8fe4583cf847a3e4cc653a99560be735d4a37dc801ecfed1814d732b990cd5e8

Analysis

max time kernel
432s
max time network
408s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
25/06/2024, 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b7d82.html
Size

9KB
MD5

26d99063d31a65a570edcc51ec109883
SHA1

b136f9b09776e84a9fa03f0302d7ded7e45f8394
SHA256

8fe4583cf847a3e4cc653a99560be735d4a37dc801ecfed1814d732b990cd5e8
SHA512

720066f0c04593116d526bb58b00c85931da19c11bb20788f5b7b95feac3fd1afb57de04031c7be543d1c99824cb11788f4806b70f7ea947a2e17afa5c983545
SSDEEP

192:AWhb+DWDbSLaLoq7qL1LNLgTLeLoLDL4LZXQoFnwi1ohVfUV/dIL5Amp3w8hXRFB:AWhb+DWDbSeK5xkTKcfEtXtnJ1MVfUVA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4836	msedge.exe
4836	msedge.exe
1888	msedge.exe
1888	msedge.exe
1444	identity_helper.exe
1444	identity_helper.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 1124	4836	msedge.exe	79
PID 4836 wrote to memory of 1124	4836	msedge.exe	79
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4384	4836	msedge.exe	80
PID 4836 wrote to memory of 4920	4836	msedge.exe	81
PID 4836 wrote to memory of 4920	4836	msedge.exe	81
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82
PID 4836 wrote to memory of 4936	4836	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5b7d82.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d6823cb8,0x7ff9d6823cc8,0x7ff9d6823cd8
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,12117823378492863699,6449303342212606532,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9a91b6dd57fc9c4880d34e9e7c6b760f

SHA1
77a09da6ef4343a8b232386e000cd2d6b9fc30a3

SHA256
0170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a

SHA512
9fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bbfb66ff6f5e565ac00d12dbb0f4113d

SHA1
8ee31313329123750487278afb3192d106752f17

SHA256
165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754

SHA512
8ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
43KB

MD5
b5ea9dabd1468ce2ecb2ded7458e8ed7

SHA1
489f90fbc77afcd93968fbde2219667600bc6b30

SHA256
0622313cbd2de0e6119e09711b50c3d27823a05d9296f1f00a7d4157c2714f48

SHA512
757307dfffc379c549886fca545c43b7d15c6bf4ea43f035f454fb30576568c51b8b547060f7403d884a535b46616602c14c1b3def2ebec75a1f328441901d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
39KB

MD5
fb7f959dd9be7bb8809478e73406cc8d

SHA1
4f36198d8f82baaed6bcb0c51caef53aeb7db489

SHA256
90a7cbea634cc91ee7e6098d41245b5fbf947aa173cd30a8ba34c2a22463ecd9

SHA512
5b7c5dbd12508719ffbb5ef7d7439a8c33ee50ef8483a71a20436d8e4d575248a79a300e5d8eda2a547191ea1c3d5678b3caed91c6e20657455418e7ae32fdaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
32KB

MD5
c752d0108181aa1b47c3014e6ab43921

SHA1
5bee7a436d7be2d2f4d5ef46b785e9b4345ce1c6

SHA256
71dafc170dc9361d7d2df4a6ae7011e69be8074f96e899c613ba632325d42b42

SHA512
7ac9f7c493fae42d681bdbb4833c086d06226af9e168b35621502c316a342e8481f536161d61225115512f030f6f1baf20d1c926ac9512c2224100d6e0df5ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
22KB

MD5
a3f217c9c00f17197d501c5bc64c6bd8

SHA1
ac391057b52e2922215b4ca12cbf8e1ff64b2ac5

SHA256
38028b72152ef8ba07235b1a0afd0e88576755e9166769fbd72ef8915bdd409e

SHA512
d2484cbda932dfd36a0f2157caa4ec8b7c495a677634379005863b038d79fea0437c60cbf72ba5748e428f01435a2772a3e0798be4d2b179361c7d90e2faff4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
24KB

MD5
579ee9ada13108734827330d90915d6a

SHA1
a93e290a2f05e3f7228bb46668469932db63c020

SHA256
35f223c334740106b359ed3b053e2bb317fab21995f9bd794e46d6af4910ee5c

SHA512
e000c95276e1b6a1cec36353b31952be3fa883a023f2ebde0044de9886e610b68f80580dfb034125520e95a5fb8caa423e6be52873a7a5baf75edc945f8ff408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
79KB

MD5
3cbcfb05b4492508d23fdad34d1b2b8c

SHA1
fc82f6c627bca9817ec1d55a98dc0a1fa65a3ef4

SHA256
9840cd1a2c6f81050dad33abb5f9449acb422532c6c8ea965d56e29bd7083ba9

SHA512
407d2f6d40fca33d4d342640691f93e8ed540f3860485ceb4cffb79f5df5ea3433a1505b06753a4ec69b4aa3e7601055f92ff4f5689ce86e8708e791c61a1e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
248KB

MD5
d959ad98ab778abaf615aa46c07f1ccb

SHA1
1d82f8a9180582b672a20d48c36333f9a9b6e709

SHA256
43822b8e85a4245bf28bed58787e363bae9b6f8f413c1d33ba83f5027f1895ea

SHA512
056cc0756222336783dac31c84cd2205793df98c2e89aa1fc1f14dd7c88316c2a47ea87b2706750c4b3621f6f22f0dfce1cfd1a79f156e51973b6ea6d6cc2fc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
53KB

MD5
0c6799a64b8413c59bcb21cc93549c37

SHA1
2bc6911d7bcf978c269f3415952a0bf35628323d

SHA256
93773e51c9c03d25bfcf32b54a62c40b546468bc1078d22c111532f38eff3cee

SHA512
77c0a4229df49380c8c9d5a7162edd29d70cb96f259000ff10dec1785f999c266209c6b1c47d31daa756d73cc61e9ed3fc0c3907f6d789c1ca84ed42f749a95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
64KB

MD5
411db492d2f473ec34598d25a8a11b91

SHA1
e7af37fc9feba17d792df7d7f0eeb7ded3d654cc

SHA256
d39af0826ae839b150049f0937e0b94221f9876410ce3bb0ee69a3e73ecc8b5d

SHA512
7bc68e9b911fdd2291ec77ec1ab6875a5177f00faaebe83cc3a2ae5fb9ad106730185a2b03e0d2fd0e85d49af0885becd98a1c76f8498a184e78b58daf50c15d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
52KB

MD5
8ed76c5892de99ef96a55198d2f27b31

SHA1
7b1e05b87362c50bd57daf18448a9130a8685912

SHA256
ecfc008ab4bba7dfcc9474dc4cfd4981f47e32b811e363492dee3713daca9159

SHA512
7f79400b54b0b93f6c42a4b5bb60f33913682f296fd636adb6ce74834e741b2444a023abc7404bb9804595ebe9360a7368ad545e9bd740786a30dd0d2fce456e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
398KB

MD5
d00f9de4d0ee69ae3914a8385acf13c5

SHA1
4eb3cc327e427293620aca28d01c20732300c78c

SHA256
5933a1bc72020ca55a2f8bcd23a4966bfdebc9c23f4f2a2924bdba4e5bb47eb9

SHA512
9c6d895cfacecb2563c3bd264aebcf5f0cc0d4c296eb6ab3052b8d380a41d1831daf4d54a7d421b849af3d41d80645d79330bd40d61faeaa228b05be4eb149b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
26KB

MD5
e172e1c71da078158e4bc474497266ad

SHA1
5ac914d44082963b836fdf0ffc2e9866ccffdcd3

SHA256
9126eca77f2c402c2c27642a6950114a51240346c44a91144ac947ac3edaa9c0

SHA512
776e9295cd2249121083ea77a0d422023e04ac7418fdde30c424813b92cef3ba374311a9a5bd105806b6ef54a4eef6851a8338cab77ffd39424f2aef5e5d853f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
130KB

MD5
b566ac88efba1d7c314a0d4534cd76d8

SHA1
5e64ffd0330d7077b82ecb5f3407cc51531bd156

SHA256
ad9ca71720f0574ea5f27af1169bee3d599b47dafc291514b36b5ba7f6115f15

SHA512
0e9fd0dcd9d66023f889f20db3eb44ab81167a7abc09c5f971493a24153d34209cc0985e8e8f60f82f86492df059a6e4324e25d9e4ea16942d6b9ceef0d3cd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
42KB

MD5
9753b384fd2d1bd71e99ab10aee2a831

SHA1
d1868c8f6989a09cb6473fa7dad8464b09204bf6

SHA256
b213463d40eb67d424d5553a4499d5faf4ba83e958d6560498ae18a61b10d745

SHA512
204cae55f238409209eac5146039a31747d5f14506313ea900be618eb2f0be5751f3f7672f689a83e3cb56e8d97453512e23122e4ddcd96a1382ff48dc1a84c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
52KB

MD5
8834c6e055d9e19e2658951b27ea4464

SHA1
fed3375299a3c88d285ce2ace77c148e71efde38

SHA256
9b996e3388c4e9b06f5f2bf3a9eca1031582a3e809886f77fb1c537ea466c1d9

SHA512
fde3ea4a30a3e756ead6bbe0e5275733b3bac60e6c2537d014fb712e15e063589f6517dedcbb1f99ce0a424f409f2865295d0e7d86e237591d0c9d3c9b58d1ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
86KB

MD5
572329c85bb73f9029f96b67301af6b6

SHA1
c4dd751513364492e35aaa670feb3ffac4b249c2

SHA256
479457fc4ddeab24e3a725769eec88a5270d31f4fea059ccb19c2850c101d951

SHA512
b4f0bc2dbbf0cc54e8128a9c2e358615d55f7362aa661c786305a38150e15d8d3a936cbe3218e1deec155c43e23f26384680ae5c91bb2bd470cb53effa534fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
98KB

MD5
eb11b6c812c737207364ff07c46ae1d6

SHA1
0ad8dada26c0f50770ac812e18100ae11edccaf7

SHA256
a5e59971e750d7987bc77aa4076881ea015630d6f02bbe6132e2c146bde8899e

SHA512
f2ee21a395015afec507ae9bbb460bbb2e6788566974b06a3f76f77728660c2a60eb2d57fcd6eaed11d76694b9cceeb7f165e39cb134130410fc8b8cc39f10fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
38KB

MD5
e3f9bd4b82236e2023b8fe6edb8ff7e9

SHA1
6b3e2e65cafa3b466a789c71fd29a7feaedf20d6

SHA256
2da266039c1c8cb7ecf5500ff14281c03a5f47cf98f061e941497f9130f2e948

SHA512
4e4417e50f2d53187de60394454eee5b26511b1179cf49c51746eb80ffcfd5e6bf4bbf64f35548e25fb5cee9f3b77c5c10fb98150c03cfe47efdfc79c42492db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
509KB

MD5
5dd551d541f9c72bfa4ed8621d46908d

SHA1
6dd027881f710f35f85b4899d8aa8bee3e4759d6

SHA256
67836b0db963caed2064f4829efcc4d0d73369dbe4a71f4cdfc85c04835744a5

SHA512
b52afc649e1eba46613baf27deeae16dd94aa63b7ab2a6f2cac75d3d1fa3e92f94fb746295bef2eda63e3cc8b38e109a3e0075bc1074f27fa455eb557050b4af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
27KB

MD5
0e2ee02874d250d7602ae70e15e174c6

SHA1
e1ae348778a4318680b6c7ff26ae216c348f0bb3

SHA256
ae3f0597ef34719d83d8153ec6a734d18c28098264f903424112be85354e78cb

SHA512
469ca42c8c9da54e161b7a826ef48240762ad42e94060458bf8d6f73f618956bf0ffdea875c03e2fadeea72493ade9bab32b70decfc4754f066fd9aa93e02de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
35KB

MD5
51cbd7213ae115ed59c3f2874014ab69

SHA1
d8d1a69f5d19c825cd0b44d875c95140c3129e0e

SHA256
cbf4d73ccef8548406b20d54b8792830468541c81bf78b22e0b4d24d811c5f53

SHA512
0614aeb0394b101c39a5aa0d5e089158e0f4b351836ff0b64aca811a5aaf338eec03404f1b51a04ffde3ff9f14233468ba72578c66ebbda1689d35fd49273ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
31KB

MD5
868aedeefe7669e8a4f7196f7df5d058

SHA1
45bd20ef2c6b717a2526efd98a01207979b2a623

SHA256
d8700b022ef56752cd12ff224b3f409e84aeb8a43ac68ba052167096baf46555

SHA512
45557b3f328f014fcbf09a848b2f22e66c41968b03523976f66f9381b0408461766f1b837caaa67a26c4b707ea81ef32cf59776244d19bf0d569c63753b5c0b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
30KB

MD5
57cbbfdafc43e0deecc75a309dd042c6

SHA1
b9cc2ff331b8520706de175f5b3fdba6731a9bfc

SHA256
a9117f16bdaa64c953b303bef951dfca6316ef59f1b7ca72d5b946b1d815f6a6

SHA512
c997d44853dbc86c4a75e123306e504ab88ffdd7449b196ab200018adf355183a474ef71f31e61f949be3cb7bac888d3f3a22aec4226f9d50bd8b3fbde1ef13c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
31KB

MD5
1d8a3ca887acdb573cccfd7fbbc912ac

SHA1
1a5d10d7c8f46428f305e3c722c49c4fce950926

SHA256
d8060f77b91d6ffcf27555e75d4e362c18a7ea2014c7a9b43477c1d6d915e291

SHA512
ebf638d5fa09a4c9c1579794a0d2c225cea4ca6e2be0fb485546260206f6c5ff8be7c3916e87b1ec8d9c778f00263d5debbc5d4ddf0e5fc01501f6a9bf8f4a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
34KB

MD5
b67ad27c72b442c3ded73301bc4e38be

SHA1
c028a7f5a32df2ab432e5318230a8705655973b8

SHA256
0ac0c10608a081e20f3c58b93fb43a202036821f7f0302aa6ca908a7c69bca37

SHA512
1ad484eaa0ca55cb88545beda2e0ae0c0de38777fce6bfcd11589b672ed77b422f575e2aaaf6d94aeafc7f3b2019d485b6e9cfb9a2c068b5bcfaeecf2c5afa8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
46KB

MD5
3c87cc73fe3068722c4acece213fff0f

SHA1
5695bb459f4c2a0d017571156222de51f72b38bd

SHA256
10ff886733aaf6f6db3862c0f26709263389f928665952f60512c6201de53a51

SHA512
acb388d45af6b706a36413d41f9fb9752fbcbd4787632a438126c45b5cf68d75f7d285670be780205436daf97e1d4ad702f69535e01aa00632fa9314afc1a08f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8ca0c38fe89bd15da102639189923a8c

SHA1
d4b273def523144b2f251e7d3c9b0173c75b0b22

SHA256
2d283d3b2c1d9ae3f7b06825544de84c32888b1213f8c34d2560e92f9789cbf4

SHA512
6094600416ce2e5f9cb24a8136818a8b38bacd564f9bd31a11310c44cd3086aa46055bf47ebb1a1c3d6a04229756f9ed57f85bbe2b16339facbaf25672e5b928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3d0de746d7f22f4fb84309425c0fb749

SHA1
cefd5da0e2e21712ccf3b809ba913b696a6016b6

SHA256
f0aa174eaf80ecf9d726f81334d4b5932b2599fa0594d0241b287347e928b92f

SHA512
0d979964f34d5903dbf1cfa6e3cdd88e204d05d5454ea028a0757e8279135d6b8ac495b3b3facd3965dc073a1d2cfdff7f712ac96d1eebc09296dd1f6ca8356d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
236c5b41c98db62f44a6411e2149d9f6

SHA1
33785deec53ebef69ef39509dacbd69e8ffe1734

SHA256
df3a7e32234e7c68252eeb07efb44c5b1e56f3490528819aa97f25bddc9d2355

SHA512
0d6103a4930325f9fbf452e963b8042537299ad0da422730e47bc073dbf7d55728318a02408eff72660e3bcecc8ca5a6dec4a5ae9608306352210f22f46ad2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0010dcec625174e229109dd3bd70e933

SHA1
d514ff0445abf734aea771fe3cf980e64ea8b4b8

SHA256
b0e875b5afa1d227907e3e4bfde41d560482c27426fdb562f355bf11ff823aac

SHA512
d71ba38dfc5b744a5ca5a9fc7fe9f9e9011e1c3913877cc7827a0524f52f97f4a902010f9113f5911bbeeeb3b50de8b1c008cc8b7f4cee15b9a9ecc00bbd677e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b9147bed413aa94ce15c4d6da3335134

SHA1
37b64b63f87a2969f75fb8e44df039230f429c07

SHA256
43be39425f3463c6a4891a7d99596d51c38fde06d6420c3a2505d47da09ca162

SHA512
23cad8ee1073513daad2d1860ca67bb6003eec6c155cb27e0b0f8640fc98a43e6c7a45b0bfb13d2dcf303957541f91c435d970ca446070a45da6d1e3eaf5f275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90a7b0d862732a6b2152bc2408b183f3

SHA1
d21107aed9693877bd836f3d64fc0eaf9178c912

SHA256
b2fbc6734a62743f22b67e42c57360ad486f9aa890ed8b7530705f589839154e

SHA512
6f4cffef0b56dceda806227ec9ead5ee99e08f69997ee96f4bd6b57061f5fd8d803d1cee1e14a57fe51ec40f2afb1897e2c69e69a96e2178d8619f1e6b98f028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24429f91c92c55da3ddf57defe20bdac

SHA1
879a86fb1e1693e842159d02d35e54ded08c8b85

SHA256
db5aa4562fe30c031d151ea183307ad6199ce5e541f5a1388b71885e19f0f23a

SHA512
93e0286ac2d4775dbe427caff898a21e2fb91a121db6c2898fae96b64c56423cd1f28c0f2e58360daff4e85d385ac4e14b163826686903ceeb2ba9e459d8ab74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5eaad25a236400b5b797ab300752944e

SHA1
5a35db692cdc7e7820ed79f92271080394fab8e9

SHA256
4a478cb2791c9093ed6e911c8f15c414b84027d69a1d4318386fc83e723a2820

SHA512
ae78d2bbcef3d2b1268518fe6f85ac621bc2e0ce8745be79da4c29a71f38a36f7e4674927a6fb8bbce0c750b03aaadf3b5952e521a429e92f822c288a3cfcd1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
50559b5b875e1b23634227920fcea3ff

SHA1
86bc6f821805aaa4cfee66b47c3a89244b4cf150

SHA256
abd1035af159424cc3741c43ac765cb3c46df9da29d8b42e984383cf369a10c9

SHA512
32e9faad835252efec40cafa8be1b7f7b8993157a29d69694434f9ba4d872075104fedd9da3d2690128a83fa0c9b193d9807190c6dc737d5fc028227e2d3554d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579cec.TMP

Filesize
1KB

MD5
278877933eb47f5eede7d646d81ba16e

SHA1
c7c60aee3cdba0a5c2ddfbe13a76e5b25580f354

SHA256
e8d69e11a58ff61c4db02887091d3bc3371b4c456ea3ce11e8bd7768280b9812

SHA512
8acf39be00649ca406f8e577b259466366f67d2743251b52879d76439542aa8c2c21aaeec741fe5e2dd06bf8e61447cb9423bf3f45a65cdf97de466a1325b294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
932e936a885e706b454c6751776be264

SHA1
bca6835881457e12e983dc30a8857710e08e2162

SHA256
cea62a1063babba24718c2eeaf5378b282de1a6dcf3dba20397b3d7f4e0f1cf2

SHA512
31d4ddc1d4be81a8102b09487b80a40e67c9baa41cf7f1bc21df6e6fa74d278c2ff2fb7ca7fe1a28ee25b21656f6695eb7e82ebc723d27a1e1ac229dc8a4d606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
88986c96836b8630dc5c4570841d6283

SHA1
ec09ead2b63ebd55f7cb2829f872492b593800ea

SHA256
57c76502d9151d36eb195b417e57fb250c7bad1b0c5f16af7c98bb7809d44b0b

SHA512
b5faf7f3b62bb553c252f705225428afce08bd7e2abbd78eded49c335444c754669691010713656d9ffd677c7a19577b332fe6f09c2a94401ab21f30295e2219

Download Submit