7b5e0ad5e7d25ef585282d567db5f99e3b808e9dcf57a7f9ec5237eaa84d1cc9

Analysis

max time kernel
135s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

487KB
MD5

59451810c02f3d5d5ff626523a376267
SHA1

34df23ed66d12734af26d6cb62173fde1add18d5
SHA256

7b5e0ad5e7d25ef585282d567db5f99e3b808e9dcf57a7f9ec5237eaa84d1cc9
SHA512

c987d99fecc65665700ae0e9c6440ec49ea23f26f4e4137bf6cb146957b3d4a5ea1be87b2664b3eec028a0a643d68b94d3f07811688745bb18da9618110d4199
SSDEEP

6144:Cr5f13f1bf1sf1Xf1Gf1Af1Sf1hf1nf1NPb:C1flfVfyf1fIfyfYfrf9f7Pb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
60	msedge.exe
60	msedge.exe
3128	identity_helper.exe
3128	identity_helper.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	5488	svchost.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 60 wrote to memory of 4200	60	msedge.exe	83
PID 60 wrote to memory of 4200	60	msedge.exe	83
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 4884	60	msedge.exe	84
PID 60 wrote to memory of 1912	60	msedge.exe	85
PID 60 wrote to memory of 1912	60	msedge.exe	85
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86
PID 60 wrote to memory of 688	60	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef95246f8,0x7ffef9524708,0x7ffef9524718
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4790979850372672976,17687047978876193029,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4790979850372672976,17687047978876193029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,4790979850372672976,17687047978876193029,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4790979850372672976,17687047978876193029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4790979850372672976,17687047978876193029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4790979850372672976,17687047978876193029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4790979850372672976,17687047978876193029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4790979850372672976,17687047978876193029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4790979850372672976,17687047978876193029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4790979850372672976,17687047978876193029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4790979850372672976,17687047978876193029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4790979850372672976,17687047978876193029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:6028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1344

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
939b74403f56254d4aaed5bae1178674

SHA1
5e988a46335f8eb5554611743d1f587c23b7893a

SHA256
1f23702b36b1ea934ae7ba7fd1b956f4a7f5216fb2085f077cfb7b43a92b5972

SHA512
3606970b83a2250b0e7fe63c7059289e6c198a7c237bf4d368189a5f9e2f2d5c4f5b1a8c2943759e0d0f2485152acfc36c7c993365fc75ade7263585d5e95cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
53298f67065df73fb715811db19bb701

SHA1
3d75be68f36143aeb6732419fd80844d3a53d738

SHA256
e4a2d7e0bdb5cc3ae953088de13932494568a333c76b36824becbd4036589a52

SHA512
0281ae46846f274cae51ae83a7d44e2a9570a48dab20517521610f94a2c133f6dab74d6c17c69987e286aacf6794e6a3f3064080ffb84b760480a575dd221c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cdb487b96b0cacf7a162805ef59e3962

SHA1
5805b91be2bd6b7da6e9318a85f2b8bac2af303f

SHA256
88c253cef494d6db9d17ae6cdd6729d911f8507f212f295e7e305b4c38e9d61f

SHA512
0a6100fb1fbc94a2205698b51be5335b70a17273b5e4508067e710acc65abb4e46d239c5e14f7bcdf6cde0c34e29417dc3f2ea5f8db58aea2ab15c281780bd3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab187d79f78b6630bb6741d88977849d

SHA1
ddc26d7488ea37adaa008fa1124991442b0f538c

SHA256
607f5e43f3a46911f06ba8924ca555bef2b6354f49c7cd8f45fdbea46c692dc3

SHA512
c4b9bcf5e64990bf2779bc9fb102ce0c0d455f3d9f1fcf6e304be18fb7019ade99fddde0df530285e1c7bc3bb5da2387e92ff92fa01126dbb2b088bcde2dd16d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a9399b75d2ac204bab7e6c3a06bd566

SHA1
50e0440ca71b130a5be3da66c845bc6a6783ff00

SHA256
62df1574114973e331b61e4de3c1d0b27f259edb693173671056b3f857f1b636

SHA512
0ed1901d1cd123fbee1788f249c532e10e146130381a44ad1afc953b2e0ce300d27a9e8885584ad3aea2c9d6617a4b6acd69b37ee4417686307ab315dcab24e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6065e66225c345e0bb4715aad42f124f

SHA1
842ebfd57a63abc75a3a9441d0c1e53179890b9a

SHA256
25b4ec8c68d90c88a979884ea7b56e75116272800bbacdb3c75d9ec225b79a86

SHA512
df22b1d22811673a98a36a4acdbff73c6db91062f4ab9eb444d98eeb4f219bb1b3d3c38dfc0d2eac966a84dcdd215d1bdd460820ec685a218c3fcbd356a7179c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\994ec642-0c00-4322-81ef-75c057462b3a\index-dir\the-real-index

Filesize
1KB

MD5
c782e4723c338de1699edc28563e9efe

SHA1
ca45feab50264dc4aa7bcd362851ba6e277beb18

SHA256
2ae308e91cf645837a3e534cfd8f3ba77b517bcf7ee2dffe8645072ec3a798c3

SHA512
e8e705ed9f69fb1201b2eec3c188daf1efe693f44267632e30960c028e2d1b2d67f3be3f7e94ad7726fc881a152e5dccc6856e56624daacd16efa2144a011eb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\994ec642-0c00-4322-81ef-75c057462b3a\index-dir\the-real-index~RFe57f731.TMP

Filesize
48B

MD5
d3a2e1b1153652365d5b636a205294df

SHA1
5f2aebd09057f6b89feabd54005f16fa1d2b32f3

SHA256
9bd53a7638541b5443be65b0f0d1f9b9127601960a8494589613670b4e323a91

SHA512
c4df51d9af4b7bb6e1c8e57077340fdf98d6c83d53afb08655e347e87fa81e0f689d427c96f747793cd6494fe3d5d08b3aa38f7623b5a8f088fec6231d5c2108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
73B

MD5
40e7a9e9b40d9c146692e8bfb1ff079c

SHA1
d7849798d836b866ccc33d6b45e95a3b54ab4682

SHA256
db03c3ac9d3ab4f6647e0a2ca0748a607a425088727c2c18338db0b7350b0f6a

SHA512
b68ba176a2f4782a406a9f1ef36fdd40a38bfa498105a98db9b26685eaa5b6a82f003dc70c4792489eb41094b36c18548a2cfdc534ef58b7abdc05ad045453e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
130B

MD5
1d276095352cca88e6749e6b8818396d

SHA1
ba995015470d75175ad813fda04842a3349cfbde

SHA256
9cd0c70b2ce3804ca76b3eef8acc7defbf5bcf53594bafc8ff57bd3488da98be

SHA512
fda40e6777f74fe2bf56395840ca5d26ca58a6de4ed265723c2724e7fa8ef56f300441ec2aa7d8a435957e183c9a1fa0804b567f6bf56a60ace5102db2af2c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
66B

MD5
a8137677b73545ac7847cc1add66b4b4

SHA1
963b2dc58c69b628ff4f3eab5c1c7fb21d8e331d

SHA256
30ad311fc77b2d0717fb6f40e46fba043224698c42eede22c5c5c20fb5defdcf

SHA512
ed1082def7377fd633b1bade7c2d957103a1daf30d2b374d18dbc953cafc6cdbef5eb6e9ff396e3abf48b89b3e1700a45f88ea5b4e89ec29d596fc6c28602824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
68B

MD5
cc8a37ac186e4ed5ee54342b08021cc5

SHA1
e2610030ad24c76ecb566f96c525b23e18e478a4

SHA256
c68e9a08594f36cb4892b45e169a43e12858016016a28750f99cebec3801e578

SHA512
c8cd48dc6f7c6c0d7ad5e2ef2cf81b8dda97ff7a003201f43b4d9d7179dbd7e67ff595f16627e515c40e36d884fd355699cf4ccb3c48b57bc87437ccd019d083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a1ad60008c3a7580da333587117e45df

SHA1
4d99a99e0f9f4a9eb32440e38f4d597c5259d1fb

SHA256
3cb0d6338c64850dcfd6667d3231fb8f026fd8e04e8195301ef4233379a121bf

SHA512
67fd8d1c4b743eec21f4e2b8a0be55e849f4a0734fa0dbe6d684c9756e7cc7ed4aec5d778d778d73c6ea9f649126ea40f6ff11a938ea4e523f507b41b9e56e20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0e927a635ceeaaa91e9978752280aab7

SHA1
3b3dbefd0ab93c3e8186c3ffcf48504ce2beee67

SHA256
7a1a1ca7438575c570dfa8951cd186971395be40b30461b3fbc528d931521478

SHA512
275b7912094b1ae9292039d451a3ce6ab8706d44d662aced4659ec94f64b60b5adc3fac67f5670084c3d7bb7418c4349facf34ad219e017662255fea3dff08e1

Download Submit
memory/5488-258-0x000002B77E620000-0x000002B77E621000-memory.dmp

Filesize
4KB

Download
memory/5488-244-0x000002B77E9D0000-0x000002B77E9D1000-memory.dmp

Filesize
4KB

Download
memory/5488-251-0x000002B77EA00000-0x000002B77EA01000-memory.dmp

Filesize
4KB

Download
memory/5488-252-0x000002B77EA00000-0x000002B77EA01000-memory.dmp

Filesize
4KB

Download
memory/5488-253-0x000002B77EC00000-0x000002B77EC01000-memory.dmp

Filesize
4KB

Download
memory/5488-254-0x000002B77EC00000-0x000002B77EC01000-memory.dmp

Filesize
4KB

Download
memory/5488-255-0x000002B77E620000-0x000002B77E621000-memory.dmp

Filesize
4KB

Download
memory/5488-256-0x000002B77E610000-0x000002B77E611000-memory.dmp

Filesize
4KB

Download
memory/5488-245-0x000002B77EA00000-0x000002B77EA01000-memory.dmp

Filesize
4KB

Download
memory/5488-261-0x000002B77E610000-0x000002B77E611000-memory.dmp

Filesize
4KB

Download
memory/5488-264-0x000002B77E550000-0x000002B77E551000-memory.dmp

Filesize
4KB

Download
memory/5488-250-0x000002B77EA00000-0x000002B77EA01000-memory.dmp

Filesize
4KB

Download
memory/5488-276-0x000002B77E750000-0x000002B77E751000-memory.dmp

Filesize
4KB

Download
memory/5488-278-0x000002B77E760000-0x000002B77E761000-memory.dmp

Filesize
4KB

Download
memory/5488-280-0x000002B77E870000-0x000002B77E871000-memory.dmp

Filesize
4KB

Download
memory/5488-279-0x000002B77E760000-0x000002B77E761000-memory.dmp

Filesize
4KB

Download
memory/5488-228-0x000002B77E440000-0x000002B77E450000-memory.dmp

Filesize
64KB

Download
memory/5488-212-0x000002B77E340000-0x000002B77E350000-memory.dmp

Filesize
64KB

Download
memory/5488-249-0x000002B77EA00000-0x000002B77EA01000-memory.dmp

Filesize
4KB

Download
memory/5488-248-0x000002B77EA00000-0x000002B77EA01000-memory.dmp

Filesize
4KB

Download
memory/5488-247-0x000002B77EA00000-0x000002B77EA01000-memory.dmp

Filesize
4KB

Download
memory/5488-246-0x000002B77EA00000-0x000002B77EA01000-memory.dmp

Filesize
4KB

Download