a543866bf3540ffc1076fce10741a40adfe6cd3e25a4c1dae7ef5690c05df935

Analysis

max time kernel
145s
max time network
144s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18/09/2024, 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

502KB
MD5

a63053d6b25c2b2246c3376202aa28e9
SHA1

a7fd30ffd3d414badec0f20008a2222170b45e9b
SHA256

a543866bf3540ffc1076fce10741a40adfe6cd3e25a4c1dae7ef5690c05df935
SHA512

0fe15a75f52dccf6fae8e131346b9c320aa98ffdc27c0d556284ea823c37a607622862e2a550a1939b3218a57d6c41ab78dee564ee619e393c9cc584ca56d931
SSDEEP

6144:CSlryDryHry+ry9ry6ryWryAryDrylryiP0:CIrwrmrPrur/rnrDr0rgrfP0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1856	msedge.exe
1856	msedge.exe
2868	msedge.exe
2868	msedge.exe
1072	identity_helper.exe
1072	identity_helper.exe
4712	msedge.exe
4712	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 4784	2868	msedge.exe	78
PID 2868 wrote to memory of 4784	2868	msedge.exe	78
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 5072	2868	msedge.exe	79
PID 2868 wrote to memory of 1856	2868	msedge.exe	80
PID 2868 wrote to memory of 1856	2868	msedge.exe	80
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81
PID 2868 wrote to memory of 5000	2868	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4ba23cb8,0x7ffb4ba23cc8,0x7ffb4ba23cd8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,12523340679894678800,16884974232871006067,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,12523340679894678800,16884974232871006067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,12523340679894678800,16884974232871006067,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12523340679894678800,16884974232871006067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12523340679894678800,16884974232871006067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12523340679894678800,16884974232871006067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,12523340679894678800,16884974232871006067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,12523340679894678800,16884974232871006067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12523340679894678800,16884974232871006067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12523340679894678800,16884974232871006067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12523340679894678800,16884974232871006067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12523340679894678800,16884974232871006067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,12523340679894678800,16884974232871006067,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5c59507d7a716cb8cc9fcd92554c24e3

SHA1
d615217ed2617d837450859fe830c0310a856e45

SHA256
1053dc2bf77a2b44d42da5b598bae5cbe3a29e7593cd2c76f92f8fc38ff7bfdf

SHA512
3a1d83c01f253aa357e3b2ea77630656dcd670daa3742f3f3a23a8a456bb604daae7143b7fa6b333790abd706e8c24e89362443cade01937780f3e6fc169232a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7960e3967acee33467d208a35146eb04

SHA1
c36ad0b43d34dab2613799538965bf4207dfaef5

SHA256
77c4f75cc822624e27a65bc6d454ce4978fa5e46776493f978ad28e6da5193e0

SHA512
a92789e4f319df3fdaefca790cbda29cd07d2a25fa505bdf89b6c194ac77166e146ff469cb21b8725b0e38bcf5669b3ae82e68b5aea8cb17d9702bce648a9f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
571e5ef0145e6d0db222931d09f55055

SHA1
94047c4a065dd834e3919f50e4540d5bc47ea5b5

SHA256
35f01b89e55c280465b845ff29dd5cf4bf4088625c7f7ef5c09da36165dda466

SHA512
da867350f441611d707a2c48e4897835142caee776fc279161350115a4ff15a55ed504fc99f51191c08f943dde373a1f76832da62475f2e45ed39aa5ba48a60a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fffbb5b01e0d959270ecefcb305161f1

SHA1
1a68d27c17102cef42989431614dcbc3c873e670

SHA256
99b85657f85ddf83b8ba669495ed0f7daf9046c32287bc0839d3fb36a26630fb

SHA512
087bb06401643998532d841a6a7d3ce24ff16e27e4833f597025608e2c6f157ef4e4d7ec1722c530250181b11f3159408283daa2f75f0d4921fe4334c445c303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\b5d96fcb-81a8-4be8-99af-918e2bd0bb4b\index-dir\the-real-index

Filesize
1KB

MD5
e34bd97bc9bf0ef2f7eb9abc5260e75b

SHA1
4f349fdc3989e0e099ec2b4f2cf62f1c75ab25e4

SHA256
2f1376bd5ad36d5c37c5520de3e01653f3a01c67bec425f7165f076b097b8907

SHA512
69916570b6c9d26afe65a39a03aa8f4e877e1cbb0f071acc4255dbbab6f79bf74c5a64e1165e6d5a4426c7942690b7665b698fd996d6e971089f9c4ebe6d4172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\b5d96fcb-81a8-4be8-99af-918e2bd0bb4b\index-dir\the-real-index~RFe585a9e.TMP

Filesize
48B

MD5
e175f3913e8a49deee682d33728b9224

SHA1
dbd3cf38527decbfb6df48baf86ea61e7003e5c2

SHA256
8d1cf3c4d204f8998f7f137f9b0008c393418971519dc3ede55a39928acc4f65

SHA512
ef0e41fbbb239726f8ddfbb35c9e656a4636789c73d834cfde3c680572d613781af8a3d7e9b9c898c982ef7e8d28488ade24c86742e8e6570e3cd657b2451ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
73B

MD5
bd5c85021ff861593b828ea4e6ec39d0

SHA1
7b02cca1b246080cbade5860386e0f9911ff7763

SHA256
b64f80428b2620e4819f49e21d72a01b80c19aecbabdab5ddc46960428b22d51

SHA512
96228328fb8d71f3024fabe4ace81ca65562b0a3f718d92ddf731f35bfe1ac9e682bd6b25b9ca83936118e48a2a6c93adeb4f7ade7e0e602ac6afbe8236c64e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
130B

MD5
b29d2e7d3b7d0a919340c832f0bd78e0

SHA1
266195dd49bf7cc04444efc21ca838e30398ae4a

SHA256
24c95bd34756534c7996d2ab152929a7481e3f605ba5b4a401648c68d4b8c501

SHA512
a25669c3d3afb4bbbd1156a6eb16bca77727ff3ea9adb6c277d708ec7c1515a243ad5ebf9c8008ac40a43d4cf22feecdba6dd82be95692302c558e1ad2557f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
68B

MD5
94e5c1e7cdb070f476915dc837507af4

SHA1
7435736fe13b60a9e190aa6643ab43d9382833b7

SHA256
0d4c380fc12e9cde3cf782626aafc53eda490fed9ab32309790c77b9e735426d

SHA512
24b74c65dd8633f9195a5f16a5bbb10f2a90497fe4e9151869f6518520079861cd6f8f25e859d5588a18513581b3c5b39c754ac5f6821a3345c437620a628994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
66B

MD5
516bb25412dcc057d701aa47586c9889

SHA1
65b6df1aa141f30164f5ac6acfe9d39f405c3aab

SHA256
e91bcd714bf56ce962e229927da28f13fbc5a3dd1b8c1f877e3d457f721a8305

SHA512
494decc85e215213476ff9e9c8b96fadc8a02392dac1b92adb6579f0c196baac9732690bd7002723355e4a0fb08ded8af6dce1f0e9c452b9d408072b04d1134e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
605ca2caa25d3b5d17e127d55d36e4e7

SHA1
d1610da3f76dc890c927389b7810416b84079bfb

SHA256
3080c80023bc1ad62c25d5560363a0211a60788953060279c3103cb6c164aa3d

SHA512
c08b639470f63d96a48926519cda6febc4398eb46fba311b4ebfe78d631128cd4f82c2459fc7aff240df52dc1c3917bf8e00c49db1e94683b4100b0930f69759

Download Submit