hxxp://sages[.]sagetap[.]io/signup?sagetapReferrerId=6801

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://sages.sagetap.io/signup?sagetapReferrerId=6801

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1266786182-1874524688-71015548-1000\{CEB853C9-70CA-43A6-8819-16B8F6F78CE0}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3868	msedge.exe
3868	msedge.exe
2420	msedge.exe
2420	msedge.exe
4416	identity_helper.exe
4416	identity_helper.exe
2276	msedge.exe
2276	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2424	2420	msedge.exe	83
PID 2420 wrote to memory of 2424	2420	msedge.exe	83
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 2176	2420	msedge.exe	85
PID 2420 wrote to memory of 3868	2420	msedge.exe	86
PID 2420 wrote to memory of 3868	2420	msedge.exe	86
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87
PID 2420 wrote to memory of 1332	2420	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://sages.sagetap.io/signup?sagetapReferrerId=6801
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad98d46f8,0x7ffad98d4708,0x7ffad98d4718
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5564 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7830983101237367733,16886417269358233772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23b6e2531d39ba76e0604a4685249f2d

SHA1
5f396f68bd58b4141a3a0927d0a93d5ef2c8172f

SHA256
4a486d7be440ddf2909be2c2b41e55f0666b02670bbf077ac435e3cddc55a15e

SHA512
a1a7fef086526e65184f60b61d483848183ef7c98cf09f05ac9e5b11504696406120ab01da8ed7f35e3145aa5fc54307c9397770681e4d10feea64113e7a57cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6ffd468ded3255ce35ba13e5d87c985a

SHA1
09f11746553fd82f0a0ddef4994dc3605f39ccec

SHA256
33103b1e4da1933459575d2e0441b8693ba1ede4695a3d924e2d74e72becabd8

SHA512
5d5530c57faa4711f51e4baef0d1f556937a5db1e2a54ee376c3556c01db0ddf628856f346057d3849baa5db35603b96a0a9894f3c65a80c947085eb640348ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8be44375-ee80-4c69-a5b6-b1ff68a987f2.tmp

Filesize
6KB

MD5
9b7d6eaf2f362d88e797acc3c5857ce2

SHA1
9ee6b0237ca88eaa6597f6106c42a8c5ccf6a127

SHA256
5a322f2170e072bc04df5068c848533e315fedc12ee9187841ff194d5f07bddb

SHA512
d87988e534fba165439ca381846455e7ef80d5f3250cd9c0a13e6d0171033a767a27de7311e61b1624bf69452ea76b1fd7bff0144556c3b2d2a6e5091e992364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
55KB

MD5
0728625a147ca79276a1790b9cf3175d

SHA1
60d4d776f49c7e1627a935314230dce18fb3b382

SHA256
a9a1ce7d77f651dd85dbbbda3c151024e47c5c85569801c994cca98c52e3da71

SHA512
647fa86e7a24bad9b8e4664dfdde280fb2df9c0b58cda936a1671d4bc3a4cc314f0ae231bd26fcacffad0a428b9891cd04df63c6631e2aa6d18d8cbde5b654b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
a0a9e029273a33c553663e33f9164f26

SHA1
52282d548200cbb7e169474712efa2e284840e23

SHA256
4138ae9485912edc70ac68e0f5a3a83e8e3972bb50b327c88d83d3e06c4ce393

SHA512
5b2ccbac92bf2f01df2d6dae83cf03b03977357c901747dd3343ebb65bac28be7a0b5030023e835237446aa7c40583ba848ad3def5c334903defc99bf081bb92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d54b43e7710b8b7d6adc42687e42c0c6

SHA1
261e7e6eb0bfcb41348b03763f6d6924a7d2f844

SHA256
1ec80a377b1165c5c90ad42645b77b9c9f802ff52a26503c36af2b5da79f6caa

SHA512
fe504969529420c4c6081e008f7303c3afb8fc841ee52cbba6eb37cc1abb58dcdeb905b34c4e250fa1048a02b5ac0d1477862ef09ddf91d18a43ca5e4c0c76a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

Filesize
393B

MD5
37867cd6282cc5643c3da07f8c990a09

SHA1
e4f01ea394667a7ba728405d435d28eec11d005c

SHA256
7ae2e8d1248b69bd488cb2e54a1ed986dc26c095ac6432d9ba258af44000bd1a

SHA512
4cb778e94ae2db98a52405adc476a6553abf48aaba9c88993ab73da4178e3dfc45078c2b5ebb0b425d7c6e1b2c1dbe681ea0e88579e7e65584fc7665fd617980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

Filesize
393B

MD5
0be4b19ee0e46b8fa4e86258e402b7e0

SHA1
1c486640d973f2d0d76e7479c29534b353419b21

SHA256
72af908f804ec1a4244c19dfff76959d1e3ab4b6d142eb9e60e3b4b588924ec9

SHA512
42f4453d83636e16afc87ad147374f177c35a96318d8889043203e998bce97e8bfc27d37c373806ad01a89570e9779c7a57f8c65e496b2d9de8456407b202fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old~RFe583ec9.TMP

Filesize
353B

MD5
c892dedf99341dfd581a95d88066bfbc

SHA1
fc5eb00603bc61c83d371819443cfd478e9a514b

SHA256
a1628a71203183df71d223d10440f5f1dc38aa515c99e11f6545757fa06294f1

SHA512
c95186d1037bf841cbfa1039a9895ffa903e5e927832a009e9d3838b7af365401cfc761a93698f156710e9491a48a1e0052ee421dc0893ec87e5cb687788217c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a617a4a8ea752edfbd59a73d49baa91d

SHA1
f01b0d600cce31fe62f40f0445c7bc8b25f2aca4

SHA256
729aeb46e33b998688536c754d25dd650aea49a77e16306bf414c7b8986266d7

SHA512
b1b36008c16559465070c165ee09401d07625c99790b9c4fef2ef21a4abe5e18323691c92cb694d53e9740a22a9cc4ad409dfe701161c28284cf9a987b5eede8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
48ddb7c90d2e7b613b5280f428f724d0

SHA1
39d45bac3e92e45da61613f5f604ae8b817a1cf6

SHA256
cca46f181e01379b9b7ebf224bad4d1dd1ccad492fbde5ec372cd80c55f83e4a

SHA512
eb46dd7ab04954e1d30722abed2d907afbc1da0401163ac548b687feecf6426eb674a436345c84080285fbc8c302fafe44ca6ef4226ddd15670399dc65137962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
548d3efbfb93647e27132e9b8d3223dc

SHA1
50c81363ecf437b3daa1f3945f08bc54413cbe30

SHA256
4de00037cdd70dadc8274e3a752be515608e9d2f00cba2a0f75f32dfa6161ed0

SHA512
36d27e8243d1914f405ac0af00485fcfa88bd6f5ff082598195421b00c2a0c582920be8df21ff6041dc3bd4d9cf92df9742f80c75a5e1d9a04be1efe2166d2d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5d6881e7fb253c68b0687ecb4229695a

SHA1
bf1df3a39f5b7969ced0fcf9e2b1b3c6715d60a8

SHA256
d6410a13f3b6dbdd468547ba2e828691fb00cb9520086472b3cb050ae09260c2

SHA512
25982d45c3d92ea83572384a41bf1ad4a93ace9aad27687652586f11771d68225bd2a4fa7f79ab9ee5f68e731f4ed93f864585e6efcd1d9bb8450e26c739bc16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ecadfd584857d1856f3e520a4bbc683

SHA1
39c52dfbf2c7be9de34a577be3be889f8bbd3d95

SHA256
a0235d28aa13544588d093255077a40a08a1db176a3479dcbabcaccf0ccc7d1e

SHA512
83065f3ef54c8c392208e0baf77b417c06dac3dccfceedd54e463a119ce4f371f82820023280f005e6e7f0bfc81c13b0f5a889354e4fea258a03c3e9361a6865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4fe027a697e5b28714cf4202d75551c9

SHA1
191019b267e62809c35033f483d752671f3ef3af

SHA256
ef41626fd932d503f134b3695d772b8214d84f0ffc6b252f7e761d698dcfe9f6

SHA512
f1c6d19b70fb8973042e15d4d650e2e9dd92c830a79e569497ba0fe36e62b46d555446130ee3a75cacc62d40956bb546f2f8c61e4bd9c132de90910841793dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a4c5116493fc063fbd2490fb7acd12b9

SHA1
fe34461b5be7691b3bbff9039e3089131750712f

SHA256
fe841a6b8a800c4b1a46fc7220b5d82ba2becc9e870df3da1cde0c594529d6c2

SHA512
8d220e07cbe55bdb0f5ce3f7523abb121a471c6a98a5a5335b4ce7a927d1608f0afac3187a7e808596ee081d45065811cd5f14364b9794f189b5fa966fca7e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f156a57f088d0eb31097694f8b6375db

SHA1
7604edc1a3130ca6a00f913e63be09c35dbc63b0

SHA256
f9ea770945f5d233f8003b87ae6f68eac137e3dca3dd35e8cbda4629e7401322

SHA512
17d90ed6c4725f3579870bfb135cf1cfe24816ce01f486acdace627140dacafccb96a7f8f6e5fffaf6bf37f8d277ddb91bc82c740443804bbba048f51b62f406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bce16c313ad5896298020913619cd5a9

SHA1
04b65c2922988cd12e948ab5cae7639cf5bf2a0b

SHA256
c0910ac0d73fad22dad29bf39b3460287de8fd414670502aa6005a921c019af3

SHA512
49371b46a3dbf392c8eb247f76893b085de69a9a0b37b3784a1fc7c18b202e4af287b6b8b79549df34f5651a509195e4e84289c18fd26a8697042702c68ab3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
391d4288584376ba6ce869fece882a2d

SHA1
bbf67a4751ada1c4bea9cace1aca52fb14ace993

SHA256
4e5f11802a28fec0725cdf943f02165598cf25c2072ac306ae1e1434abe5b7da

SHA512
61aeca0f0c2e11fa0d80d0aa7c2bbbdda886c35684a4d162f65ffb2efabe7e01f2f60467ca041d28d8d2464f85001221fe783663b3485f4f77bc4d9744273eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
27def08a62928e83feb6a688f94977e0

SHA1
952b996cc36274a00f35a8db7f980c689cf35ede

SHA256
f92ecafe3e36421a6925e1484cdfd6d76800c970417cadff00baa2e72f05c675

SHA512
dd563703f379542a6978d79571902f6cee20cc55b7205de6452a2e26799eb107f3273ae54ee0893c93e94fec3f7853fbdbe08857a9a648339bc0d74df69a30de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e2b07bd4fef0dba5f4af331c31d69ec9

SHA1
8ea5338a1f7c132aa23ab882761cbedc890e2d03

SHA256
7403ec35b251cd1d61670efd80194247a96e3fc921d50d0896da656c999592c6

SHA512
2812dd01f394896d17160797e818ca0f732d74afc85e5889fa93483ecfaa122b4659ebb92f2e4838504229d697b2468ca0c5c14ca782015cc7c61d1b19d9348c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a71dcacab1f427c535523cf04837a5c5

SHA1
ba0cfdf52317c6e313016788b190c5046637efca

SHA256
9a19d1b173dcd633254d14d954ebb53646132c428082795c58d51893d64a076c

SHA512
4cbcf9dbb71fd7db6449b180905b4b6210810113b99580400cc0e46930f51f45ce849ad1bdafd5ad6b848bd1b3f4f295e7df0c5fd0616ee4abac20ac31f20e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583534.TMP

Filesize
1KB

MD5
a40664e1dad8853f88b76ce334633afa

SHA1
424b87d68ee6c92eee46c79f726ff756502307a6

SHA256
2515debb74bde647c4ec30c7a85b0fc25596732c6ad340935a1972241d51a740

SHA512
eae745535b9aa6cf3d334b78c60c9dab77081dca157955fc7d5dc52889d3f1c6ebd5b674978d9a7d571ad43d19621a8c31175fdc3301889bcc3ce67d6bcdf8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b429d90fbad812b9dd2572c3b656c31d

SHA1
66ba2a49d27a2d58c686c29809b197f2f679214d

SHA256
63c38d4c984381e0ac1fb7372e497ff7ec8da1e320b7391910cb95b1a33b360a

SHA512
f9a633c7d27d428f00aa8c5776e6378c358fe30e8d4412e4a39f6d2fbc0d8fcda45e66c3c4e4eb4071216bf1e6f4f121e3f666c183618de2c6176b2d370f2077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0644de5d6e2dd897a65507447bca57f2

SHA1
edd8739dc70acf222c4eaa7a06f679a44b173d95

SHA256
5aa2236ba06add6998029894363c83e7cdbfa75c842e838f347d8fa22cf312e6

SHA512
be08d8d984e69c5bdf9bfe15a6b9aea90a02be41200accd1c54b0dc3c7ece5faabda862aa75bd08da902e7658bb53ac7f362c1008fe9d32d725272dcaf5e75a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit