hxxps://links[.]milanote[.]com/uni/ls/click?upn=u001[.]qLX9yCzR-2FsrNCveODBYktWd2QtsYHwBxjMjZ1TpW-2F9lZdAf5STwUhyaGQHzHPUx-2FNQxJ30vBX2Y81zxqoisMGMqOvOyKqTzQA08jTvkGdkXIRnTIJ74clhJV9FJLnnaAsWFoxEWqxKk-2BA2qeCTh-2F6Q-3D-3DW9d5_WA7Xc4T8Sqer3xyrekkmupnYceSwGsGdnamiEdEsjajhLqFLe37BsQvKgGbBGvdfQ6X0Bzm-2BFw9u8QsnNTCp-2FHgW3vwJN4gW6Pyy8ta9v8zHYqFF40w2Y15HXzHo34nGRQzcj8dJgKQosHXbuP4-2BHtLJErXZEbJveQs5qmsyFYm8hTwPJ-2FSnBJiEloT65ph8

Resubmissions

12-12-2024 20:42

241212-zhb7aaxja1 3

12-12-2024 20:41

241212-zgkf9swrhw 3

12-12-2024 20:38

241212-ze8q3syndk 3

12-12-2024 19:08

241212-xtbzjstqfy 5

Analysis

max time kernel
62s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-12-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://links.milanote.com/uni/ls/click?upn=u001.qLX9yCzR-2FsrNCveODBYktWd2QtsYHwBxjMjZ1TpW-2F9lZdAf5STwUhyaGQHzHPUx-2FNQxJ30vBX2Y81zxqoisMGMqOvOyKqTzQA08jTvkGdkXIRnTIJ74clhJV9FJLnnaAsWFoxEWqxKk-2BA2qeCTh-2F6Q-3D-3DW9d5_WA7Xc4T8Sqer3xyrekkmupnYceSwGsGdnamiEdEsjajhLqFLe37BsQvKgGbBGvdfQ6X0Bzm-2BFw9u8QsnNTCp-2FHgW3vwJN4gW6Pyy8ta9v8zHYqFF40w2Y15HXzHo34nGRQzcj8dJgKQosHXbuP4-2BHtLJErXZEbJveQs5qmsyFYm8hTwPJ-2FSnBJiEloT65ph8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1144	msedge.exe
1144	msedge.exe
2624	msedge.exe
2624	msedge.exe
1584	identity_helper.exe
1584	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 5040	2624	msedge.exe	82
PID 2624 wrote to memory of 5040	2624	msedge.exe	82
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 3920	2624	msedge.exe	83
PID 2624 wrote to memory of 1144	2624	msedge.exe	84
PID 2624 wrote to memory of 1144	2624	msedge.exe	84
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85
PID 2624 wrote to memory of 4000	2624	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://links.milanote.com/uni/ls/click?upn=u001.qLX9yCzR-2FsrNCveODBYktWd2QtsYHwBxjMjZ1TpW-2F9lZdAf5STwUhyaGQHzHPUx-2FNQxJ30vBX2Y81zxqoisMGMqOvOyKqTzQA08jTvkGdkXIRnTIJ74clhJV9FJLnnaAsWFoxEWqxKk-2BA2qeCTh-2F6Q-3D-3DW9d5_WA7Xc4T8Sqer3xyrekkmupnYceSwGsGdnamiEdEsjajhLqFLe37BsQvKgGbBGvdfQ6X0Bzm-2BFw9u8QsnNTCp-2FHgW3vwJN4gW6Pyy8ta9v8zHYqFF40w2Y15HXzHo34nGRQzcj8dJgKQosHXbuP4-2BHtLJErXZEbJveQs5qmsyFYm8hTwPJ-2FSnBJiEloT65ph8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfe8646f8,0x7ffdfe864708,0x7ffdfe864718
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16775779700696401553,11692155126933143897,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16775779700696401553,11692155126933143897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16775779700696401553,11692155126933143897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16775779700696401553,11692155126933143897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16775779700696401553,11692155126933143897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16775779700696401553,11692155126933143897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16775779700696401553,11692155126933143897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16775779700696401553,11692155126933143897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16775779700696401553,11692155126933143897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16775779700696401553,11692155126933143897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16775779700696401553,11692155126933143897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16775779700696401553,11692155126933143897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
05f21f2af04bdd44f592858976344f1e

SHA1
a78da2779b9e809bf189516d13edc9634203c194

SHA256
0b83e35af7496b8a57403ebcb15140a4ca38e7d2bdc5a574ee84736137aa9407

SHA512
9a34926eed9151e7f5ce76bd27cabc9df997153c2a2366b2952b5c56c1598ab5d06ca9362d0e1b10e350d2b70e1c89c15b6a1f92dab26b6f587ffae90be2d5aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1394d5640abcdc29fe09ab9a6212366b

SHA1
3a7add79ad0e4685cf60dfef8c3e6b18afb3bd2b

SHA256
06244a30e750a60d28150607b05722adbaa694d29b6c15ad10d4f46f6760b540

SHA512
a7bb289d63a9a10755a181ff74b109f860f718352989925e18b8d04f7523aa5760a99a3b689f85df65a05454d8be19e7e71bccd93f70c3d11d6ed6ac7fa394ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ead3661ed1cba153ca168f0272f2236d

SHA1
0dec577390c65594fa354fba05747d2fc2fdc5bf

SHA256
0753d52e7d0d47dc37a0dffcd03492f2d51b970d7b18edf99446159ebef4f666

SHA512
f9b85a2d733c707f9f141de5fc8c9d4c329c9a094e2b578fcd21e6fc9e4cd141d3d68e502e33909bed302efc1377d9abfb2b52473969f55a537899f4a35dfb8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3720fd438acc915c1b2e781b55d19e3f

SHA1
5f4dd4a45106596b5bd64f95ceb048c9f4b7d668

SHA256
3eec656f85cf26bc6e6462447c6ed7f2e53ac44843e353d92505b093d8daa479

SHA512
69fd8335f4ffe39f5a8c2d68daa95912ec65d416c47e0e9b61a1243f2d693159434947ddcb2c0ef6d36187a0e438363a2e06901d8603303a6e18532b6745ac18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b9e436bae1c948f5285696126bf998a

SHA1
975748b1d25c61ed4ef9a0c85d6f986b8555d34f

SHA256
0e6dd24d12747247e1afc467f3f1ba3d5689a367d14c18f11ba81b646b6d23fa

SHA512
1a37e37b1762efccb47f54865fe2ecfa32b2c46254b14d19f33f65b5fc51dc56b19c7176662adead38218a4e221aaecfee9cc7ab3890760f0716a0263e2a0e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
99a2a615ec7953944ed8a299a7b3bcad

SHA1
f35bc31835799a1f2f4c9e2b862452a3ec565653

SHA256
e8d5f4cfa20827d81636d5a9bb3abbb822e913e821333fe0f41d46c0491f0df8

SHA512
fa6d5d1ed656c21756878807baaf6567e64556cd0d1174f925795793efe07eb35076db0cb7245e4f2bf9986512fc17bc56316415ec840f4b821f201c54bf9415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\021fdbec-0daa-4cf0-8fad-0a71e523a416\index-dir\the-real-index

Filesize
96B

MD5
1dc2a0d6844a7f9d953b63bc91151b2b

SHA1
b80553812f672c563d13ee6adb52b408cb2cf1af

SHA256
3e1f12441907c33d1120a8d74be33cb69577b59c9fe0f0b7041b64378a17372b

SHA512
bdfadbbd16bc751ce8a08749200ff7a1844c03560d4fb2cf005dc1df6ca84cae4c2f321a20feb590c0330a808bbbb983d6c65985508105c6b8744164cc9c9af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\021fdbec-0daa-4cf0-8fad-0a71e523a416\index-dir\the-real-index~RFe58530d.TMP

Filesize
48B

MD5
dfdcf3b20657a1657a0253974538411e

SHA1
312991553a4ad141a13e379e9d3f25ffe7e1fbaa

SHA256
ede171b93f96a27b5d7830ac271da200c5bfdd6484d7cc4c24dc0c21f088dd2a

SHA512
3f23a210b9a5f6ce9fc325671778f2be64d5a4ddb65b8032ef9ef56a52a71ff3644780bff0a8f20495766cb51d285aa70171024015e9d31c77a717e0ab8e0c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\0eed41be-95e2-44a2-ba11-0332dd90e3f1\index-dir\the-real-index

Filesize
72B

MD5
674653cb5cbb8b8ec99a4ff8646437d5

SHA1
2f5376d2a516eb09e19f07b5f5523d7580e93de5

SHA256
b711eb7e2659f2d52e8616158d81f7bdb58c39bd78f3477b2005255b90f4f10e

SHA512
c13c9779e897e082f721d4699fa6e55cae5a1dfe182a5b36abf51d1e9712090cd3fff09d4d8191c225ae671e4defe691d9c9753bf3f3adfbba5427b6ad51a357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\0eed41be-95e2-44a2-ba11-0332dd90e3f1\index-dir\the-real-index~RFe5810c4.TMP

Filesize
48B

MD5
0ec35345a83d6b3365bbdff375104d94

SHA1
1892a2dc5a308f205e9308ba314d981b041b053f

SHA256
466283d95f0d9837c61b0c7026f8b90cfda27bce4fcc4495672aaf362d5f0821

SHA512
35bf43e27f7376b16c5a077a830da6fd930662692a6a490d0cb263ea781040f6d5ee720677ff91f51ac086a2234b41d69b3c9bb41da15ea7b5b9ba2e3626c998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\e5bbea0e-2388-4f06-bc4d-9251adc09653\index-dir\the-real-index

Filesize
72B

MD5
f5b51368314fe6689b925131ffe5f8e1

SHA1
9aea014c35a29cabec20f2c77a9a5ccf31d5bb9f

SHA256
5ccb2c5fe635675abd43b2ba68cdbd8568416078734bf446744d78325a554bfd

SHA512
1ac5ee61011529ec87195f6faa4ef90cb4df34398cf0e4ef1e6d59c30bc2c20810fb715ab02332dd9b4c1d109455a684f634dd8a89ce84df48db5fe2f0dc00f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\e5bbea0e-2388-4f06-bc4d-9251adc09653\index-dir\the-real-index~RFe5812b8.TMP

Filesize
48B

MD5
cb52670cc3c3f798f1df4babd4911525

SHA1
52b36dbbacbb8cce3bcb497086ab9b4389532524

SHA256
c2a79101ad55e0e5ddd455ca8c8635c304f40da3a60fedb15e0d97268d25ffc3

SHA512
cc7f156f1dade0c1bd87d85c3797706825eea07a6341d34f688b67cc1b2ade03f8c4b9b33e08e6849679440d10a34d7408fa64b061df52d3c749b96685672ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
92B

MD5
f647de78ce36b729c09a042973ebe9cb

SHA1
cb2b4cf3964bf12fbf5f2fe09baa1aded0a0446d

SHA256
a15f06a7de8ebc87b14c482ecc54c7a983efbfff0890c970cb079411ae24948d

SHA512
786dfd787221408058b94614527138194b6953cf529e92c308880682f8154a1bb5165f06ff20cadfcd4670b3b5c62f86d3fa9d0dd253caafb8c6b4cc786d9336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
153B

MD5
47667011e9e027689340d11410daee02

SHA1
b2015aef3f14bb2e44f330af4a10f25239324fe6

SHA256
9b2c498264d111f0351e3a792324a6036af8d4b9ef5b7ddb8a6a97348ffa2aa2

SHA512
8ba446e168c2b4252c5a2a95e4d36c898bcb0543f295100ac5fd3f431da0c02ce6cf8f11d00dd608f667d3857468a111f4956177bc139407687817712932baf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
217B

MD5
fec5e003f969561b3f76c02eff8f55cb

SHA1
29a5322a7e350bba67f92e482198558f372eebb5

SHA256
29237d590842eb5869816c6e0443c507bda409efa2089f004f25d13a330d3fd0

SHA512
7ea5486e0f3c1b7400dc8a06394df64e2e7744e3ad1100f888fe46afec9cfa3bc7c345b1a3179c2141c86b54166627b82be454fe9c519305cd91d084169ff619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt.tmp

Filesize
213B

MD5
cb9acf21ff7152b62d5af43b33a6fd0c

SHA1
639d73a45d1648b0407e9f04ea40e62c0f10262a

SHA256
acef2d77124a235eac9ba47404f450e27bab710f1c564fdb7b6855414d1a9e60

SHA512
a04019dded3c18f9749f83ce9b73b09ba4833e0314cbdedc454d4ce4deeb6bd0115cd72ae0b238e34d8acd681da7b1d1db1c3e99eae97b9eb1d1f0147ecd757e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
216B

MD5
b9512ac1a6395796946891e3b3037f8e

SHA1
01f2795c04b1b7eb1e779904c6393f96a40c93c8

SHA256
43dd18d68b933a3ae15712f0ba911340c1add2beebda7711c65dba9d1c7a2404

SHA512
28f98bbe552f58eb169b6220706af61f992d649c0ab97ff9dd54b8e49846ee98e7c1613e9c576f4d81ff9d424e41e01a0b6e5088eafc0b37f118d6956060b41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580f1e.TMP

Filesize
48B

MD5
675a9062727c3f47dd9f1b92a5c61db7

SHA1
a968214365bda29b7bf4a5bc23509bb42ec57827

SHA256
b19bd5c15748fe0b471e4f393167a5e2127cfa794a2a895e2c257e37407e3afa

SHA512
82ef65e9c09736a26a9d9a5a3affee995b4b79d4e7ffb34f7f28ce4ecd1b84285c4622cd13ec684b715744df9c1d346db13a70e8b64fb504aa24def59e078922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cb07e674b8c4ca7fc7e8a123813f5372

SHA1
c57c94a313183680b3063139e4c5eb4dbbdc7439

SHA256
588a3457de02a2cea8b4bafbd9cc4f2b6afb3863ab727bc35cbd77f44f54e6b3

SHA512
896cfd6f7408446720fcdacfd086d52abea721ff1304a1f3c583050cdc7277d8f2f6cfc825c96ba5f2cd336edf034b3d00570e475372a3f9ca0c4b87b0c437c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
672e0e1564bf350fb347aaf0eb5278ae

SHA1
080986bb5675f8020991ded6b05f9d207a9b1a48

SHA256
ed0b74ae4405ef02996238888b29c5afca64457dd7334fbdb2bf5d0ac934ab74

SHA512
2836a5deebc2c2e5f2b9435883c137563568e228a5e71804ecd660f3e89e74a9179cb5d79dc1a9faf487180de3786fc1d68263fe243988579dbcb10c19684dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582c0c.TMP

Filesize
1KB

MD5
d87a36a0435e1caf1592cbd6e7ef2295

SHA1
a30c33741d141749341d2c1990213bcfc063f5c2

SHA256
6058e606097cdef27a4b036f33952f80a4e264647831885990b546e86dc84fc5

SHA512
4e44d8a9d4c035b47a935dca1a65b352ba5bb7569b7fc775b8c5197d68679bd754b86b20bb9626d238cf1e55504f82b99fc9f1b9845e997e16c411442694fd44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
38d90e97a3a1d47c2d930594b6f074b1

SHA1
c89f25266c6caed1e36614146b593cd4ce925546

SHA256
6f8f0170b83c3ba857a6d14c522c9545e919f0bc75d367ea318d3a3028555667

SHA512
e10a26153610e5cb553478910a70e9b10afcc11295b6228d24158e272a733cff996ffb171e1745c1a23f6c844ca5da8591e7a181b6bc86b6e3508ac8d7e6daf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a1854fe5407f6bf0507cabaa1a3cc3b2

SHA1
e0e766d736bf5caf7f9f19408d83bae7c32ad682

SHA256
a58e15ded7f7ca4b6724e480a710e4b380327ce8b173a745a3fb0c560a2e7b19

SHA512
af3d767b45ef7a9de79c75b51c1bcb374f666972c4ab152779244d571a76c6f4dfb3f81ca46cffa9dca272d036054152ff576cc83d74def512972a19d19811dd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit