hxxp://email[.]business2[.]theinsurancequoter[.]com/c/eJyEks1q3DAUhZ_G2jnoz7a00CJQZlFomm6adjXo58pWY0mOJM8kb188tCWLQLeX8_HBOdeeg1PLg_7-c7RPz_ff4OnHyxwNqcipgWNNMHI56pCU2WtIUCu9awuEVPeik4WXPTcodzZHBIpMlErKsBwRRB3Wc4Ra9QyH41P9vKUwXF2EmdlX9zY9bH9S7W0Ddc3l2a_5-u52YMSLSVhi-2EUU8-nUfSaW99PZBr5aLR0A7xHaoPt4Iy3UmPKe2w07rngthecsd4YNxCqOZXEIUiXUHKKkJraSna7bSEntChuqJCjnTyZnHaOYWLIKCmTHCyjxKCgKKYcCzxizuXA7pgk3hjsPRZWe246jv9b2KqW1rbasfuOnjp6-gs0_VrA78nVI9bRE1rzbaeBE5K-0MfH01cshl8snfKCIrQlO6W3gLaSL8FBUUcf855QUVaXEuAM69xxHHXa1-DhZq95LxbUrbs-1Et_LAAFNXXYPlQ1ZXM8f_gtTUE7_9vwoujvAAAA__-gdspl

Resubmissions

06/08/2024, 15:05

240806-sght4swcnd 3

06/08/2024, 14:57

240806-sbxq3swbnd 3

06/08/2024, 14:46

240806-r5k4pswaje 5

06/08/2024, 14:43

240806-r3wses1hpj 5

Analysis

max time kernel
269s
max time network
306s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://email.business2.theinsurancequoter.com/c/eJyEks1q3DAUhZ_G2jnoz7a00CJQZlFomm6adjXo58pWY0mOJM8kb188tCWLQLeX8_HBOdeeg1PLg_7-c7RPz_ff4OnHyxwNqcipgWNNMHI56pCU2WtIUCu9awuEVPeik4WXPTcodzZHBIpMlErKsBwRRB3Wc4Ra9QyH41P9vKUwXF2EmdlX9zY9bH9S7W0Ddc3l2a_5-u52YMSLSVhi-2EUU8-nUfSaW99PZBr5aLR0A7xHaoPt4Iy3UmPKe2w07rngthecsd4YNxCqOZXEIUiXUHKKkJraSna7bSEntChuqJCjnTyZnHaOYWLIKCmTHCyjxKCgKKYcCzxizuXA7pgk3hjsPRZWe246jv9b2KqW1rbasfuOnjp6-gs0_VrA78nVI9bRE1rzbaeBE5K-0MfH01cshl8snfKCIrQlO6W3gLaSL8FBUUcf855QUVaXEuAM69xxHHXa1-DhZq95LxbUrbs-1Et_LAAFNXXYPlQ1ZXM8f_gtTUE7_9vwoujvAAAA__-gdspl

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1324	msedge.exe
1324	msedge.exe
1540	msedge.exe
1540	msedge.exe
4516	identity_helper.exe
4516	identity_helper.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 2228	1540	msedge.exe	83
PID 1540 wrote to memory of 2228	1540	msedge.exe	83
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 400	1540	msedge.exe	84
PID 1540 wrote to memory of 1324	1540	msedge.exe	85
PID 1540 wrote to memory of 1324	1540	msedge.exe	85
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86
PID 1540 wrote to memory of 612	1540	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://email.business2.theinsurancequoter.com/c/eJyEks1q3DAUhZ_G2jnoz7a00CJQZlFomm6adjXo58pWY0mOJM8kb188tCWLQLeX8_HBOdeeg1PLg_7-c7RPz_ff4OnHyxwNqcipgWNNMHI56pCU2WtIUCu9awuEVPeik4WXPTcodzZHBIpMlErKsBwRRB3Wc4Ra9QyH41P9vKUwXF2EmdlX9zY9bH9S7W0Ddc3l2a_5-u52YMSLSVhi-2EUU8-nUfSaW99PZBr5aLR0A7xHaoPt4Iy3UmPKe2w07rngthecsd4YNxCqOZXEIUiXUHKKkJraSna7bSEntChuqJCjnTyZnHaOYWLIKCmTHCyjxKCgKKYcCzxizuXA7pgk3hjsPRZWe246jv9b2KqW1rbasfuOnjp6-gs0_VrA78nVI9bRE1rzbaeBE5K-0MfH01cshl8snfKCIrQlO6W3gLaSL8FBUUcf855QUVaXEuAM69xxHHXa1-DhZq95LxbUrbs-1Et_LAAFNXXYPlQ1ZXM8f_gtTUE7_9vwoujvAAAA__-gdspl
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f57d46f8,0x7ff9f57d4708,0x7ff9f57d4718
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,7795030245276978286,11354451005418453254,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b4a55c29801d2be2427000f75fcddd74

SHA1
702e9ae5ac72f6d56e8b56ff8a9bbb9248b618cd

SHA256
acc698aee556b68331ab4e0a2f01ce4ea9adf8e7c6dddb51d347e09eb4c21004

SHA512
e4d134dee7c1ca491a05e48080626b655909602602bc6b843118bcf495e7de618aa4848343cab3c309b9d6ed80c01bb0a013bb582d8edaa1b3092c556b03acc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
94db2dd0439cf0dbd0a4225b1f6e24d7

SHA1
8f6084a59589324780f1b6e468de47799ff4941b

SHA256
64cd73da6b4ca5205688e2e749c072d6a1a3e0c8a999abaddb7b8ca4bfd64c84

SHA512
3f0bf7c3305493e8d2ae075fbb572ec14beff696976be02baa08c8ec992cc9bd84afd0500eef26e09f732cf0bae38417e082428709256a47ed79efca6f4332aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
684B

MD5
1a959eb772d2b1f54698b7c7ba58f0e2

SHA1
27671f683cc69cbca9b81a4d7050f56e3e8627ee

SHA256
29828ac16dd59272c4be49f6d95d47f435432561a5ac173cc83550c873bac269

SHA512
0c23e6500f0c42e6e6ef8afdd421d88d943c6adff89cf55899519e02db9621ecf2a2ebe0ef32c9658b55cc368a58ed204e220111de58cf995151962bdeb9c36a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f19a442fe71c71c6d4aff19788df87dd

SHA1
9c44b8844f47c532d168227e1d5814dcf034d956

SHA256
ed4ad7ff68c3dc7f56123b291d50d256d47e80ea6b6fd9484f9ff1d70a5cc1cf

SHA512
9a429710717efe684670b1cc4eefeab3495e3ab698ef59c0361edf19e66565956d71dd6204cf736155b1446922f7c6cda0779d39e225e91b09176dcfd1a05f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58c9c5f760bab8d79c3eaaedde82173b

SHA1
f14568232d69f3e004299d42709a91503a1540ad

SHA256
a332d97513ebb7c74453e5c4fd3c113cda68b491c61b8860a8a02652c609792f

SHA512
08e46fb0d525d2b552a4c27b3eb1b910d5055b4706d3f70b3c48de26392ffc296d6ba7ee947af872c028d59b207da3a03e492e6101be21482f3583fd5198ab2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
637a13a0578b61a0f9f082250059001a

SHA1
c1e3f7fd34f0a9e69fe979af19bbd59435b8c1b2

SHA256
6890f278e9a1af73cc6d3d83100ccaae1c1ee1664c7c67826dd574aebb25ff34

SHA512
ca8040656861e5422b575480acae3d8da9769e12514c5375a930c7238f43840bfd0ae94b56827bf1791a6e85b4b408c483f4bd0263aa75a4b884767f921eafb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b545393bed072644a98341aa378b386

SHA1
0932a1d903fd290aeb648f08bb67fc7667adc5b0

SHA256
84bac184df4bdb0f07c6ba3fd6b9e4b699babf60b51b2ebfdf2914eef5da8a2a

SHA512
6e27ff787f68424b59d60f3aebba25939a6f18f73f8bfee07c8425e9775c26263e8b4dfc79ab9ed39fd9ed94910751b0267e4fb59319545e7623ea549c845c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
532B

MD5
be7c1aa268a611f8013e6fdcd2efd6a7

SHA1
db52910be0b54059cd38f80fcd961d1dd81c184e

SHA256
df7967cb08c9b91af97226f5c238d06052a4fb3a37b0f3b1bb154ba8d3530b04

SHA512
2d91362b747c89a5e8c3ab762b831994af2bf9c36ffeb466e6756145ca14038d3bf8b94fefe6f5e666d77fef52fa9a883b2fcd2bfdf16b82bc85560dfc4fe44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
a41eaa01667d915f8db58ec6f731e08b

SHA1
908e22af99676e6a239b54fd473aacf5bc96b6ca

SHA256
5dc95b582b696dac304db7925f8258ae99b6ec1f6ad9266a8fca227b92f7d52c

SHA512
82cbcf8fb23971ee10289990a4107c4dda89de87c79bcb2adbe20bd95eff6bf364d81a2ff2ce79196d234f724ada6e6e4d114a6fc2ed7fb66069cc4199159954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e501.TMP

Filesize
202B

MD5
c879d3f30228da4ea489143ef2581363

SHA1
68a4937d8953005ed462a9fb6794a185c35e3e09

SHA256
8ef8c1974f6a05fd7cac0a8488e3db60b7fdc796eb1dea8b96b5df2a49046ef8

SHA512
1dfc0041f3af1e311f4b00f3fb4954a082c0a6e422a78d8ef3a21d564396fa5c0dfc12f28b53ce592532b6fa7f5bdd93eb4be23e0f69a0bf2f108400e5b74a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9289619f0f677ba5bd8617ca30405f15

SHA1
040b46e178888fab59b47d495fc000beea83c655

SHA256
49b3303f700ffdddfdf7cbd04e6755dc7530d4f55b4c837cfadf22788adebd59

SHA512
624f0fd05a77dbb9f44f8caf7d6f847bbb3a9ad0aa0683e473aab40be23692e9f4283d6df3720ffd7f788f2af8d3fd62af2ec3b0f5a95056089792669f495a3a

Download Submit