a065ea8abe5435420eb5a30d80ccb35b6021ab4cba0e1d188bec76e5fe58f653

Analysis

max time kernel
120s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5069167943.html
Size

366B
MD5

531790ed8094dfeed45df6b941683b1b
SHA1

137e505104100227d3ee44c0260be9ff1ef91d4a
SHA256

a065ea8abe5435420eb5a30d80ccb35b6021ab4cba0e1d188bec76e5fe58f653
SHA512

d4ae4f110fd496d2a1bacce4f8f7dfb4d2bb26552ff45e6de959bc5f1f891a2a71cd5b5f5d51cb9c328087b7716ad3692785910a3c27c9709d22b2eea4aa6d4e

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2620	msedge.exe
2620	msedge.exe
932	msedge.exe
932	msedge.exe
4372	identity_helper.exe
4372	identity_helper.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 2368	932	msedge.exe	83
PID 932 wrote to memory of 2368	932	msedge.exe	83
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 2620	932	msedge.exe	85
PID 932 wrote to memory of 2620	932	msedge.exe	85
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86
PID 932 wrote to memory of 1056	932	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5069167943.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf89b46f8,0x7ffdf89b4708,0x7ffdf89b4718
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,4895452097399450233,18371687597198755326,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
42KB

MD5
80be2de163c3026e8367696b8da31c22

SHA1
ef6a6a1beded1da96825dd68773df1b12f074537

SHA256
7ab8057bdc9c21f4d078dce00dec5ca3646158756ec541f781f1578b5a430611

SHA512
e0bc1083a245fe373022e1b8411d818786c824fb607559ff744dffedf52054e72d408d080ad81771e8ec261f122a11af1a47cc8ce4cb4d06608b4e82912d6b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
24KB

MD5
9c700e17e974d4ab2dfde82f6451dbbb

SHA1
d5b85e82e10c2d96b36316670c76b8a0112bf246

SHA256
3ec0462dbcae8561ca0465558845da248d434dc6205cbde99c47ae3be2ac99c0

SHA512
1428b7401d281ad3d635eb007e45b6e5798be6b029f270874af2312627c496407ec7440df4a3028f3cd6c1ec587b0805425ae5de4bcb04b90d942145e26966fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
9ba679caa7e2d69d8bcbda10317a7400

SHA1
a08b588b00f31123f287704ff2a7d4f001f44438

SHA256
cf0e4f7824cb3c3848daae063f7651ddec71556ad222939c8456af85753bc03a

SHA512
5e4e68bb3eaef9f7a53995a46cde21bbbfdb6b93aadbe1e0da56ae0a3f62ca1614b23d1828cfe1369746c4679d0c90478a32712aa16f56cdc7f7f59272fccc05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f9e52f11fac229bc1eb3bf3b14e69ca3

SHA1
aa50cf611c42f17d738d67139e0ac0cca272b9ce

SHA256
abaae2f50282c6dc2276571227a3fafdb18b5efea409ae413723ee95793375d6

SHA512
635ce4c18417b3bd79901667d12c8ea1abcc92cd296520f3a2496b50bf4ff70b6ef8f375851ec7eebeb5f8876306bde52fa327f6bda8c9aca58ea166010f27c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
245b489023b8daba2793f1cf391cf2cc

SHA1
eae16160dd4cf1184fab2a5279482542bf91748d

SHA256
818cdde462a5d7eeff92127d02fd00165f2af31ec83bf52925314c910b45ef21

SHA512
e64153cf14582ef1a77c9976d341ed79af85c9e0a87fe2d26341af80522d3b4b391742ebb247a9d3d0dfb41951cf18e7e2159e2d0bc601c8164dfaa0544d4fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbf15babf835babff14bb54651185e85

SHA1
581497d1fa55d62f02f7a4653054b45d7063f255

SHA256
9bbc84d636641da106640dd62ca6cac42973beb9e44536be868e79be4602b13d

SHA512
b4cc089599fa6aa49f26333c8e37bd653529daa761bc685f09ab15644fb708ae69dadbee2231dde8f5b05e12789d13a10da1845b497ed1d195f4abd2daa2875b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2601eae1d473e7b9d38fcba63f7764c9

SHA1
d8c65886d972b75daf2de72de5eb33d9bf283a7e

SHA256
f2d01a348253576e233cbb93b3a765e0a110929b2622338335a0a872890560af

SHA512
c0e5f3173425b8373f90b685ce60d49624504024c60f3357a667b76f90a4f6dbba84e65a2dcaeb78e5717281e7881a51436c3d55e42311c7ba8e1c36f9a440d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4172b1b7aebf12d8f4a2d73c8fb85423

SHA1
5bd2521c3146f01ada230f982793582ffd5eb87e

SHA256
a339af094903eee02e2b393db51cb6bf3c34fb88c9d097631343078144247385

SHA512
6ba2f0fa1f3a19d8fff0eb7959b8e0e5d900683a141a1700373419482e897dbe88072a8ea2b3f8969bd5e3e7f5330b9359c65b6160156b76c63bde2f3f46de47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d78a5784f5c464edb057d7f3c92b333

SHA1
7726b6bf7c32585a1e2b4bc747d08b1147d7a86b

SHA256
797520b8b6fdcd759142946cc4db29d0b6fbf69339f9a57227641bc5319c5ffa

SHA512
63b07a184fcbda8916d066292f6d877fe2e8b21e3e40765bbe1f74e7335db4417a60aaf115902756c8c7739b859e4c22b89a672be5d0b87bbbc5941345adcb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
97125bd734cd197bf175a0ed2e4f7098

SHA1
3f2d87de105b9c567fc6fc24e6ce417d7a6c6866

SHA256
98e6ebd61f2e1ce49f4ab986aa2c260cec39b6c10ba30a3306afaff6e510e572

SHA512
6ad44f208b4cb9fbdcc471b83b95c2074c18bfb5cafd6b8b879ae95b4afd17929351a0eb745ad28361be131381bdc8168886d96bf506ce585e30ee84cf516920

Download Submit