hxxp://all[.]accor[.]com

Analysis

max time kernel
98s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://all.accor.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
4188	msedge.exe
4188	msedge.exe
4356	identity_helper.exe
4356	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 2304	4188	msedge.exe	87
PID 4188 wrote to memory of 2304	4188	msedge.exe	87
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 3316	4188	msedge.exe	88
PID 4188 wrote to memory of 4404	4188	msedge.exe	89
PID 4188 wrote to memory of 4404	4188	msedge.exe	89
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90
PID 4188 wrote to memory of 1208	4188	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://all.accor.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc013a46f8,0x7ffc013a4708,0x7ffc013a4718
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14335448798748327935,7173312902760718561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:5376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\98690558-dcba-4bfd-9d22-f488bc5b148d.tmp

Filesize
4KB

MD5
275fcf37372fca3a6abf7bd9259c0734

SHA1
61aa6511330454afc661cabd6e3ee3da91fb898f

SHA256
fd5390eda25c99df476410ea9c13f402a7f9cb4b52146b0b64a6ec60eca54351

SHA512
23477136a8ea59803fa453b338a36766199da3c48fd2ecc6bf45dbf242ff6e1b252022fbde2f4eff24446469b77cc7a784bb63e0bdd440dda57c8a18322e1c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
59e3965850708a32d8e15bedeed94dc4

SHA1
257285210a3684f9e5fa88a280ff40b635b9fa24

SHA256
e9d7782c60a8d547688d7cf16f1916ba51d6bae62f02e706b4acbfe1318f8ad0

SHA512
eb5d20ed194e249cda397f90bcb618e055d73b369b5090b8a778dc4ecc499f91c669504c31bab67fd4e79db45ebbbc3228f6d5f5b7fbcb689cbc5a45edacfb93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f701b9b3601bffa4af0d6d72e3e0f791

SHA1
6384ae75694aa02fbd06b71d1535d7fbbd2ffccb

SHA256
be628bf21908a07832e8075ab9349e53f20013fe4cdbaa7617dacf1eabb614f1

SHA512
c5119dc5c48936ee8d3654cacb3d344eac19493e6992f975dbc0ea715e3bf48abc232396dfa9e8b47328fe86ae16590ad72b27d7772430c0754d68078568acc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
c43621194ab2f1b70abdee6cd32c61e4

SHA1
959f1971e1dd372dc45b973acaa7a46e7c24e9ad

SHA256
02e020553e315718a7acd907600ea28cbe0b8790d5bcc4f6a50066e24fa3bd82

SHA512
7b7481bb26c3c3b64edf2697836ca56bb233010d2a0583ce17315495944b434ecde5d85bedf68ca3ea0c24f03b27adab8cef12211acd139495e66115639ce412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
0aa293fc38fb7fc039d7839a63411683

SHA1
7dd66a9db50c2b088f8877162660be8b6c4cce95

SHA256
7afdf45f663f62cecb154b51eb69537e6a30c45e2acf045b8cc6f4a3f59b4fd0

SHA512
37385662d6326a92d8cf862c7b7506e67a247cb867e20235cfbca4cc3f312cef6d34d92d92ee0426d2485640928b996fe491d387f7a7a5d6633fbea45daefacb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d29191ade19270ae17c3a7beb01be8ce

SHA1
91a2377e927e3b71ee1d10168c74b8dc48f70d63

SHA256
90c50ffca227b23ebf0c2e383b8cced01501fd659987d2b0cb8a88a417120a20

SHA512
7f55422a5255101856d2ec7d587d57f9188363e4ca1711191039ef30fa1101ab6202b2fcf5aad4d14ffdd50089afde0d22bd9d37c51b3bd26bc1e935547c49dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3be76da5fe636f7c61df5e9af0055f55

SHA1
442892d916fffec1a5b27a0fa1e9398e01422f69

SHA256
bfa18901d012620bbf0b2b87eada6f0b43411da34c58bd5b6799f84c7672b264

SHA512
039fb4ab6924b907e647f783a266414dcf6ee605adb677cdc2bac59718666884be58895d6d2142fcdcbbeb4fb1eb7dbfd45c93b2b4aead35eb7b43e655f91683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
0cd4819cfca937a6089956499848df42

SHA1
490a85a7f092f4d367d55af9f51f0a9ca6b0a368

SHA256
46b76aac0227d4f55c92476cdf21e48542d11d64eaa8dd87f99bb82fe815acd2

SHA512
b1eafb4e2855b0632b7e82d7a6cbabedd4ee36fe7aef0f2d9c258de6e2cc400bafbd2e423282420a447ad2aa8d7475a385ccbd217ea483bfc28a85938a907faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bffb8f8abd0277d82e3f5cf29445e368

SHA1
e8a58cb1ac4c1d9fdcc21b2bc2c4f5cbe6bb7702

SHA256
cbdb1c1229cc04928dd7259972cec38e32c425cf3f64d93cfdcd687d3e86c457

SHA512
03e61e989ccce930d4bff585696122424172d90e9c967ef662fea145b5aa373a45a6548086e5b9d3f77fb6a1a56c829d34eded19842b04ee36cc9ae252b57e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f1409ce530ef934b1bde759c23b21aac03e126aa\index.txt

Filesize
90B

MD5
9367c806e1a3b64b87cd39bb8d96dacd

SHA1
94152a86e7f7ac95f10018509951672a300faa60

SHA256
1f909e4e2ab40406de9f04a4453a90a3fda39f5f4f1edbf09cb05c07860d6bb9

SHA512
73a50ed93d4c8522d26a4077be9e5c1da5b5ad71c0ec22de2f1253f9ffd37443513692169912ed9ab1d2fd74c2147ec3d9b8ab03f596f5a4d8d677d923ea1bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f1409ce530ef934b1bde759c23b21aac03e126aa\index.txt

Filesize
156B

MD5
4bc65eea3bd31697274cbc836a0a0271

SHA1
760e6beddd057b1827c8697eae422877b06ef908

SHA256
dd0148b2b081c66fc0ab7580b4979e4ccff68ee5e959e8cfcb3a63bd760ea966

SHA512
a9b29cb3ba0fcad8aed9be88c1e660f3722bfa07436dbd917e9f143f75d5e1373e0c4e97643130a902aca1f1742da2ac5697d2325acfb34b3acb615b2a0d3094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f1409ce530ef934b1bde759c23b21aac03e126aa\index.txt

Filesize
149B

MD5
92c689f655d79440350d5d346b810e77

SHA1
a8ffe1295b7dc9c9d4bd1086aeaf74c2a5e0d619

SHA256
6c820d6479b1308865917f1b3e8c09f98fee47927603629ecae47e1fdbadb461

SHA512
5032ecba39c1f231b6363e14ec2e17665ab6b47db5795e0caae53950948a7fbf55cffe7c727888e3f99777fa12f3027d37cd636fe62d32cf8363f61be2910a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fd87cb4c5d9e81fa30778494db9af410

SHA1
93f5f6946f666299bb0e68cea4e8b283bd10cbd0

SHA256
3386a3d0be515236015d52f6bc93d4b89a3a5720f650dfd90c9986af64c34523

SHA512
3a5e233b432bf37135bcdf18e559ff3070efe09c84ea80c8e3a619d8e4cb84db2e273f1d6b8d06a95427d8e3a5142e8a909a548f55f2e71e9ab346ff49a7eb2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58971b.TMP

Filesize
48B

MD5
ada4ed826e8389fe2e07c9b65c893ff5

SHA1
e0e74d87a5ceae60f1e833dc79c6b1bbe23bb3db

SHA256
c04b8d46df15add6377d7bc0465217a3267cb437ac4909245394ce41abcc1125

SHA512
f68ea5dab09fcb5f137f3793f3eedc8a6caff109bc9a8a4be38aade7c94a6c5d0cb323968ccb981f52a51dc535d5929c9349369d5e41323fc86927f454c843b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
18a9f2b50832e48f4c8a844641effd08

SHA1
e3bd2a3b096228a32fbfb4e848b7f926a21438af

SHA256
cb4acf6bb11042d7630c825f5a38bd4736ad6cbbfa99a59d75ce017631554483

SHA512
8452064738ca997fbbf2892d49f5a35f8a8757cc0770ad7dcb088875be6da281a5bd644ddee8bbd8862b0a8c18c07cd837f403b4adbb1cd53da31ba864da89db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
aaa4365809b351878f73aebe704cfcf6

SHA1
64db5e8353f67b5d17dde59344850a802fc7f226

SHA256
d0e94c94cd34a81d4c2812e58e7e391df2d0a605d3ba6cbb99de12c2f1711de9

SHA512
9baed66ebb30d6b9cb64aa1c598851c298651cda846516b98a7f03516ccbdaf8e150a8e67e17edeca46918dd23f53dc645a49d6358ece31b9b97f4dc35990ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fc22af1fcc59c75230a35feb670a729a

SHA1
2a9266ed197e9b8c11d1ce821c54440360b34fff

SHA256
c7e0a44284fd6f033247252c2f4eed4365c1c0c82a2e3617024d2c5ad5ab2741

SHA512
b5e984da0a9a4bf7166f041695a2cb7b78daa1dd0f00a6f2fc2a4a34d037604bf0cf54dd45d52c8911e3f2fb6c1e7514a21bc79c8387704c9388beb77c1adb1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5dd0d644009904ba33910e29901f321c

SHA1
9e845b8339316e5e9f9f7bb2bd7334d128390af2

SHA256
2c07faf795cc7129a7a49eeca772e90b652e5c221c8f48bf8cc52ed9bd5c0868

SHA512
354010da9112267944ba088ae518ba96ecb8281e9ffd19d9073049921e2cfc586c04b708d197d5c9ad0c0060c4df60d541137addd7b3a679373a77fb39b15eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d5a2f932b54dbf023844b38e5ce4d121

SHA1
3dae335f1ae2f1c3e0573e78d1d941e7797df1ac

SHA256
3a7d5ecdd68821b8ba8ab045da9ff97cc6b20c34c65cb0ddea0f670908e71c5d

SHA512
373b466c8490ea414fa67ba63ad2b2798a6b65d99cf1d073bd2b2bbb90a65f9b4b18f91f006372f60f875f157f260de5064ddf6d3ba2fa81bb79f35eb1033ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a15b99a2b4ce65b9b6da13f4acd09a0c

SHA1
10741ef7f048d0302ad510eec3bc75c858404ca6

SHA256
374216ff918f6a05e9714f248eccaf2652b06f12f1d031a9384f449644775241

SHA512
c6257c042c559ba6ca20745b2d2358c66be792f4ebdc112da3683f32412f3e8979fd0dc0b898e2367735d2093c324778a193192f7c9bf64d4d4ae38f3c0cc684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a6bf.TMP

Filesize
2KB

MD5
5dadf94d07d557e38e01335445452243

SHA1
33c9e64e14182de82ec4f2072cc05e68807db118

SHA256
419392d244bb0704b6ad4af3ab7958c759b851dc1009a1b2e3c93e3cdeec12c6

SHA512
6349d5f13677c1a4aeb09f56530466085f636fcff0b6202bcc5cdb81d601de519ab8358248b5845ba5d637ae7d6aa1123a39a48816eb275be34bc0e7cdb1917f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b796f090059178de991b836e131677e6

SHA1
f8fb871feee9a0fdb3c4eeefc7a8e82ab3032071

SHA256
745b0d5197c5ade68e319036fb6da5263394867eced5983d5bc4a9dbdb38b2bf

SHA512
4042a15dd5091a8575849fb4c3cb6672fe7e060b268f67a4f3e56db6cee4d09b059659c2c14fce9128a0a43084436676aed76bdf15cfd8b835700029906e409b

Download Submit