3398f45b09b312ed7269fff159657011dec9e775f9622392d08a3b1226279edc

Resubmissions

04-12-2024 00:57

241204-bbfn5ayncq 5

04-12-2024 00:56

241204-bads5stje1 5

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2024 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bing-wallpaper.html
Size

151KB
MD5

7ab2c41f005d208fda00fca64e4f1bdd
SHA1

25a4b6ecd09f83740350709a71f334466b7038bf
SHA256

3398f45b09b312ed7269fff159657011dec9e775f9622392d08a3b1226279edc
SHA512

cd69e367fc91f165104d98394198aecc1eaf0494b3014b6e44c5b44b6dc8a5dd1a89c70d91828ec4f61660dc86e626875139eefd2c3346e411bdb50244fcdaf7
SSDEEP

3072:Vi7bJVeAQOw5MxamOPOCQJSx60WKOkOLuj20xpC:OeAQAOPOCQJzK5C

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2608	msedge.exe
2608	msedge.exe
4932	msedge.exe
4932	msedge.exe
4004	identity_helper.exe
4004	identity_helper.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 4656	4932	msedge.exe	83
PID 4932 wrote to memory of 4656	4932	msedge.exe	83
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 412	4932	msedge.exe	84
PID 4932 wrote to memory of 2608	4932	msedge.exe	85
PID 4932 wrote to memory of 2608	4932	msedge.exe	85
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86
PID 4932 wrote to memory of 1336	4932	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\bing-wallpaper.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd3a146f8,0x7ffdd3a14708,0x7ffdd3a14718
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15686013407224136192,4135901686249743922,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
de2bcd14a7c1ae1860ae137ac40f8e7e

SHA1
f34d574828a6a44474978a19640d1c4a8a07e2ab

SHA256
65e15a3f38906b5ac69984c7a1fc124de3652d2c710fc940135e5083c27ad6ee

SHA512
7368b0e2022e53e93b8d22ea236b5a3ccb98d98c1f291b2949c888a3e3fe16b8836ae487161889a7199e242f0988d450ac800b44c8968baed195886d5fad4a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
90b2832b1cb38629d78320d079c32f45

SHA1
52ea69fe5391127a67ed361f290b4bce53ac8a14

SHA256
9aa9eb7362d0ca3f627889a97977015cacd7616ac87c4eb73dcce79c5764e128

SHA512
538c450f6a6f3d54b33f109b6295d833d1fd414c7065d53f032b2c0f4f060e19be1edfc20c9989078e8dc71c481734eb61960e1710b0157acb955a2dea0b429f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0960dc51b6224872edcea4986b3fa238

SHA1
7c0f7d7f029cbc3f5d3bf64df28e2326551cadbd

SHA256
799be7907c049280ad2293f1452c4c4fc050169ebc8439d13418473f6f819b6e

SHA512
242dc8636b775b17939d30991dafa36ab8e439fcfd68cb0538471ccce0e918ecae88c82e5f1cd15d4c33f6d62bab0006ee5d6520b8a377206b1f20157d75d822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74cd3b25afe8cd04243059b0f735f0b5

SHA1
7ecbc3d352e2b71a829f366a4d3d59e8edda1208

SHA256
29ae86c97d67a1d86612be675c98cf74d9ff8def4a316ebd6f7d585534279aa0

SHA512
2920851955f9f010012378941e17f9232668e6a0f2d8b204cf9d35c359fa3e85312025aa1e7647b97e083eb5fd1ba89a3becacb1d2c3cdb0871698626f6007a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b2c21ade3dc3c651b58e540b3935642d

SHA1
457e6fffa4c715ab3fafe1a7d36a260076462df2

SHA256
facc18a5a69b8168166b85ba4d0c799fb5702140538cedd2806df6ea8cb0fe74

SHA512
3ef6836f65f054af75a7f51ae1ac3eecb38b73f13ad8ade3d0b88bff3f87dab3e8d295a15c15dc01048de10aa5ca3a86dc1976000c643e99d97d25b7446386c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b47b.TMP

Filesize
48B

MD5
fef57f7cb3a869143f2054a3fb2f66e7

SHA1
742a89eaca433136d4efaa489bdbbc2e1d4f0358

SHA256
c83a8b8045228c5049b2c11f1ad74e2a6dd6b29c2337f144f38f7bdfe3d61ae5

SHA512
ac9798d9562b72c9b05c2c0166d82cbe2d467ca801a213115c76b34e46389025ecda04847c9b9e14e6596ff4053d84e623780f22e2b2bcade5bfbec03ec817f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
346bd2685d9ff8adf60a7b12b07537aa

SHA1
f62b66c32704da69a1b181bebe593e15f12d1b7e

SHA256
2a4bc071bf930d75938484b4c10b5a175699da75bc68cb2c05b3018c0d938222

SHA512
c4df45f1d6b537599c21878604b8bd3120a46118197dab4c4473149c7c3f7f52e7af72c9c8d96cd64800544745da7154de32c90e559ddb5b518e3b73a7537a3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0488310346adc8f30fa96ec7b09b230

SHA1
00963af1f449a024d036a78a2ea5efd1ed0dcf0b

SHA256
d0decbfa322a7e6c48f9402347fda80fa95c14cc91a803e504c30beded077c48

SHA512
b5a5a3b53990f6d39f23b91b87794a57cdb6d4336c4d465778ba9766ee381ad3890cb7d8ae9d3bde5d903e4fd57b22fa6811c5f8cfa1289d98d8ea4a265e1eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
685fd2814ae3462e8ccfe680e720ba52

SHA1
21fe23faf82eefe05bac4b7be9a16bc011280a3f

SHA256
96aa3bf6ab0a4b718c9c607fa11f80f07d020a62903ab510b82667fc445acda4

SHA512
8b16d04238d1ff5e7a2b4bead85a0b9713801fb221eaa1c62680e9be1c7886edc92bf9c3f3503893e1f6e55800c8e83934a650d05a9a86b22be2997cdac65334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f84cd9aad1fba297320cdecc6e6bc43b

SHA1
c7ca6bfaa69e99ad12d189d8de6daf68d37133e0

SHA256
7451843fd4443ccb54f07d2223a471f95d01eb8d9e1436a4aef5db820e5b9169

SHA512
69ce571abb3b2b236e6868aa85750c650e6d09f4a191c57683b6e8966c84530fb08d4b9ce55d1ea46f97fba362c9aa516b0e3a8f9e116d5cdacfba22f8108c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad47.TMP

Filesize
1KB

MD5
d1a0e515560ef2ced8c0b4f3860e3289

SHA1
c5de3820c54b7362d9621e8aa5efe185902adb4c

SHA256
ad47a6fb5d2091546f8dce066318dff7f89c2f89806b26a1426afcdfc3079162

SHA512
76b5a83b9927f2c90c0dc1a14b4575e53a32c7e362f092f7e7075a5f6f2c2c05660fb445ee728efb47120ee65d7a679d7c006553065a9b303e95bd9e2b0a456e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
010f1c0aac4247e83d97d1c8e051a149

SHA1
47fb28ceb7e81189fba1befc86a655e5463d53a2

SHA256
5a9d9f56a9bc44c74e456b1f35df6bef7846cbefcadf03293250248f5c9d2cb2

SHA512
4b43264e4ba9e14614284e999d79ecff80534f0ba8058cc1826fc51abec2948233596ec5411e78060a256314fbfa44e4b4f3d1a6d3cc7ca23bcd7c4d2fb0a277

Download Submit