaabf6f49a95f7d7433cbf5b9354d4a07fdb2a

SHA256
7590fce94c814063cbcf2af1941fdc05a35c197bb84ac654ab6c40c16c84925e

SHA512
74b2e9cb12a211272c469bc7a598c3a5f7c2d63c18ba41f618f0fd7615d0a50714471efbebe80914c1ddbee39b0af50e666c70d235a04c8e7a97c577519f9e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
d0f2aace35e8423fa6f83337c65c718e

SHA1
71d291ee3b602febce7759ec7089be616217e9a6

SHA256
1f7bee6fe6afd3fcbc086a113fd800e77a897d25b816c2ed18e44c92adc4ed34

SHA512
6abd6e40cf5535ad9754b190cb0b59afcf43b980d5342628bddc01ceb0c11b7ee6b785645ab8e5f8b0215f1f6a8acd6b5aef3628479c993112053c728b8a3d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
dccf29e79e69fcf24cc1d8b5a328558f

SHA1
7eb27ac1f5e7de1452c3e1806e36312e5e25555b

SHA256
2369a02c9cddbc95e30c36b2396b5c844b9773d8f461f414fea17240d08cd868

SHA512
f6d0192140285958f110d1b345a13c59245d2a6f951221d736780b333862a2130fd1e269bd36427345993a648e10c1fdf7259b1f1f356eefda3eec68f7fe8344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
ac27234996ca6fd9c3973b4417dcba30

SHA1
9e21168f1749753f443fbdfac10dffc14f715f7b

SHA256
ada5fed8c3ec63c1a87bd980d03d7b0c087beb33f9402f71574cf4f365d9603a

SHA512
421f442a5dfbc87ca83122ae0804998ac4a065f9d48b8fd86bb052365d8c8d870f3783cd6888479fda20010e2fbf074849ccd5a78d7bd0a4b1e38a786bb47775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588cca.TMP

Filesize
370B

MD5
dc074e529b126bfc3c3d500d6178ed1a

SHA1
e90e31ee2a07e7cae3c939e3283c7bb31874d3f0

SHA256
45ba9bcf512638b7e90c25ffca5a4392c1bc0b0d07333f8ebbd5c821a0db849d

SHA512
9846fde7a7c36cf935b29ccd8e0fb35f9331f56f03580b8b9e991d462bdc3027c15d9885ff40dd20a9cda68cfc48e448ba5e5f2fcec9c59b284d33561add9d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
18181e27d6a4538086d73f53ff1e21c7

SHA1
bbfc1b412a69d4906d4d17de7190414b9babc324

SHA256
31a3fbe71fde734119377d2f9d7dd010c72baa10a8616809cee74895c5407828

SHA512
b2691cd8f64d1ab25085ec6818ad9cc0b8ea9ef3ee173fad18097de3257c4550f7a0cf5e424d3ae51c717aa9c479be4d441aa315ff972616023992610bd4d374

Download Submit