hxxps://t[.]apemail[.]net/c/nqkr6vk3kzmvyhqvdmdrwaaaa4bqmaqeainqogyhdmkxs5qvdmkqcvagayhveflk-nqdbwfkcivnrkgyvpf3bkgygamaa4bqedmcagbahdmdrwbigaqcqeaiodmdrwby3cupvkw2wlfob4fi3a4nvsqs3lmnrkvcylfbvmvcdcunqaaahamdaebacdmkv6q2di5ca2gayirdugvkekjcucxsukjcbsvcydfbfygapp5oa4uqylzmvguspdfpugws3cunugrkckinqaaqcdmkxs5qvdnmuew23dnmuew23dnmuew23dnmuew23dmkqcvagayhveflk

Resubmissions

24/07/2024, 15:59

240724-tfksravaql 5

24/07/2024, 15:48

240724-s8qn2axamc 3

Analysis

max time kernel
283s
max time network
285s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
24/07/2024, 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.apemail.net/c/nqkr6vk3kzmvyhqvdmdrwaaaa4bqmaqeainqogyhdmkxs5qvdmkqcvagayhveflk-nqdbwfkcivnrkgyvpf3bkgygamaa4bqedmcagbahdmdrwbigaqcqeaiodmdrwby3cupvkw2wlfob4fi3a4nvsqs3lmnrkvcylfbvmvcdcunqaaahamdaebacdmkv6q2di5ca2gayirdugvkekjcucxsukjcbsvcydfbfygapp5oa4uqylzmvguspdfpugws3cunugrkckinqaaqcdmkxs5qvdnmuew23dnmuew23dnmuew23dnmuew23dmkqcvagayhveflk

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1752	msedge.exe
1752	msedge.exe
340	msedge.exe
340	msedge.exe
1436	msedge.exe
1436	msedge.exe
2956	identity_helper.exe
2956	identity_helper.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1540	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1540	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 340 wrote to memory of 2444	340	msedge.exe	79
PID 340 wrote to memory of 2444	340	msedge.exe	79
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 3164	340	msedge.exe	80
PID 340 wrote to memory of 1752	340	msedge.exe	81
PID 340 wrote to memory of 1752	340	msedge.exe	81
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82
PID 340 wrote to memory of 788	340	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.apemail.net/c/nqkr6vk3kzmvyhqvdmdrwaaaa4bqmaqeainqogyhdmkxs5qvdmkqcvagayhveflk-nqdbwfkcivnrkgyvpf3bkgygamaa4bqedmcagbahdmdrwbigaqcqeaiodmdrwby3cupvkw2wlfob4fi3a4nvsqs3lmnrkvcylfbvmvcdcunqaaahamdaebacdmkv6q2di5ca2gayirdugvkekjcucxsukjcbsvcydfbfygapp5oa4uqylzmvguspdfpugws3cunugrkckinqaaqcdmkxs5qvdnmuew23dnmuew23dnmuew23dnmuew23dmkqcvagayhveflk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff892653cb8,0x7ff892653cc8,0x7ff892653cd8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4542553698264049411,195615650045696559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:1884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:772

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc52695a78aa4e8734d73b7446ba59d1

SHA1
15dfb5759ff566206ebd6b8a864e9e43182d7f44

SHA256
fc18d4b0cbcbb89e7f9cbe630c18c94ddecf8b59e74718cc5ad1f66fe638cf9e

SHA512
dbddeb1e9678141910933db917260164cfd07d5f2fcf3c7e82fc2c6db486be7dc47fb193a676e7a23d4ad6936c946ede8def1c555332e41a829d94c207cbfd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce971e4ab1f7a51b5b9def5887018d15

SHA1
2f280b61a4c3297a3129d59b84ae971e90fdf9d9

SHA256
12e7606eaa7e67b697c8b098266fcb8cb066cd9f8f60ce43ba8405102a63af1b

SHA512
5358fb373e7ef29ac278c33161fbd06b4ac59b24be16e4c34f37ae88383655a182e30fa71cb7881cffc3af5ab055aad25d57f53f3114e6d79b946dbfaa228594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
113KB

MD5
3b0bf66c625ccda0244e93ac2c249ea9

SHA1
315a03a9660eb680c3a9295a0fb7000768a81c0d

SHA256
4b757b28dbfefe9278ef9e0625111f7f9ec7de346a8a8b272659007a422a3ba9

SHA512
16c4d3de8f16e6049f513dbd482220cdb6df4a47f5222ae02aca57b6fcc7975f124f77911b6bc121bf7bbb6d2b00c1f24b848a68c5233bdd897b1317ac0c7920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f1609ba0d9675e4fca64ca6e54d68a54

SHA1
4c7236376c7c8ee22fb611e602d0311dae325ba3

SHA256
deababef534f07aa49b82e027343e462cd48e5957ca6b805e2aa6b6c80d88ff5

SHA512
01344750374d834f7347dc7bfd09d1959baab528ead16a6b0377f1f444987760df65eb1ca59333cd29192cad5e0e3bc5b77ad1b648e603283ca9875d4742a6ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
bf47df61d589e259fbfeb39fd2c63b0b

SHA1
24f811b8cf5ec3163e34ab8a239fc3add868eace

SHA256
545206e0e24d3b4c32813177e172a885359162daeb97111188492effdb190d48

SHA512
cdd5a46bb023c4632f2ec19fcd846cec785e6e63bd472d7d4cc26f2983dd3dcb90adeafce4e813cfbe42cc3f3fdf4c8460bdbccac002f0f4d5acc60a98c19006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
10b8ca365c65fe66480285befcbca323

SHA1
a9640ca5414ce01818660481ec587badbf0651c9

SHA256
ed7fcfc97d5d343f4edcef5a4ccdca604d8520866010e86213dea4b716ff7793

SHA512
bd2a9be86ec67fa7681e94201915f9f58fb3742ac63f4ac3418ab0b78b61d393de1a2c1d353e28fe01125d40fe44c127590b47a3678a5444e6792473d9e6648b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
721220c55fba858619b16b99a7a9c842

SHA1
4cba56ec20af55ccaf7430235a57b116e4ff3e09

SHA256
00459ad4a4b363ebde02c21027be1b6cca5e672260a626c55048575b9f1e36f1

SHA512
d60780b0dbc02d19e7ee698adc39722af33a2fe040d67dcd626d7edb0cbfff253a82f6dbad89e56b9a9665fd4c528cbfbae5c5a56021cad499117e532d889acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
7c2c43ef0deb85e422d4be25cdaf301c

SHA1
8b1d91e6aa0a3914a0fd10486a857a8be10f1cfc

SHA256
02e6377fd9778636969368578a3de8b2140bee4cce02b30f8c44b776cebddf31

SHA512
8834d9547f00220bbd63e1a9bf4156604653324980203fe801f247fffc4e5e4b207b0ee7df821c195bb4c09613327af6fac1cfd10137c544a9cb214caaf848fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7be2debc08f985030c6a0400192e2138

SHA1
1c805e90d83f5a9858c0b953a9969487e8a28a52

SHA256
e3c73faaa418c7dc4aabc0f8dcbb3266ba844d8fd2e954f77741f7eb8d2b37ae

SHA512
425767bea681f616fdadb362af09450958eafb8e64659f96a9ef67a1700364dfb5c31fe226ca6655494906a8a1bf4d265adae2d4ba1e1331407aa6e8448fdc94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cf30e06f722060135e75071a9a386774

SHA1
a6ad9c9ff71198faf4d7d5f03a1404d92087dd3e

SHA256
ae652d9b4384cb3d96ad47eaa2f8691b63ebfa5c6e8446b15f4d5db591ec28dd

SHA512
dd1ad551964f3a613a6fe826085b1e999f4e5d3923321b7b18d7c411460761336eb9c1ee798975826b3bbe2b73d8514795e0739471b168dbe0c1a234b94209a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c3e3acf84dcfdda9eb88a44aa2a8e93e

SHA1
b66f01a581f5f7f32d35283e6cb0bb8ecf100833

SHA256
7d559b7c4a98d6b581bbd0f429c39018120673570be257ebd30e27d49366d27f

SHA512
0018f2a3cd5faaf3cd3765e1ebe34a82ea45ab9dba0033fe33f48895ed2a23d7a8e156baf11e10d57b8dd42171cde2d87cfe1bb740e653e1e3466fb5ec77d04e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1261d5a76335be79fd2877036e5a7918

SHA1
c95167b54f1de4780c9ec74fae191ce842926200

SHA256
ce6af6e2593ca7c5b6acde1c37988396c31d57349e9524620d2b246202ce4c67

SHA512
1b715c25efc86ad08cc2ead353b8c5b18c31aff9f389bdaa77cc95f0046692481886f0d0843f51dc8c01ab415873aad97915d6e5a5a5529171576423fa91e295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d41b2387f490388e6d5da82053ca9635

SHA1
6f859c3ac19d7519b9a26965df5aae6ddb5cc930

SHA256
023ae805fe476df7e0db5aee726eea0d181431cefd44dbfe8d37fb3d9edf6e28

SHA512
738c3285dde80a3f30beda5bde1ae840a555d8be5ed2cf371e7932a62891efb375e8bf5caad7f24b4c0df1eb432009cde065d931e2a5639ebb1475e7529928e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9b5d2a1e9cf100a3509f5a4dc85e36ce

SHA1
6b3118e06fb5f426e30f7c602113abb22a7da813

SHA256
a6e6eb2f9dddce718ee4d91690c30e0fc8ef67c07a7ac0d89f00befe26a054ac

SHA512
d41e3ebb68430b1974050e77a88c5eac894a7af79eb727bda87712aeda92e066ae06242c4f3a40e0db037b6d3226051dc80257377f498404b5ead0ace2a8c43d

Download Submit