32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
1680s
max time network
1687s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
12-08-2024 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
5044	msedge.exe
5044	msedge.exe
4188	msedge.exe
4188	msedge.exe
4972	identity_helper.exe
4972	identity_helper.exe
984	msedge.exe
984	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4624 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4624 AUDIODG.EXE

description	pid	process
Token: 33	4624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4624	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4188 wrote to memory of 4568	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 4568	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2864	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 5044	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 5044	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe
PID 4188 wrote to memory of 2128	4188	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffedf063cb8,0x7ffedf063cc8,0x7ffedf063cd8
2⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
2⤵
PID:2864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
2⤵
PID:2128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
2⤵
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
2⤵
PID:2084

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
2⤵
PID:812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
2⤵
PID:604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
2⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
2⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1
2⤵
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
2⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:3884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3428 /prefetch:8
2⤵
PID:4760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5444 /prefetch:8
2⤵
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
2⤵
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
2⤵
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4097224729655692259,929785342667950128,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=216 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2920

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3580

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
c5d89bdffe3726aa87c25f1f67d7e989

SHA1
3a36574ccd5553e67fb73879e5468b84577f6e6d

SHA256
25e84fbdb827857323d7552e44b46a3c1f293650cb231e123ebebd1e2f19544a

SHA512
8f66663f8fa214d377f4c7e652f74a50f7914de0f06265154b5a54e409b4d83e914410dd0a944b0fc32d943e4ac966ecba39a99ca93ed0652b44fad1015bdaa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
c028d76b156dd785a1323c737af770f4

SHA1
e2e22f85136a287275f6cf18a111e4106cf24c3e

SHA256
c229f60d049b14fd1d275f32e4cdc72d6e7fded6799677e6b361c106f2536dad

SHA512
72b5e7f8586a4a43d6de1ddd82509b23821a2271fa0a4848b29037d15bc4c59fa72316103bfd713c4593a595c5370c14eab8a05712cd17e12ae8f17596908e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
f2c889ba1db4f94c2e35d620fa71f9df

SHA1
0fd1692e6e1dc803cffd23ecca6f9d5a8e6e49ba

SHA256
b411637f96b8a81a39d90a7c4aaafc6479d8a9d548c5e4b4d5d1b4958aecae29

SHA512
f6579ee2b94e7d1cc72881bab54679b8b76677ac7a83c4080b207cff3d2366427f778f38dc2b447b5806d7b7142b8dfdb1bb7cc082e05866671bd83aa8890b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
0645e50bd0b57e23f46b4bf670a4c176

SHA1
0b63787798436c44f2d200eacb9f84cee75e999d

SHA256
d01191d739a52d9fe6d1e46e67f21e0f6a4c146c56eff07b31cfd98cfd7fa0ce

SHA512
885462be1f841dec39d1d4ad5f8bf27d09da75b221a976d15ec8775fb96fd825fc595b3dae72666f398887b2c7633726af8b1e694366a1d0e347b6389c7425f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f10dc2047c5ff966cb6d39c9a9765d85

SHA1
245d05fb2b0e652f01dde5b635ff404355ffe8df

SHA256
9b4c0b86d437cbbba6009242e8c9ee225f91eb898c63acf62a29f21ef5e4985b

SHA512
08d831ca6161a108bea57e193c00d79070fb89c6c476719c4c0e78ef55d9c4fe6a757bfcd581a9fc6875493f1755f1d0cf5b7ea91ed793621ed4248a77aac100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8db1604f769986abc673db9ca989e003

SHA1
d83397a2e853413c2b1a158726e8cbe0dfea6518

SHA256
5dd483d09abd6e0b22823675b6648d9095809ffe6fafe562b8a70a63d275f9df

SHA512
107d6ea3a821545be2439036af90eea8a543021a36d63a26fc987a777d4bbdb6e5d2703945bb1f1ab5368e01ab2493d006856eae5a24f9bf82940ba70f4277e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0bdc4a4ab126ba049a83a4663e6a0694

SHA1
ecb465a5a18a1fbb479faa0815e0864733d73750

SHA256
d21cd8f7a63c6d0a31cf270692aacaebaf2fa099aadeac9e85239f1116cae317

SHA512
cbea094419e432bf7b61acabf1d7a7be0570da346550f061f6bceba5310c476088af6294c6d4fa06e1f0910a93269dea9fa64321eb553116319a1530fae5a804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8d576546f2b904aa741c6de2cca80b44

SHA1
6d999da3ad39fef40d0d3f0e125257455c4e26d8

SHA256
9297873f2ee43437875d3f331c8d1f65b2f49a91b03213a4ddf76d8f93531cad

SHA512
ad89275140816efc44469d420c9efe4a07952bb813363544d44c139fe19a17700c7b9d541356f28930319d6229b90e4b6ba2217901412bcd15097f08578da6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\817a5f19-a5ac-495d-af7d-f0ee080f2c90\index-dir\temp-index
Filesize
2KB

MD5
c00152cdf1de1c5b20b77386aef8c6cd

SHA1
1dabef94e0d7af8da8f6e9f7c154b02288f7b08d

SHA256
6720ec9e387054a5cf3c5dcffd4daf1a934359a5c1cab6c39e4a1b2afb6b0bbf

SHA512
7a502ef81143751900844f180ff24feddf79f7f34417ad7fc233f2f2390ffc55ff6995dc154ed0014c21ada8ed67ab8735a1f719b32bb388df9d136aa43571f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\817a5f19-a5ac-495d-af7d-f0ee080f2c90\index-dir\the-real-index~RFe586c71.TMP
Filesize
48B

MD5
07f5f3a81660cb0f5a877c3d3e945341

SHA1
73ed508f9c13b418d236c5b799c18ab7046b7d3d

SHA256
403e7ac8f9e9049c2109b75252682830fa09a7da9209c840d6d50e2878edd32f

SHA512
fcf3a9c9d524e7a361a0b0aac3c281acb4b15d2e2cbb8e2cf722a08475edbcec1b9e15d4762eed48f9eac96a4d5546634ef157243d2339f608dd7ddce157fb8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
89B

MD5
f9bf5a2e7a4dc5d93b089a811bf5accf

SHA1
19fd3b55f6fbc9c5e7919e65548a83bedc0df614

SHA256
14fb785fccb0e6050b0bac1af0292c79af4144ac59dccd34c629d99da1a78a63

SHA512
f435981277af9f99967b4d8dfbeb06ae120b95aa2ab95c1d5e0fa4aa4ebcc543381a3b71ccd7715ef92d84fe290ac84b7d1d0f0e6a13d9df2a1562f0851fd0e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
146B

MD5
4f0acaa9da765e3bc71c2a5fbb73a663

SHA1
86d3bdd0af64c54ce58f6939f964c5dac7763dbd

SHA256
651b993621df507dd5392780e240f5c3220fdca56331bb12b35b484466b5ea89

SHA512
655c658b6788794fb4f4cef184fe2b8329c9045ab9b60471ad47c0adba5cc63b826a3162d72518d9408d1fb0357c45ed43db6df44449991c88ec9fbb68fd3159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
84B

MD5
7046745e5c7241810ebc7418bb1b9de1

SHA1
c1e110050e7b221834e2e65f6dd4e5dce2a1a172

SHA256
88c07ac76d6b4bf23e023aeb89ba5defd8510ca7aadfaffeba589b224d2ade86

SHA512
1ce8894b5ce3f66ed8f7b5c194392894b5f0e4eb75b00ff3402b5de3dfffeab10cf9a53dec671f52f87672b0855a38bb9f7ef08497edb98a4552d4896392331d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
82B

MD5
b081c6147159adb6cca4457bb5d08ee0

SHA1
bdc039fdeea50d48cb8b2e551eb99887643095c9

SHA256
f8b24dbabe3b7ef5c53a017012f73d27f79ae1c5d6ee487deac1361c6d5fe76d

SHA512
d91366ce8f640086e8c416ade43bf7fa592cbfc9f0d3f86b97b7fa860b6a96b5025b625fc6ea972f4f93e421a64ed7de171d6a5cd27e57649c79b5d9b3130195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
48B

MD5
93b37b21c4aa75b801673db3a528a107

SHA1
8e2346bf341c74f3cd507bd47863378463e5c239

SHA256
e19e8454f8dfc376baf7d1456c29e37df7be07d9789ed5c29b07c78ce0190333

SHA512
6c57c603611c74716686fa6cbe658f776563bee9dd5f23df6b5e9f8abefed812e3e2ac1ee10246a1bea7574601ee4454f9345c985a3dcf9e712f303492f7ea82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
3f66db5dee9b0cfda4afb55a074dce3e

SHA1
2f5f358fea0fa4202fed56ef7dc4f2e61c9afe27

SHA256
b711f149724d70c2db03aeeba825d151781e62ebda356060d85d0f76ad9d30e3

SHA512
aa080eb30d013cd962d14b299810df91f24677691957dad303e32dd9f41fea33d50c2d1149920e257d7c44c675f49aee5f65396d7a37a0f948aa56b5e0b4c34d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5868b8.TMP
Filesize
48B

MD5
e65f15ffcd5891029640d94eb7f2a934

SHA1
4a817ff712f943e2b3d008eb26e1bad34ed984fe

SHA256
068d626f2ef1305bdd007bc9eaf22f7561d9cf0306a9b233382cfab1618d1619

SHA512
e464d08c55cbd1f0660d440e498ba7b5732fbf558753969173622700845b771a9baf3936a3ab5e644c582f93eadea0a9b8e2aa643fa6fd3e6643198670c1109e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
706B

MD5
25adcac402a5520c05610812cd36ea1b

SHA1
5eb808e9364dce9ce3c5da77da2cb7e7f422d3f4

SHA256
7de06571252a2623cfe90c5b40b68a3cdacc612fb1ec3e44156243bba53362cf

SHA512
f1809cc40e2d8e253fefe564de4c823cdba7fcd8f1927a77d29ed9986f4a5c5b5bb1f579ab6f5194d06233bbaf3057ff49a20078b9f4e645658cc36e9d09abc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585530.TMP
Filesize
706B

MD5
b496fa6a7b8f9b44dcd9f5cc33bca12a

SHA1
7aaf55fe3c3d1f36b62b9d6b45af52c53b4e838f

SHA256
b4cc123ccb65eaf5d142c319c166d208d6482fe2875e572d6e784946ab7145c8

SHA512
4cd3c23702e5ba218fa2c13ae2e13db358b57fda45dd273cc219b949d893bd859bee9bca13277f26a2e7a773dd88866b696154ab54111a2cb6e278d6092c7c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5c9f5ae7211ee93b63a7319a8d1681b1

SHA1
20a30074ab8739797afb9552850699a37aba5c4f

SHA256
51ef16b0ea0f4b5e797734220ffe414482b88ec431b9a7158495d83cff50038e

SHA512
cf7eea4518b24cb32fdc9f0c2cf5b1bc2b6fd3955006c15b3a59b4f6799f79591f815026d0cca08d2d50ccc942e58737f926f53937eb902bd609109becc0a38f

Download Submit
\??\pipe\LOCAL\crashpad_4188_BZZZMCPQRIVQZGSV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit