hxxps://links[.]milanote[.]com/uni/ls/click?upn=u001[.]qLX9yCzR-2FsrNCveODBYktWd2QtsYHwBxjMjZ1TpW-2F9lZdAf5STwUhyaGQHzHPUx-2FNQxJ30vBX2Y81zxqoisMGMqOvOyKqTzQA08jTvkGdkXIRnTIJ74clhJV9FJLnnaAsWFoxEWqxKk-2BA2qeCTh-2F6Q-3D-3DW9d5_WA7Xc4T8Sqer3xyrekkmupnYceSwGsGdnamiEdEsjajhLqFLe37BsQvKgGbBGvdfQ6X0Bzm-2BFw9u8QsnNTCp-2FHgW3vwJN4gW6Pyy8ta9v8zHYqFF40w2Y15HXzHo34nGRQzcj8dJgKQosHXbuP4-2BHtLJErXZEbJveQs5qmsyFYm8hTwPJ-2FSnBJiEloT65ph8

Resubmissions

12-12-2024 20:42

241212-zhb7aaxja1 3

12-12-2024 20:41

241212-zgkf9swrhw 3

12-12-2024 20:38

241212-ze8q3syndk 3

12-12-2024 19:08

241212-xtbzjstqfy 5

Analysis

max time kernel
81s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-12-2024 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://links.milanote.com/uni/ls/click?upn=u001.qLX9yCzR-2FsrNCveODBYktWd2QtsYHwBxjMjZ1TpW-2F9lZdAf5STwUhyaGQHzHPUx-2FNQxJ30vBX2Y81zxqoisMGMqOvOyKqTzQA08jTvkGdkXIRnTIJ74clhJV9FJLnnaAsWFoxEWqxKk-2BA2qeCTh-2F6Q-3D-3DW9d5_WA7Xc4T8Sqer3xyrekkmupnYceSwGsGdnamiEdEsjajhLqFLe37BsQvKgGbBGvdfQ6X0Bzm-2BFw9u8QsnNTCp-2FHgW3vwJN4gW6Pyy8ta9v8zHYqFF40w2Y15HXzHo34nGRQzcj8dJgKQosHXbuP4-2BHtLJErXZEbJveQs5qmsyFYm8hTwPJ-2FSnBJiEloT65ph8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
4872	msedge.exe
4872	msedge.exe
1188	identity_helper.exe
1188	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 3648	4872	msedge.exe	83
PID 4872 wrote to memory of 3648	4872	msedge.exe	83
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 5100	4872	msedge.exe	84
PID 4872 wrote to memory of 3336	4872	msedge.exe	85
PID 4872 wrote to memory of 3336	4872	msedge.exe	85
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86
PID 4872 wrote to memory of 4336	4872	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://links.milanote.com/uni/ls/click?upn=u001.qLX9yCzR-2FsrNCveODBYktWd2QtsYHwBxjMjZ1TpW-2F9lZdAf5STwUhyaGQHzHPUx-2FNQxJ30vBX2Y81zxqoisMGMqOvOyKqTzQA08jTvkGdkXIRnTIJ74clhJV9FJLnnaAsWFoxEWqxKk-2BA2qeCTh-2F6Q-3D-3DW9d5_WA7Xc4T8Sqer3xyrekkmupnYceSwGsGdnamiEdEsjajhLqFLe37BsQvKgGbBGvdfQ6X0Bzm-2BFw9u8QsnNTCp-2FHgW3vwJN4gW6Pyy8ta9v8zHYqFF40w2Y15HXzHo34nGRQzcj8dJgKQosHXbuP4-2BHtLJErXZEbJveQs5qmsyFYm8hTwPJ-2FSnBJiEloT65ph8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd576f46f8,0x7ffd576f4708,0x7ffd576f4718
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12637563579130674383,1399204471070330917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12637563579130674383,1399204471070330917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12637563579130674383,1399204471070330917,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12637563579130674383,1399204471070330917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12637563579130674383,1399204471070330917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12637563579130674383,1399204471070330917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12637563579130674383,1399204471070330917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12637563579130674383,1399204471070330917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12637563579130674383,1399204471070330917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12637563579130674383,1399204471070330917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12637563579130674383,1399204471070330917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12637563579130674383,1399204471070330917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:1380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
3410ec3647962801b2972d24c8c7e272

SHA1
8761cd6081de97f87fc50d90d354f728cb99a7e2

SHA256
4ef9c634920dfc23b97b9030c035b0f3b2f4f7d289802143cdc17c8c1a1e34e4

SHA512
9712546692fcd961d7de039cbcdf4b48237378dc1f476f74cd333cd74af7e8d0767e69578dca5c029ac1d7bb32021c5bca690794e64df8a67f2cdba1caabf014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
04d1f52984ea8fae0ef56fdb49a1389f

SHA1
8e99b47186e4dfb3c5999b5d534b44628d27be1a

SHA256
f741e071ef13edb327ec1661012bf5750dd2d4c2d6d39796c71c146da527d9eb

SHA512
7121f9a71ee3e28c491e5a2571784dd1d1d19bac425d7ac4d3fd0f75789b7b581d4f3c41e9f7d05939402ea3e9fef29a883edecff76074448619eac7d85f65ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
48e0a2c8f18f3cf6dbced01ea0f95967

SHA1
de74f4831aebe72710cdbe233669e4ba51031bb7

SHA256
3753944d0ff819ffc1cb20e87d6f1096fca0b2484bbacd4d4d16a9fbbec7b918

SHA512
2676f8736c5595bf58e870bae2aa1ecc2871e52fd4b2c51fd07b590e5a40589479e8def2898252ebf2181a2d88aa407b8f0d489716bd2a4fa515e1cdb33e49f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d596c00071ddcf2e0961ce16328fb3d

SHA1
964670999605748ee3d55610a590ba2efb2f4bc4

SHA256
7fcc1322e25205b5f033cfcb3a809d356edec2cf6123d1f64b2a2c1d22edbd63

SHA512
5b78cb600e8a2b1fd0db7f935adfe50019815ff47e29134fcf4f8ccc8e49208688663792499fe0ccb21e6b48432593b89d79b7a44c594b6ef6cc2e6b1d183d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
11d5e3f9611dfb9139dbf5b1d24b82c0

SHA1
cfe0fc97e628d4ce6f1d83ebacac3ffc137d6c98

SHA256
991296188283fc7bfcd5c1607988c25024775fabf81e483fff0a123ae7a35365

SHA512
7754c5d64491e4619d76cd237f6d61a2cd269475fe21e607d468f1484db9eacd5134e85e6331f938cca3880322ffe85a954e1dd7a449353851e09ab1314150ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
340da45efe4cc65c78b8b444931684ac

SHA1
13455b7c17a69d4eb3ef2c2ddf5fb8904f5f6ddd

SHA256
4c78dafdacbb0dfd4cc93a4df107fd589262612ecf2dab9d3b22ff57266faf75

SHA512
260c4512c56411a916b0d75eb41cc8d7e2d06354ab67b1a92601b6bfc8843201b0710e33d5019cc890f34400e60d425ba0aec8a630de0f9c55977489f84e0418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fee68828e698a18fe03c7dfa7cb56e16

SHA1
01f0e33058d6588675bd7d4f3190f4a55fe15aae

SHA256
d146f00bc6c3adb46e8ec0ffa065659b6a121aefa59a96c70d09943b56422de9

SHA512
4944274d454b0005cceac9f705253a5469e3be03733daf104c480a0c82b40344d18f0af4312c5a06c2a78c727a76570b21e0f0ad7ca70a330b71b4238022bc93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\c9916667-ca54-4c6e-a2d9-5a7178318494\index-dir\the-real-index

Filesize
72B

MD5
d14964007fc8d873b01b403753e2b285

SHA1
3d4864f3c15e9889d6cbb05c7b52c57b9e141e6a

SHA256
dd3c2f557bea0922ae81c5ce294fe17b76723a59ffd2f7c381e531f8b9eac7dd

SHA512
83998d3243f44c2c736c086cd8da31a1bcfcdff06e7accd428a14385c7f7e1260139341f84bed9c3b2ca58aebc9a41ba8c995d6e78d9693432cc1e1889267115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\c9916667-ca54-4c6e-a2d9-5a7178318494\index-dir\the-real-index~RFe5823b0.TMP

Filesize
48B

MD5
fe614139fe24e61058067d3c6b04bcaa

SHA1
d7e77d6cb907f2e14b075a17f9620264287f505e

SHA256
cb62bc998055b40a8e7ab06e66d486adf94f0b0451e60b8b6ec05a7a4f9d3589

SHA512
2949a263fef3a32397363a92acca9cd3054f68d5bce1b95ba736e61249377b70c973d4d8480e069e97dcf649bb086be4d5183c48b68e5622838598cef6e1c69e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\da9883fb-d7e0-43a0-995a-d2d89734a3f6\index-dir\the-real-index

Filesize
72B

MD5
b61070ad6a9b35711b15988cd735a83e

SHA1
78c952dbbce4b4a023020c4d04a638b73ee42004

SHA256
6d5a8cced8f330d0a84233696445431172321eef1cc6fb7eef70201494a05c4c

SHA512
ff001fb094a6ac96e92ff8c79632ddf6b99aa2993439c8ac922511008ffc4cb1a30eaf21889229dc2d96282f948008217eb3cdee924717ec4cb6755e059a07d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\da9883fb-d7e0-43a0-995a-d2d89734a3f6\index-dir\the-real-index~RFe5824c9.TMP

Filesize
48B

MD5
1208e1034b908399979555d5770e99b6

SHA1
f1b1c6af98e0858ebde6f546d50e29a51b29d85c

SHA256
611abed828dc935cf6384cb59b58ab5c6d2c792f7d75f813f7ad85467b2202ce

SHA512
6ababfc342abf5f19fd3eec06db7eae77432011bccf8b6dc97ab09a0018275ff06e9fd391e543237587249343020c1dccc700bbb35354c445bda72e8a4ceb46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\e68ccd4a-864d-4848-ab42-083f866e1de5\index-dir\the-real-index

Filesize
72B

MD5
1abd49d8e3647cd487e4868b5b3bbb86

SHA1
929033b851febfb3cba9dec56ab2cfef43b2f64f

SHA256
e4fb3d06ca85d8a0b4a60967b688279baf806f25af3d4eea2ff8468b68cd0122

SHA512
1f41b975db3768762dd0e5f0d90cd4a26a6e4ee525f2304ef3bae91e1ff4c6cbadf8e9f632b8b661b7e28b09647f660d5ff1424f37f2dd0afbb4b2cab15a98d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\e68ccd4a-864d-4848-ab42-083f866e1de5\index-dir\the-real-index~RFe582546.TMP

Filesize
48B

MD5
4266eb973002497a28ebee4660a4188b

SHA1
c8375d31fce76b531032049cd3abc72c868dd935

SHA256
5a4bbab7ad06f1987b31de3feac627c632621501526ea6cff3aafb8d42a9569f

SHA512
72d1f5310ef76b4afaa25f1fad5270f2d1d5ad8d4ff989d2599ddf9e97bd768c09167e3c1ec6a32801c53edae97a335294705ebacc389d147208997ddcd4299e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
94B

MD5
c0f86c607497a1d3ef499f16acd00f1f

SHA1
38ea4f7cc2089992954ed36bca88cd9151d98e7a

SHA256
57747ae064d0ca3d0290ef996b8319a46e27ff426d860c8c4db8b71a83e542bb

SHA512
be9b084624f57cbb15736de83af25fa78bfeb707408b6842c55bb12d16828c0b2720d5fcd998d19a00d275343297aabfb968f5611ea1d667f438e7178f968757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
154B

MD5
d96d3179ebc48504bb60e544f0df1663

SHA1
954a15d604e0127ba2a6a4c177a67388e928248b

SHA256
ab4888f963e4a0828765488c1ab481d822ec0ab5f4002bcc28da793c7ac44d6e

SHA512
47686af6b8464928048c53a0a605cbbcff82ec637e699effdd3f4db6516219c2f1953910169f917a20d75ca84a810f35c32de82104228804b190d30e3f308a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
215B

MD5
7f39d4badf4a765e342f9b71841d73d7

SHA1
8f5212c463d8c10f420207b4c8e2ba41748dfb6a

SHA256
b23a3f71aafb36ae9176b0e16ecaf593a3cf7f6a285a353fbb6c5e45b39a85ab

SHA512
084f58bb2d5fd1ba492a2a2379a5ba5e2fa17827250972b149c7e8b6d101d902bd5312359398e86f81e98d5b09c612259182f228491c5fffb3adf105beb89b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
212B

MD5
6d31603ca711b575208eca9abe83b6db

SHA1
8e1a0225f0822ea072e25a2a6e048c08724065ff

SHA256
b4d712952f1eb499fee46adabfebe35ec8a7a93a20d11ad3a372539fccebec48

SHA512
4ec496efd04ddcb3836d5481c32c976d3b1812d178926ad05960c48c1b76373bfab598c2cd3c4d0e501cddf490460039495241e05a041b23884528e64b831fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
216B

MD5
b708b9f2661cd89ec932d141001e1852

SHA1
c2d3b21f7bd4b78ff8d335359eea9c794c0bfdb3

SHA256
03775e363fa2d2aa150df40847ae82eb1ea51294b6928ee33d37d06012472334

SHA512
b234e766c82d74da55221597d651c6d882607b0aa882909b42a12e28ce2386177be0791926c7a5cb6ad0dbdcf51613303d7ec8418a1d7ff59e374e004305157a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582229.TMP

Filesize
48B

MD5
b008983abd6eeecaf5827cbf179a6195

SHA1
26cc7b78429fb72c7de5b55950a6ead8755964e0

SHA256
d5ef5e5ce7e3299158a1ce67b452d96a6a10aa1cbf20a0c79828689129be58e5

SHA512
d1d88c7611728afb3d4fe768483a9676d22a166147c32877a1f56d5431cd58381dfe5bd0db30b061d0f6c5442d90633695fa08cfa98900f9459cca838336dc1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
72fa2c8a8a7940f0a639497e2f546ba9

SHA1
76334180ccb2cdf20cca6325c40daaaa0de8b4f0

SHA256
03aa339e61e4d3b3b945bb68f7d002efd5463a7d36fba8e4212595b73e45d1e8

SHA512
01b2c927d89861606967cd9fc526462a442922743334b9b7b8f1cedef2e7b8d9ad4d1ed31a8b8b015890f4d38872f0b3e4859c95be1e803d26be704bcfdc2bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
582415cfaa7f80ca36021043434fc598

SHA1
9b63f53d0bca9e070cee2a28a71cd80f7cc1f56a

SHA256
dfcb3de9827cba9b85c1f1b3215d8935ef6fbc5a106956c2abf2f1ee47a50f93

SHA512
f9fe1705b3942aa5cdfc65b9b3d253a4da1b48d18fec01064163ab2067715ce01664b87dd39f9d3612803700401e7d08a04920f87c9680d43aa78f9227d350ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
18731bd92cdac23f80734051bdccdeb7

SHA1
649b6338cd2204e2751b88b6e7463f0245ee5245

SHA256
13c484471828daac4aaccc5fc4702b46bf6cad3624c699410658131017179122

SHA512
0335ce83134494a2f5041a7f90815a588151b5f55e183a9fe6b90afc625f26513d6ee52a613dbe57c01eb35d91ae6e1ea8705b424c4d80989f2e339a09d267da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8929f92ae249248ad38a3db9098ef175

SHA1
aca3da856072906ec1b3dba67e157bf843903881

SHA256
2b03ca528866f726c3bc221560f896df05336946b18a6c78558f8bb226b9f150

SHA512
e4fc1d387fb27ac027d17271547e0ffceb500fa746b6e439e9ff926afb042fa7a3536a1b690d54616d05c531bbaae5a3a029f8aca1d491bf2742fc87781035ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586443.TMP

Filesize
1KB

MD5
4945be23c0176a2c79166f1408c9fdb7

SHA1
0242d679fdbc08b2f8d91cdac1e959fbcde06c44

SHA256
cf776368e2194a139043d803eb6bc8672ddbe6e548edc6add0c20d29639ce975

SHA512
73a62080eb79aade45f0824cda12a973909425ccf3dd3fc5fdbb027bef68eb39a6f24cec67de5350281b984cfc5b790c7eee98f16c1f514e6897462cf60d64f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3dba943db9f08ad01a6d94ae113b18f8

SHA1
b39dc60e069b0cb2ccc503d89988f84a5717e4f1

SHA256
c7188f238be4b58ed2f4675cb3903f46f173faa027477dbce473c7f6436777dd

SHA512
b4d19de8b7fe6a5bb6d099eec9e41876015d7574fa287a27172d49831069fa450beb8f9834a30d8dc1137db6613f39374f212522e5826aa0399c5369f6eabea5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit