0d3e98ca727fc1201b436170af5a63f23348aaf146a3ac6234f6c4da283e8b34

Analysis

max time kernel
182s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 21:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

michael-keaton-came-batmans-best-line.html
Size

93B
MD5

b0d506893d4802090edf1644f5f082cd
SHA1

4bf0d7ecb70703857c7029754fa02a7496313b63
SHA256

0d3e98ca727fc1201b436170af5a63f23348aaf146a3ac6234f6c4da283e8b34
SHA512

9a104d02dd1afb7b1d7c26715fa650c3f1519744af8f57a57c1a8d39a1d75b16d3ca5da8e6e00966ebe2d73a9983679710585318acfed67804c4856b6d1928e5

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
548	msedge.exe
548	msedge.exe
2296	identity_helper.exe
2296	identity_helper.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 4556	548	msedge.exe	83
PID 548 wrote to memory of 4556	548	msedge.exe	83
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4980	548	msedge.exe	84
PID 548 wrote to memory of 4292	548	msedge.exe	85
PID 548 wrote to memory of 4292	548	msedge.exe	85
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86
PID 548 wrote to memory of 4340	548	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\michael-keaton-came-batmans-best-line.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb19cc46f8,0x7ffb19cc4708,0x7ffb19cc4718
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,8777387482417259925,13708861354575485716,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb2f1892c7d0050_0

Filesize
19KB

MD5
c4362364c85da2e285eb72d2fec78cb1

SHA1
7d677e9e050f2b8b8c9ae069b140999a855d1dda

SHA256
d608ad5d90a86e624d2e357326a456089fa3bf9a70ece37b637e843d4b6bea96

SHA512
12538df3827fac6bcef64ecee446a9de6a9cffab19d24f55045da7e4a55583d137e4c999dbbac8d79569e74f9a4846a459de1d5ce82de73763873839da333415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6c4a45c04e824034b77a31e52f2cc0ff

SHA1
f6d44ef8985b64a49fe0c4eb6847ac3c06261bf9

SHA256
475fbf52636bd7c737581681793c73027f802fd56a197c5cccc9da2dc03a42e4

SHA512
5c5f222adf85e3fe2e821b1840ec271d69d17abf3abd5b22450549d16bb4eacca7c176d07db49220cccea054584ae1428f204f9ec73d896381bd7b5632681e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
608aa527e21cd6bb99bc78405247eed6

SHA1
7bd390310ffced50c9250869daa564ca122b1fc4

SHA256
06a4801a098158b9835575a528e98d32ccb1bb0e64fa6773790d23f02f510363

SHA512
5ff2d8b3b4ef062ee026e417f9a0a8c45d9cc2875087bf3a67b864a99e592cea24eb80e15adf924974ebc8fc284a7deab6887bd4736df78457f269de881a7f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9cc88207f2569b1befdfe0dde8b0daa4

SHA1
51353c72ed105d7a902138df012f30e72acc182f

SHA256
c94f4862e5f99b3a514ac5bac4e0463767c0a4733a768766ee526ef111106579

SHA512
05aa6b188e1d3bdc09cbe5803e697b51f2ec9e8ef682d032eaf3bb54fdffd77433389a928c83ba914365042286e4089b4441a9e242fd8e9cc232a87fb5a9ab9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
686da3faaa247ecba93ee11e64787b03

SHA1
5d55b6120fcf53b438ca514692785ccab84ff004

SHA256
af9b6931947d9acde3024f62f0b7d8e50194af46dcf9c32b5b7b0023bc7a276d

SHA512
30152f0a47819956df2f9b809a15ab8fe856fd8ec67428f98358b5368348e1fa85f85406980ea43c619355c8d1aea43b292f96b9e19dec44918e3dce881ad81f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7d991f6e075c66a9d49ffd72affaf43a

SHA1
7eafa72b96ebb5262b243cd5d0ce0bd54a9d1df0

SHA256
ad82b2f76aa60ad95e9fddbedecf81741d7c1a679b6c0cb2efafe1e6296971d4

SHA512
d9284ec120a971bc4fe5232b8e278aa623fdde2105da58de1e374962117c2514216db39ef893a509fcda2a04fd3fdb16024a79ece2b7599d3efc0851bebc801f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b69021e29360e196b3c79d731dc4f41b

SHA1
bfbace905081002aac608b349d17d9987010e9e1

SHA256
7ab16d44326ccbb0884e8454dd135b0f96ad47048965930f234e86ece540c00b

SHA512
7a1bd58824c4975874d40238da6b9155cb3699031d3b9d31054345057604b04b4fd70e8a971cc438baea224e4ddf650c786bd9a026b6d5aaf3e2c5dd4d9c16f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2883badc04f6f099925773418c160555

SHA1
9f890913130dc78da8e929d859b98d0c8c61ab1d

SHA256
0d5ddf7b5078050911784fcf99f3cb2c948f2dc47876455becdf72941cd4c87d

SHA512
f438d20ad07eb04c463fa63d425414638d0ec77af82bc8c0e1b8c0bdf001a4b1539b83ff4dcd435ea1a9e7b264b8d751d0446e9e3fff2e7971ea2f22e53f97b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2b90b83b4110d19a800689c542d8c3cf

SHA1
1b4c59f07c3d28898e28a0afe24af238917aceef

SHA256
a41fdaf5962f2f6147b070aa7bba412bab64806491547d2e277ee4df3db04c73

SHA512
845fa83555376e512d5cfea8cb0bf3f9178d13d7c39c8613d77a079ff77c249d4d039797b7f474ac93043a6d734ab75a6084b8bec31242f64ae9ee7e5439164d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1aba557689080701f0e7474e1838bf44

SHA1
ca25e257a4309fdd0ec5b9c6bbcae42a6ef0b0ac

SHA256
2a0b3719b58ef152cf49f64c70eab4d87f231708c21b48c0b84473e390b8140b

SHA512
dc32fd703d306f0ef26b5f0668f5e08925cec04f2f31526d200c5e0f7afa77f7f315428f26cfc5dbf5f756cc97a64a12f1671ec2ac9a6700ca023ace90aa7d4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd9ee1128b914cda62c1cf43df8a6ae6

SHA1
a0cfb184001c32d6cada61bba6a366cfa6e40106

SHA256
690eef855fab0d1675e3246e1af66dbbc69e90b8de9b29ce26a33cf287f0ff76

SHA512
ee06319773e3aa63ba4d418639ee14c33112c573ed512f234b5ba759d3832b5663f41d3c938a8cde2c9beedd3bbecdbe706b226d7aecf7980786852849cbf3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2bc575634d6c04b9a058cfd5c30b012f

SHA1
d0aae7dbd30d6afa212cc842bf71f5311a2b48df

SHA256
54d6e9ba83a81574a789ed66c8f05a3463f22985a92e8288ac90aa2e703fd789

SHA512
474a929446aba860da3abdaaa4f03624395717fbcc2979398a239af00fb5c60ba83d81e073db90dca9b61de36a4c7469cae1e99ca4928378983e2a2ddb65e940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2f3e056d4e9c0e51b8ab9e16eb5bfb7

SHA1
9eeb10cfeb5df6b1fd3b2cde048e91631d86ca72

SHA256
d6b4d9e58c6aa488116bc77912ee6836ccc2668065cd824499ebef3e8e5f10bf

SHA512
92798e80d198776bcc13375a9afaa7f9f39688fefb4dce0aa5e94c5a6d60946659580a33100bcea30f58b99d3ea6474d8bfdb4f0bfe42fc32cab9b2963823fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b12a.TMP

Filesize
705B

MD5
05c2c05c52017f3a25b3257861d399c4

SHA1
d6e348c1e42145608df31fff028f06941f8fc53f

SHA256
cf3cee1c867523705e3f7813393e5209850f4bf5ae982d20213b6021868707df

SHA512
9824b3aca429816154d464217aa27e4b5cff7b4fdd2fff5e8bd858077693b3bfd6512e64376fdb2b8d23cba0d9c1753bbd13ae4ab1b4397ef00bd720ba667de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c5609b7101e2f755453d249a9b8ebced

SHA1
7b7292352b1294ce40e12fe0fb5b888895344ff3

SHA256
fbf7e98a36b4094dc05295cbf68120176c275af56e7fc89ff2696de555ede442

SHA512
4afd042cecdeec57a9c08ceedf5b88b4d08a68853240bf939f74d84f8e71a90c571674cd1d38240d8d22272452948c0e784f877279b55a2b4a304c5bc9e72940

Download Submit