a044921ace95ea67d5418c171dec096faa94d74d090e20ca6095fa6eca1222e6

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download.html
Size

12KB
MD5

2129fc761f92d27c98422c1b7b6c0266
SHA1

ade86f2d265c322fc2423badda35265f242bb3dd
SHA256

a044921ace95ea67d5418c171dec096faa94d74d090e20ca6095fa6eca1222e6
SHA512

6e8427424445dd526fa6c1196730848a7f38127bc270e1902fca84f9254e47be30ab513cc8260772f097c3c41082793ba1efdeece19aed7093c0f65a6282e3ac
SSDEEP

192:rFQrdx197RnDnpz6tRiH4QodWlzJGjDSvjGmpQ4K7hQi:UDpz6TKGjDGjGmpQ4EX

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4364	msedge.exe
4364	msedge.exe
2212	identity_helper.exe
2212	identity_helper.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 4444	4364	msedge.exe	82
PID 4364 wrote to memory of 4444	4364	msedge.exe	82
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4412	4364	msedge.exe	83
PID 4364 wrote to memory of 4920	4364	msedge.exe	84
PID 4364 wrote to memory of 4920	4364	msedge.exe	84
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85
PID 4364 wrote to memory of 1080	4364	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\download.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff88fe46f8,0x7fff88fe4708,0x7fff88fe4718
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,492283497447895413,13440440199824095415,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ee894e6fdbce0c805363ca783c73ac24

SHA1
e54514857c5fef097c40a968ffeffd0bb9df7fdf

SHA256
a1a38e39f3a2641c54ff5d7d6123407ddbe265cad0b09bab75fae07a4b16c77e

SHA512
63667b7823e8796718fbc918b9d861d3ce9ef503727b6e1cadced10b8f2e58f93a07c42f6d3b0cbe5a30c67791660cc08364f27c636f5f79f740f7e84ff994c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
a084f19bae8cc6b1fd067491b8a60229

SHA1
dbed0d0af55163d4a5f7f40bba739adf4b47be22

SHA256
9de561e071c6a1e1caafcd50395738458c112e4172a4aff1e2dda754bb23ce0c

SHA512
90e2412a6258df1e611c38cfd5008e783641fd15025caeb7e267ce779af833a607dc984b64663b4546d0f46ed02a2329abb2b1098e00a26d5396bca38f1314e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3a86a9cfeeb06edbc8230f3db4ee9e11

SHA1
ac9658b9a2be1b20a80f456c20238c0c7442c2c5

SHA256
2620484893a2d29fce702c301a0adfd1453a96fa52b48deb5185f2a97e11a3ec

SHA512
1d958ac728878b51cb7202bd83bb4f7e17b62f2676e052d78269f92101ee47d84852038076d815b9a9d1b6a6fc7a950dc1936592d86a89e8bb0d099fcf7307de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
baea8eddfb4daac0f2065fc394753207

SHA1
35d268c688fe4e1aaa3428cd5db9cd4371fca753

SHA256
34bb3d5ce633d53f75563d93cf6b52fa70abf26443f410e73303af0cb11e716e

SHA512
5a2c07bede34e91f6aec9e422f6206d52f6c0f3d1f059c137d2996df92654f9acdd05179eaf47b556020ca016d35be5965f413037ec3f810b7378250b9544799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7b6dc8655ef122c50e612f73b6cf43b7

SHA1
062b98895aeeb95070720793dca1419420fa7858

SHA256
e76a82379c964c53c1a6b3718557bde17196ff0431cec4faa2993b7fad8d28c6

SHA512
7cbb9afe9c71067a4920730a831d9efa50390c28269a5b84c2115e950db5ace8948c69482e099710f511780be2d3dba8b42805d47c0685ee9aa388946950d780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
561a1e435f600092facaa2d9df7a39e2

SHA1
5f71936efe10608dad849e0e47642019ec1ef4b1

SHA256
55527c98b227bbda4c3055bed2955af36e4a2134d70541ed3fcc24aa5740b1dc

SHA512
31bbdba5d0ec67490097eb042e99aeda4130ecbfa938e89744a0614902135f49726d4b00d469d4d4a874e3ef20ebd5f7996eb8a5fad28d587d6619721d9cea1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
801ce01510c4590243db1d16fc228770

SHA1
ac1a1d3b535c4f196a17ab14cc5648c926a165fe

SHA256
453599c29f01f9e1b454c2335bb7bb96191c66196ab5e4503ecc35a222d53b83

SHA512
9870f609f9f21ed2a33fed80ca69add37fde6bb8baf9fab15719b458b39dc0b1aabcb20381cb900dd39f632e3200810ea5b9103fcc978090652485f1baf3e7f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3510706820e152dbc005f84f3f02634a

SHA1
b1dfaf71d69f99417e3b41d9bfb6201e766d08fc

SHA256
d5521d9f391af60b8747c9d1515be714a25fd7c3cd8594d6e7dd884c3d0bafdf

SHA512
55dd8b3c03ef92955a32bf58a5192349ba7fb671fb9160482ffd56984654b19a0df8c12196db12853eea8f0fc110b996be1b2cabbf1db2ea994f29eafb190cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
0e93bf42dd36ae5bc5ac7bca6fb58762

SHA1
2ef87bc06b0c1e75b2b56185ebe2ef393dadd253

SHA256
ed8fef15b58c6f36d8cb5e9cb7b301a75142d2f1cb5095d124184018c3efb12c

SHA512
5fbf2b0b341d0018aca77247d915dff1e4f259b55dbc14b3b434f61cb76b6042d4a65082b3bef6e1af8d756d8d80f250f40ad09036876aa54bcf726f8c4f9c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
657137f371b623d66bbb9b83fc596a1a

SHA1
44f4871a077320d5bb3bced2624a465bbad3c553

SHA256
8bf6a1eacbf2b2eb8c4ee3b979f365d273d0d187674317f19b42f683d19e25ca

SHA512
8c5f59802167efb65e2773f43d5f74f5a3ef062237f4f15d385c23b66e592f839ed8ccd4edc9f77ef4554e65045de2d58d7c4df7086f441e438eeb96714c6613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
3d643a2e92cbe47c3e16c7a0ed659de2

SHA1
4e079eccfcf7e18a24f44ffabefef04f7ac6bfab

SHA256
3e94132f876bb440d7afacb914482ba84b9128a6e07830542791a4bae85ecc35

SHA512
96ca78833391e3df7c7ad80f3571275eadec6d53051fed30e01788818fe33943e45c8b02b4d679d58e1565c8da0af32d4d6b94b812ceec297f40f0ecee53cb10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
61fa24a4ec742be012d8ae76155e18c8

SHA1
62e3d896c1e61f1bc6ed2330fc819d7d0b8e8525

SHA256
df9fc8263aa968f07724539b83f5ed17dfdc7e76c1af49452b1fd48a0ef631a1

SHA512
91292efb38eb16ad84757490984044c91c38779f617c57df6efbb6ae1031138e3a67079bfdf1c2c5860086cd72e240582e81c6541692f075e2c5b221abcb0aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58506d.TMP

Filesize
204B

MD5
8b05175ef661b4a8e8576a515305be44

SHA1
12c0cb01c14d9c2b50196a8273d7813a2b1205c7

SHA256
93427ebadfd4945bd2f0a2675bbe3f7864b16f58d7986964930f12dabb1407c1

SHA512
46cdf29e53882c2f6ea5dd34ff799c06308e5a454782a1e14beaa981ff03785a324e7c36c3e480e6b8c288af42866841c550db49cbf069b155bdf957a45cde9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a11d3214-202f-4c08-b1f6-eb1ed44e94fc.tmp

Filesize
875B

MD5
b84ff15b0caa26d7b5912bb3e5dc67f0

SHA1
0c0e957433c9adbe0e206ce4e95ee45c8a1b78e4

SHA256
14dd616d4195831cbd99ef55103fc8a709047bea0c1b54b313d21e2bbbf36955

SHA512
b27bd2db1bcd1417e6f1c87d56fa2dcede9f27f11c9024316fef4a274ce162ea4079e3904ef51b6add6f4734f72e100e21de9625a3d86e1d8d2a4c573160cfa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
389c689c1a4c264b08de37bcb426e7ae

SHA1
63b548e0a04066d332c742d85f1beffdb6ea072c

SHA256
8bb4b7c1d175c1fab97f510fcd1c8fb4bae3a2abb9a1171298b6446a9f285a3b

SHA512
ed112627fea22df2f6715d61082c3ed065b55dedcb754213d3d7158c3b9f1810b463efa6c1d4f78333dfab610bcf06a1d28a01feb6a72a712ddef57a49fabb0e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
974cbd4e650e3e6d888e213989ee81f4

SHA1
39457c3ff34708aa25ddbcb6adbf4ab54bb8fac0

SHA256
8e3852e429302c4eb5b1ace7998d1487c523b0625d3292f1be34b66c7dc3d2ee

SHA512
3e60d79cfec08a31ade18b7f9f8b3da2dc9d2b94ac11a739201609899c8981f91bc3ac4158fa41b8de1fdfb6f6789e826bd6e0ad0ddc6563e7a16358cc1f372b

Download Submit