d66e8413877ddc460f8c4b915d78b86f1e3d21b3444f17f99eba751c04f7abaf

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3614000d2f007e9366f1805cff1ed82.html
Size

432B
MD5

c3614000d2f007e9366f1805cff1ed82
SHA1

0bf297ec927a18f1eefcb142f7846d7a7bd6a6e6
SHA256

d66e8413877ddc460f8c4b915d78b86f1e3d21b3444f17f99eba751c04f7abaf
SHA512

c74251e35e8a8bb43e42a0e3abe4986ba3372bd1ea54ecb786e5d0eb7481a7039265a07eb0f70aefaf9419de5d13dc7ae82517c848e27082ff50fb5ff2b22b87

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1596	msedge.exe
1596	msedge.exe
3716	msedge.exe
3716	msedge.exe
4032	identity_helper.exe
4032	identity_helper.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 2440	3716	msedge.exe	87
PID 3716 wrote to memory of 2440	3716	msedge.exe	87
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 4052	3716	msedge.exe	89
PID 3716 wrote to memory of 1596	3716	msedge.exe	90
PID 3716 wrote to memory of 1596	3716	msedge.exe	90
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91
PID 3716 wrote to memory of 4944	3716	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c3614000d2f007e9366f1805cff1ed82.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab57746f8,0x7ffab5774708,0x7ffab5774718
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8127148216875702823,13857129348596840107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
bd8d24631f9f93bb582822ad0764478d

SHA1
6a9d66e8f177d55a8d3f754a12139b5430c73ab8

SHA256
c0b2aa64aad376662298040043f0d77402af11562beb7fa467c549ea7aa26f21

SHA512
ddf851c52da90377862f7d38532e9537cfad77f126d8f240ef893f23c0dc728966eebabe8e75b926b5a6399481b69a7f15925218f806b17fd1c01eddd3e5122a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_worldfreshjournal.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
726B

MD5
1266b1e4f898bff07fd794905a3acb4b

SHA1
4def2419d5dad6558e998a8028abe6c0ec46b1ce

SHA256
a8564d5d6b4aa0d23eade7c573041637a58459b6cfe8285d14f67f77da5ca402

SHA512
888e57f8556a75d2c839a9e83b67d8ff45dddf23026b2b385f5aa8f0c58abde467d07468c45eebf67d0aefb2f3d80ef73e6c25b044d4fef1e22c11e33b4d04fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59642a1a3ba40a4800bb5bbb1b360f82

SHA1
3a15ffd70f7c3a17ce41e5d34152a6a2d636ef21

SHA256
06f063edaead5d7808185e767f2709c7383e7eb9ff6318e9990c2daead29e707

SHA512
a9bcdc5895564bd4f3943e94ed52e43665f38583f579266c5146e779a4ac13afaffb55517f4bdaa8232dd6937b5207e202718b675ae404e1cd72a613a4d8d587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
463d1741238929632ae07dc4dd84b6a5

SHA1
95fbda725fdb7b3e2b596b38115af1d34ab35a61

SHA256
4877cd6935c801400eadfd0cb1ffeced9a3cf3e4e9b51ea9fc038b4a5f74a7c3

SHA512
dd0506d737ac1c3f2a69e034e7fb5f71bcbe10a9684d0960e87f9758b86ba599fa222d88fcc67d9e5b3d3cf3c690892b3ce9030fb907f40a807f89bfbdbde305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b0aa9c325fb7227eaf6336bca388a6b2

SHA1
5baed88e8d092d94a8c3862623244cf0645900d9

SHA256
c2251de9ce8053133c0bb5c0d9599923b8ba8c503a067ae24608ad424a373e70

SHA512
d9d054254913dec9b33354fc8d916aa4503d0eb5c5f0df94dbffce4892c5a6e70f567b99689bc0dacd7e27780550294380ba168ca8c6dd30a04f3e1961618e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a047.TMP

Filesize
48B

MD5
eac25efbb39cdd6f5bd4f2bbe183f79c

SHA1
45d5e5dfbd5eacb3a4c9158b89c39258908bb4b8

SHA256
34fabb31ea9a772e147051a9895cdb77e8e3d9c9728b04e7f15e967fb3be71da

SHA512
30270b70da86eb747b2b091fbc150021b50b05ced0b8ef5500c7ca87092de86b654af25999aca7269662df67aba6177c72e2452ba4a5c5c9805e701b0b324c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
1648fb48c1fd697dd57111b3eaaca9e2

SHA1
d2225cf7960ccc1e46c28909852255b9c3edc458

SHA256
30f389c9ce4362ce7a38fadba990c08b1df2e38952c462175d70854fb7066a8c

SHA512
733352caa09b9ea864cbcd0b069dd09ab33615e6ab90263180a1a24af43ab81f9587e1af87554ce798fa6e0c6cf75cd758d0926dbb6061977096ccc0eaf454e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a4bc.TMP

Filesize
539B

MD5
6ce4d0db6434a96661cb40fb85abc97a

SHA1
52be7f2a672625617e123e0ba35624e7d3ded3a1

SHA256
1ac713b85862b774040d1686c0331587e6ea07ca6c871e2700c66e69b279b69d

SHA512
316c9452f6b7e77363d93029b7b55226bcc7260e3a20df9f4a2c2c5b182b45439e10331ef361c2054e14136f5fee03c63b9fe3e70722f2fd0cf5366b1f02bbf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\de86d57d-011d-427e-b569-efda9e81d098.tmp

Filesize
6KB

MD5
3d5195099c5293d47f299c65e4160861

SHA1
1986faf07d7ab491f8393287e49632e6cb391247

SHA256
f78a1d2ab506a8f4f958a1f0682dabace4d40b1064e308660563c25190612da8

SHA512
270f3edaaddaa51e85f204e8f1d03cfb7a40bed733bf3276b375426a69daa8fa6924b8970635454cdfbbbc7f0f13cb994e61f6769572bd808c617e9627990f44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cff520108f1d16760d325e469cdec79c

SHA1
b1470a2d9300cfd97e77c4dd4ca62241cd1e063c

SHA256
83358a5f3003ae7d335b1c7d4d33070ca6e327bcf02aa9639292d8f6f80d867f

SHA512
af5cd32524fb9b2570d55690b5de5f71ce6f453f291e7c05f290ac5264d311d58dd2a80d6806bb881fd80cde367e393722f3b86148d7d917a0aa8e020fd39ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e858c4f742b2fb32df9ed6ecacb3e772

SHA1
fffd759f3341f4c85488a97bad33de274a37231e

SHA256
f71da104a53982c5a8f07ccd580a2ae496df633bbac4e72411e488d770997d6a

SHA512
89de75d761ce18c134bdaf341876ea6544a493bd7ba99967a1289f52601961d6c40133c76dfe6d730fa97705c50666a9e83a9245c7660e52c879f513b33ae2e4

Download Submit