86471b72b593cddda856e93fdd65a1aee09d3e9134ccf9469e7c74b086368ad4

Analysis

max time kernel
1044s
max time network
1046s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29/09/2024, 05:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

503KB
MD5

39e546dfbb59869f3d628a3fad4d5b0f
SHA1

1c35bfa11935162c36ac52e4c675fef471df1cbd
SHA256

86471b72b593cddda856e93fdd65a1aee09d3e9134ccf9469e7c74b086368ad4
SHA512

b8601f6a9cac3aad4944d55fefae2c42922ce64c280dabd8618a1d5f74afddd1e30238029efa4c154e134a9333da5b1aadaf73750b242d161716141b96b71034
SSDEEP

6144:U1Dzdtcdtsdt7dtCdtDdtrdtVdt0dtSdt3sPAJ:UhdSdedhd4dVd9dTdGd8duPAJ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
1940	msedge.exe
1940	msedge.exe
3320	msedge.exe
3320	msedge.exe
4660	identity_helper.exe
4660	identity_helper.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2016	1940	msedge.exe	78
PID 1940 wrote to memory of 2016	1940	msedge.exe	78
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 2760	1940	msedge.exe	79
PID 1940 wrote to memory of 3880	1940	msedge.exe	80
PID 1940 wrote to memory of 3880	1940	msedge.exe	80
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81
PID 1940 wrote to memory of 4648	1940	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa049c3cb8,0x7ffa049c3cc8,0x7ffa049c3cd8
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8043243584523899064,7561557626366808075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:1448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
e543acc37139f143a8b711bb9acd23a6

SHA1
871da924a706f0ed978dfc3b0511d8308028f659

SHA256
a2c0e21bfd5108b206732b7b85dbb131278ea59d0a8b3ae3a6d2104b56d23a87

SHA512
003280b435e87ab60f00ec9e3b45b4538c0d2d225bd32336ce049710b10567a88c0176b607a6f18b7dd616b7ac73fd326b9c47d49184b8a16822ca0e1dd2fd54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bba2b690b837149b500792071dcea6b4

SHA1
e34a3452e9462bae354f78cfc40fd574cde32419

SHA256
12ff6b7707483b4de615931bdc30295e2ae1c68c7d48615e436c8b3b44e0eb21

SHA512
ee49e426ddae5d451aa6c5b164e8cb0207a67e16ec587e8e16e57cb8e16c330634229820561ad227be8bbf67856e642844f0dad9e6a8264988e2a0a79f929520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dccaa031cc2961258a3305a3bd2cd2ab

SHA1
f417934f95a70f48eecdacb0654b99c57ada8c90

SHA256
e0e745ec398de299c3ea8fecc50dfe3ddb37dc572316ddfe0f0d25d3d051979c

SHA512
4b7056b9dbe43aeaa2fc0a6a6b9ddc4f2aedb623b914dbea18864c3449102a4ea862af9b212fed844c3b368991c12e6b980f83dd27c3e2f6f60cc130b5a3eb3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1e6c560630d17fa2b3ff13eb90f6eb99

SHA1
ce4b4197b53a2ff5333b0153949c7b7c89357b19

SHA256
0c4a916ec5c0907f505e6d1da62fe333a8dbb7a16999f3b815ca62a0133f61b7

SHA512
5a807b8edfe9ef2755d7a4e2abaaa34d55020b8d8d1e1ec2d928b61a8f2f4a008c176aedf4a5b6e172602e385e65f2f633fefdb2c09c673bde9408b440894453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
783e62c91906bb965d318a1f9b8effee

SHA1
7380f84b5ddd5d0af10c3365dfa79a282e47fda8

SHA256
6b030783ab9b73fc19fbbb1c73c4eba28e82a9723552e60e720ea9cfba4c7d8a

SHA512
db63180f0925031eb37c3526e99459f0e302401f6e1e550de367ed8ec3cd18900d3493296c9289d35aeec8041440b921897255ff85afe948c6f912c7484c96e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9ddac051134e02c18978e37b2d69e92d

SHA1
54b40cbda85befe33db94ce450dc4120b31cef05

SHA256
caf443394be1277ac8065fa1a24b8e345c0394d41548ec25fa840174db032653

SHA512
e0124e45b87a494e17bf72af4e41358f508577f354a5f290dda288ac9c711b818e26777cf8a0f417ede73d44b8edbc5f2d0a9fa2f59dc438f8e2ee3b286e3c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e454c0f33553004080ed51e4b86306fb

SHA1
d419fe9d6454a3fc243a4db68ebd482b481bcb3d

SHA256
2d48da78bb58b73961383048d1a25f6616eea28cd5e01d64df55be27081a2d0a

SHA512
0f52f427b4a14e6cc5425fa94843a0df6c433ca7c11c5385833b79b028594b090f606bd1d9d595cbe1285e06e0b770dc3ee98e6accb381967d713f08f8e18cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab84fb4f552fede26ed861677402f948

SHA1
563c71c5967e383da42ea6b07251f8fe0cf415b8

SHA256
eb2b0a0120d5e5fde2831cac3bf8b3b9d24f8933754867022665df3220159f9c

SHA512
75588de2ab2fb3f6c0034535fe96bad23d63b9b8ad22a59c2b0498568fcdfa9636e8a0c2d85ffa401bff3d581624004f60acbf04e7d7e47a3952e7d9243dda57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ebda669d45d1530b1adc9145a0f85b9

SHA1
f03bcc5702eb68ab469a11888fd55355b1896d6f

SHA256
5d05c04473cd7588fbe7158caf11cf01e3c8f0ed7bd21a2234650f551a2f352c

SHA512
80414f05a7c902d8bebe622b38b1955cf27aef2e9ad069eb6d361b4a2e61807baf3cb5911f31e260ff756713a174e54e872a162fd4e2819e171eabac18109316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1ccb506fb6109b426aad97daa607beaedce7e789\index.txt

Filesize
92B

MD5
95f82146132e33111bc54ea2f6a91d0d

SHA1
4f19a3df5d2edc8913d7b62b32f7d57426b53e91

SHA256
4e71e104c43b598dfe3e0381906c48f9f5a371e027ad5c8cced166c34c364d13

SHA512
9a7f5cc7cbb8403db02419348155f20a37e377a470339fb541c36cd3da6337a8aa0d3e75cb9d93058356d095503eab2566691e6298f87d4633ab42ddafccb137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1ccb506fb6109b426aad97daa607beaedce7e789\index.txt~RFe5a1a01.TMP

Filesize
99B

MD5
ac0020f7e46a1fddb14a254568814245

SHA1
437da7651754579eccab3d12cc2df00d262ff0d8

SHA256
01c546a18a5ac4bc12b379c1b03b393afefd47789269a3c0f5afe54031fda5b3

SHA512
742ad92a1cea48ba4fc89f4f20f91116cfec5cb862f9351055db6c6c3cb3e5c332c2a463fd130fb24ac419b769ac71a3373f39f0a57ed2a556fc8615e5f4bba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\029e797b-d453-4345-899a-31dc05df739b\index-dir\the-real-index

Filesize
1KB

MD5
47478af9d2a05687021c1af3c9bf4385

SHA1
a6da4f5eb3bcf05e02df85b10f99ef9f50bb5a9c

SHA256
22571069f849de8032936f52e33547061a7fa5f73a1667809d75ccfac45dbdac

SHA512
5b9c8bb85d5023cdb39bce998b4c0ec54179e9dd07b7c9063dd0c764f3ed70fffe83ec37a037bf438e444c36847003dccfd982c473170912054c8dbc089fda50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\029e797b-d453-4345-899a-31dc05df739b\index-dir\the-real-index~RFe5848ac.TMP

Filesize
48B

MD5
c91a37558281e54a6d00581d0bdf773e

SHA1
73f371d5f2fcafa1fbd15814401818aa25086d18

SHA256
9c1162156cc0426a04c8d4970f0516ab1ef1fc737695e139529a55a1ff1202d7

SHA512
f5bf3eb2cabdff8e9b0b2e9a84f7b21547b60a011d16fbf37781dced006a98f6697e88b17d47815ff9bb1ec8c59caf0e1e817cd62186846d6a8751109de5080c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
73B

MD5
da989e75f8907b7c00ab76cb7911da3e

SHA1
a4551693f1d4c25a18beed071ac8e836c7bc1411

SHA256
8cb55263e55b96cad94a959113662e5b70c6e5a147f3227cb462655c08c9f079

SHA512
ae0b1d36190a5399fdb27cbbc340724c11343f722f138404cbba38b68de0a596dbd36aea68bb5424babe1433742731c770c40223a2778db94c92d1ca31214ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
130B

MD5
29332d1f0d60824f6f9dee7b8b3bf794

SHA1
172222d6a154c0001aa6a911c1f47b59f7cf8843

SHA256
ac283ace8014a0cdc66870c817f3d8557b40e5bfafd77b8c4aa3c960f05adbc0

SHA512
9eaa1c9890bd8a665225159b7facb6e159af9ad801c735e0163698b6d09873ee3cb2f8ec4496cb0a748802f5e39a0cc28078114c22ca7b7ee403b3bfe5f07906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
66B

MD5
eccca1bdf8ae9ff698f09fd33b55427a

SHA1
3b191996e37a90a73bd8ae96136f696092353e25

SHA256
06160836578813385041735e3b071e0c276e16f5454e05f2dc4e5da9095358f3

SHA512
225d81f351fe75fb7a327bdb5a7ebd6d2d13f3b5523cd1fc972bf3e637e6ed6c7123427d74d5ba78014a81db162f1c99e134ccee8b09778259b116b013546589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
68B

MD5
4873ddecdc616187fd50c44b4c0ab9ad

SHA1
863c1558df886360041b895719209d17478641c4

SHA256
297af537252ea44f509d5e5898a3255f009afd2cf058b1bf11501126d40ad94b

SHA512
26bc1b9680fbccaa4a928a51ebf761eb7d9e7a11d12c8a0bbecc1742e067d89add747f55811368601b6d4b207af3f614e566d5deccc6743e31ec857fe6df58ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
99ae451e0a4ba659fa720965be319f68

SHA1
1ff0a611ed03da39a80a79047bb43260cb8a646d

SHA256
e2957c4dfeca4b17221ce7a49d5b1ccdf88a2ae41c452c3439aa93c83bd3f748

SHA512
ca84c486544188c23f11b5ffb259653670fc17f62f15c34ca66c19531005e9bd510486dc687d90316d64bf1f5f783215f11d69c28f4ba981d923a98bc8989bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a19c3.TMP

Filesize
48B

MD5
297984016df68b50fe1acf5f422645c4

SHA1
33879136728f6c976c83386c6b5ef11fdd284389

SHA256
a85d2bbb23625c479492129bf45e620fd6206a0703dcd672c7a3291d7655fe7e

SHA512
38cba68ad27a6a1aa88f6b9fb1957bc72a50deb903d0a99ebc4dec6cceea74c3e0389bbc605a62c85c9b218a078ab4afc94addee604a0f11941f46980cc4a3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e9a909e0aa68037254f01be4b219e051

SHA1
8a3cf9fd564c0589d5b1a7ab76be72e59856f54f

SHA256
3dc8b93261900a4347da601834fb1bcdc45eaa8c7a0292717e9ab13832d37956

SHA512
5c2ea8f0397385808eaa3d1848edf976c4b18218cfb45c551d86ce528ac2dc02b285f961c1aee84971c9bc8adbca6dfd1ea1d0499d1cff3a722662b57168f461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
37e13e461ead457d81d3da3bda4a1a8a

SHA1
4e5691e7fd233091db6a0963dc4ca9690e8ec024

SHA256
8717d7ee9eef300d1c8fcb958f4f225d9a146e955210c5b67132a94600b01970

SHA512
f7103a6c14825d94799177580fb6d83fafe032409225f71ec96c3506fa701e94a6ebbf2c3d195f9955458aa1f8637fcde3d7c6330cfcfc49fc2b173939d90a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b7fea24e32a4129ddb0348e6f441c21

SHA1
2d642ba1fc9d4be6a3ba354b2d7638715dc70f2e

SHA256
68a1603ebe7782f06ca788bf41ed519d474d362ebdf32fd0beedbf0ed192e8ad

SHA512
71e6076c60b0de852ff04843ffb54266906a7eb0da34d2882688348f2b306a4fe60b98a92817b5bf5b09cbbf87083217825bd33e95ef42b8bc51b3bdc041fe01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
afa5954c22a6df16d5d153723d15f3ce

SHA1
198718e78ec28abe61e64553c032c93971e8759d

SHA256
275aab9ea007cced443abda8de8c0473efc41da34f34d43a20c929c25008a93e

SHA512
ce3bab5e384dc3ec5abb0d3a98562df187637946076069f5371c176d6f60e52bb3efa53f90f3d807ab9f4789631e1a015148285856dc7e2ca47b44b46a62a4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44a5f0d01d463acb725a4f98008ec3ca

SHA1
2d1f3abacbced28c029e3d667e8b1841885ba226

SHA256
47c5c5109ee8cc5150418d21193b7805f5670e2e9bdcadc5e37c38f2848fe8bd

SHA512
7b52768badcef88ca8e5932406fc9b195fd1675d3d81e05f3d1a3a4542e95b6dbfac9238b045807b7e373181d05be77a6199d4728e24e5c8cd19361b10ef989e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7325f9c6931c72737eda0110b18dae33

SHA1
0551be2351dbdadd2bc9cf56c21725cbecaa2f60

SHA256
ba486c25ed7ffbb82c2e12c9f32de69d1c4e1e6c4abbf9a6f99110905c97693d

SHA512
3891e4f775975b6922eaaecb5e0a93c13653b72a15a1f0f8679533ad61e788274a981d7c14efcd77c2ff35157f63a8a0720c0e62c574d5a377377ce5831605e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
91a376938c588865a91cda4eed7d1e12

SHA1
b0cd130070c57cb13a1e9a8b585a32add345f27a

SHA256
959b418904daf21290169160ea58b8af47feaaa0a660fb905c8a1e3db96bae66

SHA512
7cd00474295457b2c2de2d53bafff465e3c026a3794081a8bf3784034c59f0755c64d036082828f03773cce897211fecd56cf5b1a4fe678356ade0d41e57aa4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3dc449f9f847dfdcb44d53d8aec3cc1d

SHA1
ca544299d4fa1b9aaee50475502c0d70993d3a3a

SHA256
ecdfae28bf842bf769fee1c361bfcbc90cd4266627f502eab2614af3b0c9a2da

SHA512
96b4887ea014f525be79852ebee571e3e7523e83f30a57946f5f60edb723d12733136f4d62b88fac7b2690ed7f7a4ece319d6d717ab37871130fe0cc9290806f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef86718933c79905d3ba06c9e0998b63

SHA1
9f976ab634d45ac39e18c279ed39a20d0beb44c7

SHA256
4d54c179b6ee748ea65b90622156d4ffdb611a23cffd0d5e6fca19018b433ae6

SHA512
ac8e007ce4a2ebca2e0907919bd2e48f9fa3983ef0702859eedb03b0124739e5690f3a79b50bfb0ba3942503c7069284e53b2128d1d33297275db252cf306d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89f74b6fae6482f97496f0dd3fdcc3a2

SHA1
5f7f8783ab059ccd7c91e8a632a32e77ad99cd34

SHA256
2d2626dd094c3e274967d04c0563b6bec6cd6846a0e17470b42c05327f5a52f7

SHA512
f5afce18ca972a9e559b589751a9a1e43d57b699900fa50d0ab6b1fa9162ac3ca8a7d4741813f31a2b03705c05bc52ea026c03a607857d11f2faffce1f690f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e32ae0b8bdce51c3d347d460c659d642

SHA1
ea9ed24bedc8633caf24bc418f53814f15c264c1

SHA256
e0c4310b6591270a8bb6da8648c45db8ccf9ba9bd1a34c91fce5cd252c38c030

SHA512
2dcc599c2f89d1aed6b6bdb368a23ab56cd539f23df183aa83365cf50b4c1f7bbed9160e781eb32c9c3468a7fba0455578ddf7dd499f4ed67a803809f766d643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
86da6c32368fd9a0e390b9847c7b0388

SHA1
32c68f98bfd9d70929b5332e485fbc641251d006

SHA256
6e7f05728552320125355de3bce6ffc98dce330d76a6c8d5d68872d4779239ab

SHA512
765dae1d225c911a26063f2414a87c69b9f1bbcf20cc7f8ebb5e04744d3aa2b3e5c39990b90147ffbea72622a7849f4e9d46b5454c78d4648a5f8032cc8ffa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2b10141fe2a21546d8b55724b06d00d

SHA1
fcbe12347defaa852f1887a64f75b6b7c2b393f8

SHA256
7aee8c234a08f41b3b63f5c1b9e8b711dfe3db48ff74c1d4bb4ed1b6236985ad

SHA512
0b55800ec908a73748f8709d2bedb7ce79364f180c28d2337b4ef7aabdbd7e20f166121663c725f387dded28a769dd26019a70ea4c7ff173623b91de9b2467b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
15c6a691e35454c7d5094e92c846d43a

SHA1
ca833ab212b64fc12a69ea2a4e57ab42d8b0b49d

SHA256
90172c89130e8a15ecf667e31940f3608364885787aa214c6ef9a4ac4fa6bff3

SHA512
7537b460a28c884574807f1e0ff5fd79e56bd5fbc15dda20a398802b4bb10ea2854e9278c4001b89b9dce52a20add9712765e682daf3afef47fa6902751c9736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
028001468f62cad55605318329e242e5

SHA1
e9edea50cda25f1a3065704ddf08098f8221551c

SHA256
5a27660d227981802ddf15feee666e3eb08389f6e63b6521a5a7299a7b201530

SHA512
5511da3893027a69673cafd548dee7ca8b39bb90f38c9e853c0bd68258d9bfefbf27fbbb7bb09722f28dabb2e22276b8fd2420f7c975290e93e6a8a809cc728f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e8df.TMP

Filesize
538B

MD5
b0c5161ff09cd8a5e3fd406a39ec8308

SHA1
f66372f03de573dc35549e21accc40833da7d917

SHA256
502004c5cd7539a4f5f9fc47c3471df26f1ca4d340f0dba8c7613c3d5e6ce120

SHA512
5e0a28c549ba31e8380b0365d9ab83e5d70e91b6ff7067e552951f228b2132760bc70417dede4e4639fadc08fc4df4ce28c416708a501ce576afbdf70df7c0f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f4731d06fd48618a2c0180aa327c4193

SHA1
c4e4db528c1bb947265f977b68d1fb3cf2578405

SHA256
73815ee66931c05e8b3d0745b960ca5bdc919a383de71ddb1511aef1a5981562

SHA512
b260127bdb385bd86092404eff8738a91e6d6938b51150a5899022e2c1f3f187b300f24764d4379fc65bb94de0b358e85c0d77309bd324b8ba01605844d71c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7cff8007e69da77192a09fca20cfd586

SHA1
d92b9b97d08cc6e1c10bc99f25f95ba5e65920c2

SHA256
ec8e6c86482558d55bf024115de6ffdb45c879ff14e42534a5f295ad70549b61

SHA512
f0c05c6f4776b3b7ee5ab7a9b30bc719cf8972ce6bf1e9cd846c3d75a3aea12ebf09e831fc2ae44f6fefe2063548f65aa4a82f1eb02eacf32a61a935992d243d

Download Submit