9fc9a4773793a3db944748a9805179595b77c90e3c2dbf2496368d7489bf3992

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2024 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8750ee4e51a5d8f733d040e6c4b09ed.html
Size

432B
MD5

c8750ee4e51a5d8f733d040e6c4b09ed
SHA1

c50a99ed923e07a93209b80917db16e2b872e4b5
SHA256

9fc9a4773793a3db944748a9805179595b77c90e3c2dbf2496368d7489bf3992
SHA512

244bca8c201804c6a218b6d4081adf6e7e66d41fc0b166f40538e1f117eed62a695a4955bfc7455df0471c2cb55ba6ece18d43764615b0e2eedd6db9e2dde340

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
4872	msedge.exe
4872	msedge.exe
4364	identity_helper.exe
4364	identity_helper.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 852	4872	msedge.exe	87
PID 4872 wrote to memory of 852	4872	msedge.exe	87
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 1960	4872	msedge.exe	88
PID 4872 wrote to memory of 4104	4872	msedge.exe	89
PID 4872 wrote to memory of 4104	4872	msedge.exe	89
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90
PID 4872 wrote to memory of 3936	4872	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c8750ee4e51a5d8f733d040e6c4b09ed.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aafa46f8,0x7ff9aafa4708,0x7ff9aafa4718
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7931118542966105323,9771535441774472128,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
5510b340beb52abcebaf8e2a8e2a2f36

SHA1
ce49460e90d75525762f5eb8d5cde965c97ab1c5

SHA256
bf23400867d8f37a80d0cfc2c3916d48e0359cc42a60c28c14e940883731e5e7

SHA512
6c68fef98a2d26d414f3c77d8573d7b7c8fd51531b571e52683a0176ca5deffba89787aadba5d15b1872d6dc5bf9108705e9dbea5bf3951134f336d794c0924f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
8489538a2e4d38cf2fcd30299c0a9ed3

SHA1
38d58e89290ee2fed4ca95e7c05b09b19118f279

SHA256
ef770cd4522427269e50e55738ed8fd52fca993c151219a841190ab84f1da266

SHA512
60fc7d509475b020993e5c8b8969d70102b3c9353d1df79dd0cd351cc3d7911fbf0605a1a8a99a2b1469ef7462dfcb8111663e4a245c188d18c6dba518061448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ovussaul.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
87aa7d1a6f03d998fad78aba03a749a2

SHA1
2e88be52d255f5deef2d21337fa89b2a8a3dd32d

SHA256
661f7e140559af2e09adf6a0bba6a351678ce276fa2aa1a37ac08ed0ed024337

SHA512
3cff5cc5438366bb9554cac37869a7e05794d408afee84ec10254fc2e92c5aa2e36636b385b7dec36145923eb03c6449236cce2b01ec0dede658505f8b8fa2fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a25ca16dc31a73616146479dfaf3bed6

SHA1
bfdc2a1f8db96df79491d1a973e70c52dbccacaf

SHA256
d39b1fc436b549dd3a606b8cd1b261e04afb4359910efdbd61ef531fc8b549ec

SHA512
94aa5045e0888a83988bfca89a83a1d74fc3d344197423fdc49c77a2cd959addc2f35f9acc06265c440639088ac5063d8cff06931ff7a1f183ccd534d06b6ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f14b3bbf7949bb6ebfca2285ff6cb043

SHA1
eeb8559fa476da53c30bc4dbee3097002b1c097d

SHA256
a8c7c081d79b115bbfc47c40991dc1f16cfbf14ed70944da38378c0c7fe4d069

SHA512
a031c5a1a3035b0d6fdb0d7179ac501e5ba62705139b66897bb5ef1e8431d1deadfe0e1ed6c9e9185af17b6407e00ef71f5bede28c4161ca60d11dd15190a521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1ae5ece959bf33eb6952dd1d36bf127

SHA1
f0ec99985aa4757b840aa7056560269304aafad2

SHA256
f45481fe077e6afb36196d77edee1e63354dc989345b71bc3d4f7df107db8d49

SHA512
22642e3e46f22c227566b1ca46627738617cd84b664ff6891e61776b88716b0ce6febb2d899148e4af040330265bb0cbda5e50baa46849d3180f4bfbf2fab940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3d8ee9e344f16a2c6e1da6387984581f

SHA1
f4adcb8f46b62df59f973379e7e51445345a67a4

SHA256
81e173ac0db4c6c13f9e0a5a42b2c9639bc23a0a9fb9bb05f2ac14959d025979

SHA512
9b7247d1f1d0f7b361df2a31dc008f0e4dd5d491f899524b7a7071623ff5c0df6e9f49d251c7317b72d3b1454fa9fb1e76ed335b08b2a3c2f61ca541408942d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3eda282d898eef18c7ecf7df75964449

SHA1
9f94f5dc91e44ef84b7a73633d665980caa1caba

SHA256
9f04b1ca850d567f75770f2ae98c972e1f09bc5a3f06cdced0019f857ceb7c28

SHA512
d87953de5e6a757772a454f09e28e23bc3988b3deb6d3f4ff2aefed1d666462c74550e7d15d20d438989b9c766e47f3998a25797fc39a1f8452cc8c4d0a0c57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e530.TMP

Filesize
48B

MD5
c7c3409bfceb4842a5afa3ca27f0d2b7

SHA1
6be1ed9408698498857afa666fca8091f86f5e8f

SHA256
f824bf4e35b50785d970d0a9451928398be79d1cbae04e2174e4b165ab8bcd03

SHA512
4b4d363d753487c156ec31150a17e1c00f295b82b34ecdfd8d88b49d2e997deb7580d1b996c7d6059055f0d58003ff0d32d2b7080fb4dec75dba26301e11b170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3647043045bf12feda47e108e65a6dcf

SHA1
bc16ecaac3cb297221828c562782d57d1434dd4a

SHA256
21c50e732435a81b6c455b0897bbbfbe61b6b52629b3f987aa081e8585a61e27

SHA512
388b3056560d4063132a8254015bb3f8723eef9e86ebd7eec5633b0549e4102e7e3f5ca79166f6e9678242b089f249d75f9db76288dd4a9a425ded88d214a85d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582a18.TMP

Filesize
1KB

MD5
5e953068afaedaa16950fd696dfab2ce

SHA1
7c14e0cefa2815d0e1fcdc5bef3ad7cf0b35aa30

SHA256
e480a04a3db384238696e1add2a4dd02c4cdefe64017e0a1e1a9b4fb0fa0b591

SHA512
9a8c7ab95576fca819a855757f28b1d2460f043183a6f5cbf0d281f5c7a94f9e8d96ed94cf86bc752821888e35dcdb5f387e163d5ae35acb063e78ba47653d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
96db888880df20d73d21283012a8bd07

SHA1
48f39ace6817f5017c8dd65e54fb8bb4009f5365

SHA256
bc0d830ba8d8eb7cbf5f87f6e377ac2a3b359a260f5b262876c862ceb728004a

SHA512
7c7ebd3bba891f71267dcbc08e4f359a64c5558cbb2dcf19ea1833e9d8cc1ea72fb2c99fe407570594023f34e5688d7a18e694d9524331caf6efeed41dc78ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ddb1e9dc58c299ccce7e271ac7a3bd6e

SHA1
3102a8e7f53792d3ff9bfa6cc0a4df1348532c5b

SHA256
f4dc1e6dd13574e70ca00ae9472086b2df5fb7a4196ea5b4c689b0364c4936ac

SHA512
0b809f57ca14f129c16bb894b787518ed6b5737247b472ba8878cfc35a78e7e58bd8e95fc3a4a9871af2437cd59fadc70135df112a4ed12de27dc34975ef22b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ad13dc53-5d8f-4aa3-a7df-ce86d309500b.tmp

Filesize
11KB

MD5
aa4bdfd93d028fe015bf7cd9e56800a7

SHA1
5a36dcaf7b785d28e17dbd4f5d2e1c1cafbf8ac6

SHA256
3de3002a4f010ead316f031da8bf8c6b15820d0e46b0808488f31ffb463abbcb

SHA512
35602a7d9abf94dc4b1733c87f1ba55f4c3b0980107421fdbb5b1176f6630b0c9d79cf551f79b64955c0528e5aa60393117331f548f1401c17598349bf89b01f

Download Submit