hxxps://links[.]milanote[.]com/uni/ls/click?upn=u001[.]qLX9yCzR-2FsrNCveODBYktWd2QtsYHwBxjMjZ1TpW-2F9lZdAf5STwUhyaGQHzHPUx-2FNQxJ30vBX2Y81zxqoisMGMqOvOyKqTzQA08jTvkGdkXIRnTIJ74clhJV9FJLnnaAsWFoxEWqxKk-2BA2qeCTh-2F6Q-3D-3DW9d5_WA7Xc4T8Sqer3xyrekkmupnYceSwGsGdnamiEdEsjajhLqFLe37BsQvKgGbBGvdfQ6X0Bzm-2BFw9u8QsnNTCp-2FHgW3vwJN4gW6Pyy8ta9v8zHYqFF40w2Y15HXzHo34nGRQzcj8dJgKQosHXbuP4-2BHtLJErXZEbJveQs5qmsyFYm8hTwPJ-2FSnBJiEloT65ph8

Resubmissions

12/12/2024, 20:42

241212-zhb7aaxja1 3

12/12/2024, 20:41

241212-zgkf9swrhw 3

12/12/2024, 20:38

241212-ze8q3syndk 3

12/12/2024, 19:08

241212-xtbzjstqfy 5

Analysis

max time kernel
66s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/12/2024, 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://links.milanote.com/uni/ls/click?upn=u001.qLX9yCzR-2FsrNCveODBYktWd2QtsYHwBxjMjZ1TpW-2F9lZdAf5STwUhyaGQHzHPUx-2FNQxJ30vBX2Y81zxqoisMGMqOvOyKqTzQA08jTvkGdkXIRnTIJ74clhJV9FJLnnaAsWFoxEWqxKk-2BA2qeCTh-2F6Q-3D-3DW9d5_WA7Xc4T8Sqer3xyrekkmupnYceSwGsGdnamiEdEsjajhLqFLe37BsQvKgGbBGvdfQ6X0Bzm-2BFw9u8QsnNTCp-2FHgW3vwJN4gW6Pyy8ta9v8zHYqFF40w2Y15HXzHo34nGRQzcj8dJgKQosHXbuP4-2BHtLJErXZEbJveQs5qmsyFYm8hTwPJ-2FSnBJiEloT65ph8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
3616	msedge.exe
3616	msedge.exe
4668	identity_helper.exe
4668	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 3860	3616	msedge.exe	83
PID 3616 wrote to memory of 3860	3616	msedge.exe	83
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4924	3616	msedge.exe	84
PID 3616 wrote to memory of 4752	3616	msedge.exe	85
PID 3616 wrote to memory of 4752	3616	msedge.exe	85
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86
PID 3616 wrote to memory of 2816	3616	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://links.milanote.com/uni/ls/click?upn=u001.qLX9yCzR-2FsrNCveODBYktWd2QtsYHwBxjMjZ1TpW-2F9lZdAf5STwUhyaGQHzHPUx-2FNQxJ30vBX2Y81zxqoisMGMqOvOyKqTzQA08jTvkGdkXIRnTIJ74clhJV9FJLnnaAsWFoxEWqxKk-2BA2qeCTh-2F6Q-3D-3DW9d5_WA7Xc4T8Sqer3xyrekkmupnYceSwGsGdnamiEdEsjajhLqFLe37BsQvKgGbBGvdfQ6X0Bzm-2BFw9u8QsnNTCp-2FHgW3vwJN4gW6Pyy8ta9v8zHYqFF40w2Y15HXzHo34nGRQzcj8dJgKQosHXbuP4-2BHtLJErXZEbJveQs5qmsyFYm8hTwPJ-2FSnBJiEloT65ph8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb753646f8,0x7ffb75364708,0x7ffb75364718
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16244950757666619993,14610124179943188469,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16244950757666619993,14610124179943188469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16244950757666619993,14610124179943188469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1356 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16244950757666619993,14610124179943188469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16244950757666619993,14610124179943188469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16244950757666619993,14610124179943188469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16244950757666619993,14610124179943188469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16244950757666619993,14610124179943188469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16244950757666619993,14610124179943188469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16244950757666619993,14610124179943188469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16244950757666619993,14610124179943188469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16244950757666619993,14610124179943188469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
46KB

MD5
a08e140163ce1c98cf4e59dd0e653d0a

SHA1
62af556461f2a0ddd8c2d0fdced0ca60fbee306a

SHA256
8347efddea8f834fb12ec4987803188800d9e69a633dcfbd5653b38d29a443ac

SHA512
0609d5d1a8580a840fb157c04f14b1bd926973dd537705c746eab737401cd489026d02036b3243a523d3f9d60128f8d46be5d1ac2bdb441d0e4765ee4ebf797b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
133KB

MD5
46bbec1641b1f1de9e79544e741e1ed9

SHA1
9dc43aba6c6d71344ec436582aecb7a1e1c94fcd

SHA256
0d7204ce373bbcd8bc632ee4552dc119dcd0332068f5736fff981b9c23d09a70

SHA512
956caa907f89e2277bf2c7af8218f6b3c164d811f9422554f704b094097ad48158d50a8e21790c5e291291157d52dc27bc6c433ebf8bee5a5d653e384eb6a08d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
147KB

MD5
1430cc35dc9c0a100e3d4e456d55a32f

SHA1
24e8b18f92585ec4440e24b68e42caaf474bd073

SHA256
34ec056dded521c5ff5be709d69e559487196ff911527dc6b5b004bfa9522615

SHA512
9751afd37416ef6382df699e90fcf6e756672727f664af23366a97210fe56ded06cad5ef3397e6c66a8b4bebcc0cf67b44e1833734215a3ff5261622dabe5efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
66538167dda41d7bdeb1874feda6edb7

SHA1
6a7fcdc83f631aaab765ac3adcc8c1e2589c8f48

SHA256
4d49784c887fd6518b6e78e76603fcb5210123e9f421e0febae110712a5aa039

SHA512
5d73ed4f430b7dcb67397e9e41073df701ede022087955e348b4225a99695951f1b56b244a8e6000527d9ebfc7a697ab78d38fc1e458b4b53559e662e2981b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ec9467959f116c25c053cd2cff0d0976

SHA1
4587f04e799046a500c56d3bf611ae8bcf8c686a

SHA256
b51a2797d64cf0f9517708e5865e1b4f337c1ebb69b8ca9613b5bb581353fce8

SHA512
aee61ccf9271ab635f7711e131380c43cbbf22712e3318d22cdde1a20a3b240a0c324acc5d309969b9da297e8b7e7b560d42b36838dd287c85968de54abe6654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e38f69c3870895101ccb93af0db141e1

SHA1
7de92579ea96dcc8f0e32ba9311bae58d300bb04

SHA256
91bd05e916c30cc290480cad503fa695a45abcaa5ab6fa8d13565776c647c7e5

SHA512
df7fc3b43728b6991441cb9dbe56cc32fea252b44527d7228e45944f00179320076bfa8259bf9c3a14f8de3db2abd2522ecd285745eaa45ef9f43493fe3197be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0cc5a47a77a2faeb46a03f3191604088

SHA1
f986da9b9bb7d7c80e766af3a3a99e7c7cbbb186

SHA256
c0986566d7c18d9e01aae47ae007969badc4ba52f9cd4ee42a67adcb8bc9cb14

SHA512
64bd77176a8ebba789306f5d9b46b63ace512b291d4772cc8710fb15e918fd2e422044c233f86657ef90de6f32705c71919e7dd1af79539d43d8ddc6da4f196a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
843b16e02dad73a23759c476fc15f9d4

SHA1
2eb1915062434b08e566478babcc3e940ff2c976

SHA256
9d93734111909b3a86a5fbb0b2cc20f82151639a38768bf9495388692317610e

SHA512
27ce36c722fc25770fe1a29bc6cb48cc5572fa53dd95fea48e0dd92e5d8f56fecde6261094fd84e47fa3505b5311d6ddc8e06e26d3721cd20e080f37333d5b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\0598c297-c2ba-4f8e-a97f-62265a251b87\index-dir\the-real-index

Filesize
72B

MD5
d3488a8f28286792f1b3298c1062064a

SHA1
52894830ba53e1a16072c75dcf0e90b1e2d4aa9a

SHA256
83e5e43edade6d512103b1846a8179a5f910acbfffe8b0de124a384c35adec85

SHA512
0cdb794a2018987b19ec110358030eae76da50fb713a8aac435acff49a757dba62d40a0a1f1e9acd470ae8dc8ecd2ee58e7c0a1619260d97b84406f3876b9a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\0598c297-c2ba-4f8e-a97f-62265a251b87\index-dir\the-real-index~RFe57eed4.TMP

Filesize
48B

MD5
71e3de51f558a3efb0fed37af4424f00

SHA1
4617e54f828e1f75d6863938cafb2101c2a51556

SHA256
17222e0e2aafbf6e3810b091ac2eb1702af7d4a2790e1c6e9e8ffeaf1b3a636b

SHA512
780b341585aac6606a7bc4ffe03868a9c3e71288601bc325282d14aac47d2269d657ef77996089d98d277e808e2ee69133a3c6bb94e7e40182d93fcc00fac741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\99e92ab4-49d3-476e-bd1f-add9065a33cf\index-dir\the-real-index

Filesize
144B

MD5
e535c73efa32f94a3285851cc4344cef

SHA1
b71248fb3bef2749b7336883da0534ae1a183d78

SHA256
94dd2f13573b9bd3ec8afcfb0132023478e4d00f41b1b31609104f8f3d5f2e68

SHA512
7077b40fc6b26a85b63d261752b2587b978571ba58dad85d7d1cd3e754ee53da2722d1c4121965200cd357d40cd36964dc23df4198971aee6a0bf1696cf69436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\99e92ab4-49d3-476e-bd1f-add9065a33cf\index-dir\the-real-index~RFe582fe5.TMP

Filesize
48B

MD5
bb5db6ac918fa538b19ca3369d65c1bd

SHA1
6e5037f7f39c7f91b955ce26b8139d1a4dbf87ce

SHA256
9efd9f11270f81e15561eee596f3d347c65f10abc33c947858e4625119efeb31

SHA512
723d87bb8d3882c60b84d5ba4dfabffc2043dd4218f5b905bd5980255d561c89c9aca925a8a021002602cde766119be87b4432c0e683af7fb7acb5a160b0ad29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
92B

MD5
e730c36daa3e7a83e0d1a882874b258a

SHA1
ddc0f8e8ea06981e687cd479844bae44da2a4ba7

SHA256
35bd6ed4d6adbcfb0838ddd720948c6bc9e15b6c9b6098231f0baf328274ba8f

SHA512
39b25d94b4f4647e14e14d91232a793804e8e07d7b4e63e9a5af955292ea895cf34037d9b18576014c53900c7052d218918c99c97479418ebfa7c7463a3be18e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
153B

MD5
81220f11dea9b9621f2cd85ff1a1c3da

SHA1
faa797c67a38817df8c71480a4bd167bc4e33ad2

SHA256
a6c3a1cee41d76e14948bff8183bca750baf7900ff6aa0648116051a7554e00a

SHA512
71e1c877697ea61c11935e5553070a106089024bc07bdc39ec46c2d070d944215a62054240055fa8d215c7c9db3fff2bc1c39fdfe888cc9cb9834daaca4a9756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
151B

MD5
fde1b58a218ab29cc88eff8e1fad3f93

SHA1
f7468097c288b73169287dc2e81aeee77655d592

SHA256
a3f137631b64c47038b40b064ac04facaee5e623a1a11aa973a640fdeb6ebadd

SHA512
9f1b7c30eeee76b865755de455bcee0d429aec527126d35b64fc64717201452295993c2ec0faf0c677648dc6849ad878d1c01970e2371b574d9a821ea0dc3bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
216B

MD5
f78352ad48ca48512a82915ff32585fa

SHA1
0dbc174b3c52ac70c68499b7e4b6a8e4b22d7191

SHA256
6abc47c1d316e0dc6251d1ce17ee3c2a159f030cb866a8dfe5c9a6fd15d0e65b

SHA512
2461e50db9f080650cd3431b7bd1eaca945b4a469dda657a2d55cc296bf79764b91a25420202cb4706f3af95522f74011472f2a8c693dc5d5cccf38c9972e550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57edbb.TMP

Filesize
48B

MD5
7beb789dccd58ecf4ce717b6423e471a

SHA1
b973e7bf5ee60ddb21fb2fe9c920e6aec5e19d2a

SHA256
073a6250b41c1d108665d5b0f43e4fc63ce4cc379606d4a6709d949284989747

SHA512
30a1b02a7d3d2b023c0ee92a3e055d862073c5c0f357c2e0fed9f6b85da1f3e9d1386f71a586ebe999dbef309e70b617c9e1985edc8d4312c4eb9a2a29f7f017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6a539bf752922e10e3275bbc581b331d

SHA1
a7675a2211c46b6e22ffaabe9247edad7ba150ec

SHA256
4f2e8a142bc65955e09e496814dfc0869e38c4e2bdc66a1f7fc1950fab3ac8e8

SHA512
0b8651253e0f3af0a1c03e4ba4fd79ccab771a4423f93d776e72212a11207854aea07b1a16eb6b388dd6d1fd271eb9341cfa69eb4a2c950e0205b13dcb8c200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e6d913f7dace513953dc7ad1763c1931

SHA1
f08bd02036477853712ce67c00488b2558af4070

SHA256
6e9b73e288461e9d1f003be55cf3d3b88d081695da8cc4d927972de4ba783744

SHA512
7f2d96eadd98968165dd08f917cca2999457dbb2b02ae50732d5c49f975aea45f8ef1be4c82f04387e3102c37ed401058eb08e20aaf090739f8a777d1888f840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
91ccce51e71100bbec4192d40a56ec42

SHA1
789d6cc1507024c94b15ba65fc27d4f09fdd7ecf

SHA256
9ae229612c7ff62b0a5ca084561f35e5c4c0361da35949dc14bc745961766d81

SHA512
6fe990821757e8d0a3bb65c9f8b2180f0ff731196ded071ed13cba984b9f93ec9c6c211ba449d8333134f2de5022f2aa4a705b2bc27cf17fb3779a599d917467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5808b5.TMP

Filesize
1KB

MD5
b6aa319f9cf7a45e11c9a0a8a0a9281a

SHA1
230ab9d140447e6615955ee77ab6fd7b2cd403cb

SHA256
40938b7836cde22a213754224dcfac072b1a547b10e37456d73aec5596848414

SHA512
a94a5e62748157cff6d5d97dfcc406c89645c14a7a0e7056e878fbe20c6e5a9d3ca86c079954e67c0bbdb67a422848d93805f5d762a38fee717a5e3845523df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e68a25a8-88b9-4d86-986a-314f685ff7f0.tmp

Filesize
7KB

MD5
41c474fe086c9a2203413ef146f99910

SHA1
7c3e83c0491babcf79908820c9a6e6d91829fc23

SHA256
1e49e7bcaeb16d65a676a0d57f9f3addf1e9b6f0648bac7a2d2163308716e9a0

SHA512
f72fae6a81a3dcef6404990be3ee9034af02ea9bac9bf331398da5c0187f30a2336953af9d2b1b5e75017660614cf2aa55f7a6e1c96f4b055ca14ce4d4431f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0e76024f0a81cfd97787c8248249dbcc

SHA1
d5521fd4c48d65974500af61a87783844a3279f2

SHA256
4a502c0d7f145708d51d3a408601eed442c7c6dbdf4432f0457bc00a958913a7

SHA512
91671819db198b891df7a9f1cfc759b9d3f25c6ebf9061b7407a1c089c7d42ee256bb66a58f2584c303bbe4abde66415e579248583fc67a709e406f72782a558

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit