d9d7b4d412726234c65f4b39fdcc375a97ac0aa11ffe180621f825f968176628

Analysis

max time kernel
840s
max time network
867s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09/10/2024, 19:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

33D34lw.html
Size

19KB
MD5

795fc64e8234be7b4b409a3e39f53664
SHA1

8b4645762e1a8d6535d5e1f5be92c74aa4592967
SHA256

d9d7b4d412726234c65f4b39fdcc375a97ac0aa11ffe180621f825f968176628
SHA512

9db27754a37430a08df8002bd02ed35f80e2bbd8ce11dda72729b51d793574fc1fdea6db172026e1328d5d48c280951e0bd951da0e2a1d1a84c2e35d343e92e3
SSDEEP

384:DHexwuTAjcJK5NuJL14AvqDy6zpGqaRuhgGNd9rJriB0riBj6kQ1KNkt:DHexwuTAjcJKfuJCANQpZnhgM1rs0rsi

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4249425805-3408538557-1766626484-1000\{5BD7F847-D96F-47A5-8D9B-253CD545E65B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
2416	msedge.exe
2416	msedge.exe
3860	msedge.exe
3860	msedge.exe
5016	msedge.exe
5016	msedge.exe
2864	identity_helper.exe
2864	identity_helper.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
672	Process not Found
672	Process not Found
672	Process not Found
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2284	2416	msedge.exe	80
PID 2416 wrote to memory of 2284	2416	msedge.exe	80
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 4428	2416	msedge.exe	81
PID 2416 wrote to memory of 3392	2416	msedge.exe	82
PID 2416 wrote to memory of 3392	2416	msedge.exe	82
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83
PID 2416 wrote to memory of 3612	2416	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\33D34lw.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff5e1e3cb8,0x7fff5e1e3cc8,0x7fff5e1e3cd8
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5396 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2469510399822345647,5850682574114603748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1c36dbf01650c4bedd20fab05e080363

SHA1
0a8e9171a64ad374ae58c3b1ae9af73fbe860303

SHA256
2e2859f560c974e1a34d56a9068cfa955b25a7f7c0542f955a249acfd4f0cb04

SHA512
dfdf3c95d62b76c9dd0ba38ad3aa325ad3bb624b63447dbf66d8d6ef597d4b0d570f9e1474661d1eb3de23e2f3fcaa51a5335ff85c9b5628b1b704b82750da43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
424cbffafee904f3d623ae3ccab2d321

SHA1
c7e8f2232dcdee4c2ea070f2215ffadf3daae1a7

SHA256
abeed0bda147db286ec21b435edd9863796e5bc2cbcb563d4bd134ea1f0b6d81

SHA512
32ea8ca403f0fa3351d1e900a56d1e83692589d771700eca3ef79a66fc60cd10534011c1dc89686f759d1b93c8c256846184bca894372c94e5dd62761a9cfe46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cba710b42f51f1dfac6b57fc679e96b6

SHA1
e6913c3318bdc92d7e8baa1cceb6ee12d1252160

SHA256
2d0eb101779e8ba6a1bc2d22c1de6a70448fad3ed657bf4777972a81fff39164

SHA512
a9ae602902527f1c037e54f6a54843d5381a9a8d793dbf43e1af072671ce607741c7a62a745c888caf0f6fcb53df750edc6f8ef7c295cfe86f076ac37b952a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d77ce796dbe6b2c2a9f1947935f2636b

SHA1
214bb2d9bbc92f7f8eda55b7ef05e77323cf882a

SHA256
1bcaf66e2f2d6f5422211051100d175fa981c03666c299366d5e1e2d85d288e6

SHA512
366f8162cce23aa9f581b55da9ee11210c6f03d7beeb92dae9f850d12512b46c863121567e1ca91c9402d61a21449f26cee5d74ecb02c28bc37bb5d7058bfb13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d1ea4bb8262d4e57e89c1f9855bb9a78

SHA1
c2dbd296aca2b72667cf2d592774d983f78c5625

SHA256
4bc759a650c69a6424f70e2c3a2f561ff8565b2788b381419dce66ff330016a8

SHA512
7431c512bdd6f814480b758c81afd968e4f2ba1af3fbdd59892b85c40f5f7fd6628ffe40181aa5ae549f2d6edd4e3740f49f9f7bc855bd52537db48a1c54174e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6aee39c2e39137a77cfe6f64cc3c3861

SHA1
77c8aa761271d6c66616128fd6f1d1a41d4d6647

SHA256
0de82afedbc73bea915fff2044e23521471371cd5693fd4629ca6058ae75855d

SHA512
68e3bb45a61104c6ae90317511ec66838641b7e611df71348903de8da9687a56df13e3a6adb162f56886d22c4c8af631b264a81a6944c952b1b919d047003eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5154621c6f509fff1f914eb163577efe

SHA1
7a772cfbb9ead22b5296ef1424f51eae3e404190

SHA256
031daa7a6968bab52ca95efb922a5630a7ff2faa28417667d18bff99ef4d9742

SHA512
39cd2a18a695545e8e7fea67fd1dcbc88ecc1534b39206130563c5750ad3596123e89a74cf5c068054236005a29914e451d748e7fdc5e5e9f17a63a00bea1bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f67e2974f1452ddea459c426682f80da

SHA1
275e6f0df9f2aece3064e0d487fd71380e6cbdbc

SHA256
880532b115b39032cb9bab5c629375e878998985d385acedc1b46488a9aa0677

SHA512
aa0df85d6b5028ff5dbe7fd03a8fa01341f2877bc58e75fb84776cff2e35ef7de44387de89ee4fd81ad938f175b629d67024755b8c511c9f0082e77ed7373b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ae969b34fbeb68bd1f649f6f1cacba76

SHA1
16f78875489ac3ba015b401ead28231b80ff79b1

SHA256
c70de09b70773130adaace20adef2ccbb3a5737f183de497a0c113b305c5893a

SHA512
a3b993107e382e32ef7a2bc1ab99dd02a925d22f7729770df1b962f779b4b9d4ba520e30e2e3f3a90f802cb24d9d60e1ac630ead2f18ee8e923b7c2fc038a54f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
28643a5866f404710d6195b948a6de90

SHA1
6ef25efd848982c737eee15e0776b7a08dbb0abb

SHA256
c885375a0f3ae40805157d4aecd1f9bedf9ec51b52f483e99013ed06a8339407

SHA512
79ae9abee23d71bbd5539d40c95ad1106f545c7c1a19c3302c7bf4fcdbc4c3ff6d5d20c121d3a91d9c9171b7bcd702f6dcb5c98db36d8a1713df68208e9b59cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
52110647a36452ac8bc32a8544a0a9ad

SHA1
ac555279e639903c4ebe5412930910dedc4ec93f

SHA256
17a8e10e69d47b70ee22a2e8b4c2484e5ca13dd7ccfd73e6aad2538ddac89f5f

SHA512
96a844ca344edaf2a0518a3df245e7152623d6d6b0f2899a82b65bbbf55ced0307d66da6a1aa78935c53857ec61a4eab25856c067edab16320b912a72940656b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
928fc2ebfcd909eab951da62fcef4b53

SHA1
411f58a17301577461b424d66e2a8b4a35fea28c

SHA256
e6a5a24ff931669ca793f2870719acf3b95eab877d4c8c3ceb01ed7e7d2305fd

SHA512
1590b6c1d3eef2a4f5c144fd389dd046d284866c38442c1c81a3ddf33e1140ed10ac41cd60ed96c5dced7ac6140c7a3d0501744abd86ebe9cfde1d295902d920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
67e8bccc2782ec91c61b82eb58d29d4f

SHA1
1b30367b7800258bad41510d79e0ef961d628894

SHA256
f3f4b4c7f99c7354ff51c9ee59cda5b32c5ebc8a568caa37bf30eb43339ebb89

SHA512
ccf41498f270d09618adf936f63d9d3d2f18ba4b3c813673dd9f6bd8aaea3e166a4dafcf44432e7fed6937ab272ff3e3d86176b74f0122481729f25c39be02cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
afbf0512179404ef9aaf94133db61a25

SHA1
e961298863a68ef08c7bab3de9f34748c9fb893b

SHA256
f736e04474736991c8c1d3487ee35b82054323ed2e1dc462385634d8303421b7

SHA512
8ff6d375c866adde360d99d3f52fe3ce2eacbc99d892c13f876c6d84a8923525943277cf09562fbb230ac3dd2d122e125228977206fff2e036a4299ab81f27b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587f0e.TMP

Filesize
371B

MD5
79087ca3aa4fc70d8c6f02d2de3c817d

SHA1
d83c38cb6b6c0757e69bc408d3810522fe10a5b8

SHA256
402761b09a749bc76871b952a46685c58ce4cbed4669b248a4806cce784eec2e

SHA512
bf6104ff5f6010b9a75fab3b09194bfbc58352f19ba88348dc50d1ca49007c807709178afd8f4ea31484d5ed416f3821aaedf508d186fffba6a90f7c52814ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
720933cf375270fd78d7885ba217da73

SHA1
19fd1568bf845e02cb372c1cbcb79c8eb31db504

SHA256
e2abf2c2a51d0b8009c74accfa2602d046998200b50002f514e9a908c2fb2324

SHA512
5ea4a31c98dd6a37f066a26776bb2c66470df51dd863b92a8d8a7ddc7943dbea09f9f6ef8fbd85c6ff7413b42d7593c8f0f5b5f6a6237237a7f2b83aaf77ac25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4a29071f9cee639c57b2c026842aaeac

SHA1
7b6f1ef94fa72444b82924be5ff51a174e4b376b

SHA256
bbdd68ff2582a7b6be18e231b283457449517fa9458471e2d21de0252011afbf

SHA512
8eef1db086c28a58f8b57a713624ac7eacb4dc020caaaad10bad7e6906fea5e2e8d7b59af09be9881d6227978ad4b63298dbcb49553ab5b74b54fcb746c57834

Download Submit