hxxps://nihrio[.]sharepoint[.]com/[:]w[:]/s/NIHRIOEmergencyDocumentRepository/EbxZ4FkO_xxLiJi_A8qU7soBDiAcYnUXCY94Mg-WoVvpCg?email=konstantinos[.]kipentzoglou%40britannia-pharm[.]com&e=JTSpUz

Resubmissions

14-06-2024 10:36

240614-mncc1sxalg 8

14-06-2024 10:16

240614-ma61gazelm 8

Analysis

max time kernel
339s
max time network
339s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://nihrio.sharepoint.com/:w:/s/NIHRIOEmergencyDocumentRepository/EbxZ4FkO_xxLiJi_A8qU7soBDiAcYnUXCY94Mg-WoVvpCg?email=konstantinos.kipentzoglou%40britannia-pharm.com&e=JTSpUz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3784	msedge.exe
3784	msedge.exe
1208	msedge.exe
1208	msedge.exe
4336	identity_helper.exe
4336	identity_helper.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid	process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1208 wrote to memory of 1808	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1808	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 1744	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 3784	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 3784	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5096	1208	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nihrio.sharepoint.com/:w:/s/NIHRIOEmergencyDocumentRepository/EbxZ4FkO_xxLiJi_A8qU7soBDiAcYnUXCY94Mg-WoVvpCg?email=konstantinos.kipentzoglou%40britannia-pharm.com&e=JTSpUz
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb9ee46f8,0x7ffdb9ee4708,0x7ffdb9ee4718
2⤵
PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:1744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
2⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
2⤵
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
2⤵
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
2⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
2⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
2⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4028 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
2⤵
PID:1712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
2⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
2⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
2⤵
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
2⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
2⤵
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
2⤵
PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
31KB

MD5
057b4044a8eaa3504f481ef069d20adb

SHA1
2327e6db6d830933ec8b49d739a301704ae00868

SHA256
ab5b59a4ad23ef3cb8443e581b69b35809aca54c9db92198fef9994e35824d84

SHA512
ca4941ef21296778852067579788f22d4ad6bd01904ad41c44530e86affa8d4f4dc25ef385319f0c7a7140ff0d26a162322b48c4d4fde889800ba11c0fc5d794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
85625ac22dd7a2f811731c2bf9ab79ed

SHA1
c1f2b40132b5d2cdb7438ea18014c640cb44ddfc

SHA256
a0474d56f74bd86dc74e282115a9a4be85699243a861f56168204f33fb9a69d1

SHA512
5f3cfcc6c337e8f840ff69e6898197a1d833ba889c6de10bfae33446dd7fd1b58d0f0f14512a24ac2bae04bdeeba351f176e6c4affce63456620c62ae351eed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
fe0a2b36fb03deff6615d6f7b682b184

SHA1
b5699c8af6c9ccf8704f3aaef86007f84423b511

SHA256
e58b8ab77ffb9c62e4e2e35b70fe0248ba3c98c624f5f1bf74e94bc228f7803b

SHA512
eac8553653ffdf8cb62a9badbbf6a4e0fa5f7ec4ddd155877cedbc8c60dd7f05b8a2ad73f8f8244d7e7a0eae069a912d2ceaa48f8dee538e5b9a375cd655f454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
6a59d6fbd395d7922c459e7d1fa0355f

SHA1
bf2d067a5ab296f3b6a433ac0e4cac1bd5b1825c

SHA256
abe7fbadff1056e44cf3c256284d7d9ea605a79ca7dfb156fc9fa1ea2ce3f503

SHA512
a75278870bc7e74374609afffe40d8b7251adff123920abbd2230f71fec1e8f7d179cb8326fab1f67ee2c420f0ead1fe95943b1a9b62901a01c053c58ed3378e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
b910641aee3f1e6c94d9e7cfecfa520d

SHA1
a508cf1a31f26df725fd3c0edc83442f0550bcd3

SHA256
195709009ce1f4f1dc96caed5a4f54679f13069985e0933dc1257440b6061633

SHA512
eb7b1e342f1a0772363fec5e9b3ca4dc1964a0095ec476c5d4ba1b216653d3516b302a7350206e813cf27a3f55e9bfe3270fb3577f8289fd07df804c24ad8538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
355B

MD5
3db09c402801b76ab951bc981abd1070

SHA1
d1da7aae9bde0992db752dff001305d183034425

SHA256
6f18409d4b3391c245830a8bc549132a751702f749561815ea025838a4d2dec8

SHA512
7fe11acc0d212764c67f6b543ed94bfb61cea91e739767501348cb508fb0b6d9a26c9b68b0f3d9f64fb2f1a4499b4ab895f2e1b5519ca89eb292cfb618ecda5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
6221d3d00029dae7fb66d7fae1c9483a

SHA1
add1d1ae1c4c6b39b7b42cab0a43edd33eae5e55

SHA256
9935db496ada9418d4fd0b106195db2d1e593071e75ee6acc57182b6d3358616

SHA512
e4e42c7f148f6f8da4cf71ff075bd6cd7164779b4a703420d596de308670c73e91e43ec08f1560f68c93fc1424a90fa85f810b90fd120a01b47886c329f8dafa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
911027bb6c06d904ae4a567eb6c73b3e

SHA1
5f72517f8cb500c55afac3ec3277da6a1deb9ca8

SHA256
0f7611bc38a761bb7374d95d334876fecacb18343b894e2b7dc2ad0eaf0e37ef

SHA512
ffe5002abc0b7e123673a59f34a6879b3f8fe4b03434886e272a331edda9f240755b28f23bec53a5a53c029404e053971dc26e853dbc4d1db8447e5a221881fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
df960df7c8a9770df0b53af8942b97a9

SHA1
5a0f4415e23ae8b1f831329e4f353cb985749238

SHA256
6aee4a3152dd97e8d5121320dd3ca6b6edf5fd151728d2feb107f8a281cda4f8

SHA512
a96b0dc8e96f38e33cd7085a87fcb40ade46f638f8a33dbbb888826dfaaba6c05ea406fc897cb8bf755cf1eb99057882864a1a43f2a20a26ea1731adb2fdbb1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2e506ff22d4bdf0f1dabf179e6b6a3a3

SHA1
05fa9c6d450ae7ad14ea5c5049d0675e342e2991

SHA256
5e15bb8cd18a9d4e80dfd916e2721a8112e6b10a6fa947848eac4f913af4f950

SHA512
1add7b549aaa845a6cd86ee6230d1e89319deb869673c4900e930229ef0a0674f7c507cddbce938f01af2d8a4ed68074d3082602bfff65abb25c34abc5de539d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f0a7bc0f2e3493418d51627d4814a562

SHA1
e0777d62f285ff9384163df5f4d9de0f025bfae7

SHA256
d82b437a05f00b00f9214259a43701542efbd85cb8cbb7ca54f1e4077f74edba

SHA512
d8c4ab7be65447206a8b4f387b8064c3403ae48965fbfff87eac848b70edbc8f52a78c2724c34e0e95a6b44b957fb8a690e90745c95b5caebeee00326cf8eda8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
daf62af2f4cb7fd1259c928bb5ab317e

SHA1
4130e980d57ac48b20ff11c452c20a2e9bfd887c

SHA256
6c92ba6a74bcd33128f84d2095d0f2b5500603504e22518e928e6f19a54ef3c9

SHA512
b873b917d5084a9521b4b4283f8d92ff9fe4455a2906a3d5d8b9c6a161ab11f148c461af5f458972abb759150bc48d59c863bd6cceb7ecfefe9901ad153e6ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
2b128588a4bb425206aabe3662e0b7d8

SHA1
8b5c2b15de9e4942b8e77708758a3c793ec5b29c

SHA256
52fae0710e7a18fd829fe1ec9c9ad7d7ebd4f92496949c3d3b40f6786084cefb

SHA512
5f5aa9c23758907b9bee120806a85a3e5f818934b8edcb2b2ef460ef7140ad671509b7456e0a9768773b08e1e7ac20f5a303dc80389e8116520fc284558996c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
4116397b6dcb3d81ed39c76ea263769e

SHA1
596e383974f1eda21a776c07b5ae870e60e36b49

SHA256
99336871b16af0f47a2b1644094a51cefd553864e275c1a77c5468678076b838

SHA512
fc2d4071266af89cd47a8cdc482817bdf02cc5fcd2f94e4c6fb308b1c0a587e48ea9c19691f1ac3c06255e43bd3b5f97e6af214362fcbe0940ce3a226fea71a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
67c50ca10c004a8e9508fe5e97f48373

SHA1
b46daf63c4537a2f119af6b8c0de1c663b1edd24

SHA256
f27623754c25b7fd78a9f3d02cf329fd1740f7efcb78205594c8d00709837da6

SHA512
07c8ef7da52c1952626c38ec8b3929b4588b24b0ced206b4a6220decf99d7ef9cdb5755927938edba7cf8007818341f7572f843a3978c2516f97db3927980638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
21b56723455b882e971036e0d0568dd7

SHA1
4672a425fa51d7e0079d295967eb42f09712e088

SHA256
c7cf714071f769a7c0cc82aa8945e354c1ad18a0339e4b3033cf20ecdeca76c3

SHA512
4a4781b1e0536fa2a0ec6fa0de685155e46f4ca566ff50e6b4890fbad06f0e9f9a7ac3c325ce3b96758f010c3722208eb863ef940fdc66f4da75f7581f51f701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
8a49ccb31ee22d429875d33827a493a1

SHA1
05223ee35892eba8be229b9b3a9b0d34b82a6da4

SHA256
35bbe51cb9f00fb3a2a223346532b8237d45752e51aea29431608c469ac0396b

SHA512
e2e3fa3f31b06cb6b30c408772d3d1bca94074b526fed49290ebd4c793fe8022e1b4e389ea14347b4812a562281496624a4e3f92bb784b945653f3f85bd0eed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
367B

MD5
a21a3b443722f9bc7566405b4eed00d2

SHA1
86aba16483bc317e87ba8d277aa11815652cdd2a

SHA256
910d473f97b3324a9edcb8d91377775776179a6edc2329c60b919658ef174c4f

SHA512
cc55b689bc7603e2ecfbf372bc284df8fe348b0853eb18104e512ccd97ad60a2cce2f2b57a1ddbe73e8f6d094993f12d59fbfc4a64e9e814a452c64e56efea1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1be592cedbf11082a6b0738643d9262e

SHA1
294c6763e4ee5652e2514df57bb2722a550dabeb

SHA256
d7e98a42aada817fa925183196e61950fbf459481b94255392ee8ff78476d40d

SHA512
63184fbcb61beef47c681f35a897fbca524c702e8c52b1eb9caa52680f0194199ddd5c883a15deb480ab8592db798de7424e3dd3c4653ad717d64c9c3dd1c708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
87427f2a3c40133c0a3c6774bf7aa6e0

SHA1
efe9f824201e9dc70d462fd3bf0c59202c83b34e

SHA256
2d7974999ec843ae8ab61b66e215b97d9dc1434f65b9a432852d145e8fad9e4a

SHA512
c51c3f828dd1ac3108780995e6f7e9fc4a59f1e0303faf1cee3c10a9abde3289a2b11606625c7d0c54c3a37aab24d0faf07f7ac82947242bc7eef681afca15aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
6489e8cdd25d1cb356737e7098ca7fd0

SHA1
93421c877f4ac7ce55b009f7ae959dcb20a7cf56

SHA256
07a389737dfe2363a263c1004f365f6f27e93f62ecec1124d88a2a27fc0f133f

SHA512
b2fb6c7d5d166caa4cbbe74d7d392418a40ddaf12259b1621682741a9f221828cbddb52fa1e56b62352fdd59a2e26ba52ff84f9906927dbc6451eb6aa9aa5326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
1fe06218d0e5fad126d70a85231753d4

SHA1
9ebc652e79f5522b10528f12be35d175da2673df

SHA256
4eb09eb40ed0050b6999edf1e45daeb218289638f03098d43d33325ad4cfce6b

SHA512
fd8a87d2a7edddf599fd08cfc74e2adc24383c2479414184b637376a6d3a696aa4157bbb461360a56b2bc72ba790ec5c91eeeab2f5c9e82de12169baa48d75ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5798d5.TMP
Filesize
367B

MD5
96782919478cc872b811405de0c44abc

SHA1
dfc447107a5249d537df9f019f9cfca1b74712ba

SHA256
50866db40de9a9a3871c6ad2a45687d6f308a4b4d9b162ebb381baba62e19e1f

SHA512
d27637ba87d05f296d093aa684212f37647a3c4ee08af26300b731d1b5ac74fc8ef79c6d277315b53ba4c78c00ef2069338714da67c0080867089b8fee6ce891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4e172d3a82ea62e0a5ecf2873cd9e178

SHA1
788fbd93163d90e10e5c1a916223f12821fb2b4a

SHA256
2c80ef144249e07c0b39f89c6770baadfd819608f4a2725e47a0127bc44e73d2

SHA512
b0a91e710fe489308d861b4f26c4912b8c4feef19d79a46564b307c26d95aeb2f82cfd482a84880cd7bc64e722b36ffceeacb443e1e5b510fe6f3f28e32587d4

Download Submit
\??\pipe\LOCAL\crashpad_1208_HTVFVHGQOFMELEIC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit