hxxps://zmia[.]alnucresc[.]com/g2PK/

Analysis

max time kernel
145s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
15-12-2024 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zmia.alnucresc.com/g2PK/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4956	msedge.exe
4956	msedge.exe
4060	msedge.exe
4060	msedge.exe
1824	identity_helper.exe
1824	identity_helper.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 2488	4956	msedge.exe	77
PID 4956 wrote to memory of 2488	4956	msedge.exe	77
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 1896	4956	msedge.exe	78
PID 4956 wrote to memory of 4896	4956	msedge.exe	79
PID 4956 wrote to memory of 4896	4956	msedge.exe	79
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80
PID 4956 wrote to memory of 4568	4956	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://zmia.alnucresc.com/g2PK/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e3da3cb8,0x7ff9e3da3cc8,0x7ff9e3da3cd8
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,1940898385428176105,12938431420945746359,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3164 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\532d864d-0af5-4f11-89c7-acb7219a10f0.tmp

Filesize
539B

MD5
951356c9b3340d276d22c53eb4ac9108

SHA1
fe5dec4711c6be0b399eb42e01805e869baca2ca

SHA256
bf256e2abcc093eb2e847536095896a797524a9c83f34172d76ea03e65c3c24a

SHA512
4cf96e3a04cd288dc99befa46c24048d1bc676eaec7bbfed09b658d4bd769aea0f4591407d41d7552cff68cb6a783cc66536ec184d84d541873c0d8411bfb196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
baad953f6a7925f67891754fc08b123d

SHA1
e3fd6567fb972c1e7f94321f330ec8fa9256c08c

SHA256
a6fed7edd0f88a7286d06d6373876e5a0add1725d4f2cff8428a20b4fda6262a

SHA512
937c0246120e53780e66326032eda7701f70f52600c0df03f73b1d2168ded77186de0d0d5471f36ad067b22e6e7514237fce1e64e4cf40c57205d9edb1e537d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
548ece63459c3d2fbdf6d23a68a18249

SHA1
ddf6e23a65f9fedea893225bb78c8515aa7c3de2

SHA256
94be2e0ea1cbb6472dfa1303917924ee57012de6fe368079350adca643327605

SHA512
7cb70e18d6498d381cabf0af284c5785d460ce0801112dece49ec4ee6c841a2f34631ba3a310d8251436374890d49ba974088ead7cb72763dc6e98fb6a04f23b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4b137df37feb9463fa9d7a96208c8f41

SHA1
f1ed06dfe0d24a271bc8aa4ac365bb9f5f4c1eb5

SHA256
4b7d308aa54a115ac97815b4d2b54b1a6664cb1cecd1305cadb61e502a65b759

SHA512
c0515387a83db3d83e7a4f976c02dceb21f1f2f9a47c398f8ef4850ecb2e8b090138f7c977f61a45240b1ce72159105e35a837eca0ca5fdeed4a41148e5af663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
06c328744f576776dee053ad163c9f4b

SHA1
70aa2b19a7b9508c62696f625bc6585f6613e2a9

SHA256
beb7bc4284a52bf6cd6cb68d4e39f094c67d2db1b2703301c0a4e2ffad960893

SHA512
60f20543fe277428928524111f73a9a35b2fc6b74042ba02dea75ca2b75a836c8056133f3e872a6165e1408febd0a00ade4637cb3ea788f2230990eb70d08751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff44dec2d7a0dee34b133d43def698cf

SHA1
af6bea881eb5b6e22c235f6a82a4b78aa6cf7a60

SHA256
01e605201d93693f12b2dfc4034d334475c140f9faa2f7f8dab63ec8d21b351e

SHA512
3fe30dbc96ecc66e8e16185d7c147f5c6801f378e7d3aa1542e360002be77546fbb536f97c6f67ff632ea279704eadfe975f2975ae92b8f6f60a02f84e4d0fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a776450ef261b0be68f25a325b581c61

SHA1
938176f733862b32359a5944b163f324dbac9d05

SHA256
6c319067212c8e619566880c8a9a50a3cf69181715d34e4e7d3cfec4a3fd8187

SHA512
c4c68a0984de8aa1b95dd07103c405baf5534e2b03040acf501b2d1cc4f84d4d6d7e69241f6135e255524f4c6b56d35bd83f979c040f982b46c191be9dac97fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
011a82626df9566e4628795dc84caab0

SHA1
b640c6baf65ed024f96dbfd4cbedeae2af4674a1

SHA256
8d116bef55f644cf08cfb6fce6d899e9f77261c0f05eeda44585fd96c18caf0a

SHA512
0740ce7d71a451e88e3bce58da3844ebf5868dbb540f47c0c7915724c0bdc77e6accfcd84efc121f1fb6de36f8791f94625865632ae44eac9ef0bb4c71e986f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6643bfdd389ab875ff93fd5221c7f3f

SHA1
195abbd7e308aa11e8404992c183e0bf16b81c64

SHA256
afa0c345020be39116c821e0480ee729867178c0106020c8129322653afe778e

SHA512
9260442d05e20148e19b6bc2420f6776248364567f79437f60b8678b0a448dcba2b13a6b97b9deee9b5d302689302121dedcae0d74be896d5a59dda572aca116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
65c50513534e43bcac731b5d2c8e968b

SHA1
e3ad64111f23929e435d6a163e9e946bf27577ce

SHA256
b18f7497330610f333b28915d687dbb5b23619b5b8ccc4a65fd6658dcb88b7b6

SHA512
7e095a1e51901333f1ce3e718fb55f35c597eb00282db85dded551b42dcab607f820c932bb0aecc7e6290a95946b2f92ebb6f2edf391257cb7eee30189f72e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\01c21de8-917a-4fba-9c32-1a8449e82e9f\index-dir\the-real-index

Filesize
72B

MD5
898a479f4c188c6b1b7c15b74f60a3f5

SHA1
71e99e2acc2bc2cb5e3e4dc2525065c100b5386c

SHA256
4139f367ff296fcbf707ae72c0761c28ac950085c301ae81c4aa6fc62c2402c6

SHA512
78c7ae2962ffa80813012ea3431c1615e1cfaf28bf5ef24a0507135d8667f67cb28c01d174f02e6a239cab6dd2a877147faa0bf3d43f229ce77c2717862ff9dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\01c21de8-917a-4fba-9c32-1a8449e82e9f\index-dir\the-real-index~RFe57f889.TMP

Filesize
48B

MD5
8e41f7d0d6e6ea7be9ed95547df9d295

SHA1
98511c0893684fe35cd6123681cfe9ef5e91f99b

SHA256
6beafc08a993d827799cec639e0967a722c13bbe62c46df7efca51095d6c8028

SHA512
f74d8f709e2470a3bd0c11b8eafbe2235f3eafe8cb5d883b410de746cb443069260d2fc88176de6a94b6f73173e385bfd4ef87815378390b787a20f49a265567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\a01cf82f-989d-4f32-a58b-8f50e36128c1\index-dir\the-real-index

Filesize
96B

MD5
5e2f502e8bfdc151f4cb6ec084e641cf

SHA1
018cb477da641fb4e04d2502497975dcadb62d8d

SHA256
11001be2bfb62573175b1347d73e801bc862b693b271e5c6b132b5e773e5d1be

SHA512
73b21d9b13459ad93cb42d3d72d06a60ee96c3507582773abb38cf726f2c5fa26874278cfe19d4a71dd3b14bc80a2ede75863f51a2a2999de06ded8be1fd6028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\a01cf82f-989d-4f32-a58b-8f50e36128c1\index-dir\the-real-index~RFe57f211.TMP

Filesize
48B

MD5
bc9913b37cf4020e37e7e41d97fc2ade

SHA1
5e261e6413ffb1b747333c86f29e464e5458d6a2

SHA256
b0aad76a40de22de478499a0631baff8e18ad48ab77391e5c93236deffe148a6

SHA512
4937ac9f7fd58627ee705d0b8438fccc13db94c09f9e6db1f8f36c6269bbce9cfc07f6dd563d99f3ed1f86b7f6f036d9339a580f2cc82def021f4783e616c2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
107B

MD5
3439bc31b58f3b0858726f2ad08bc230

SHA1
ff0fbc8709b5d8737a7baedeb5764ea8ebe51a33

SHA256
3db9a49c685c693fec69eb812a0e1ac480b54fbf004f959014a851b0e3530034

SHA512
2ed6feccf6693776b54686526f30b933660741b5cc56f5a233bc6a3c0bc2f780f88c93152facaddcd26e5418b7907a0b757b749e7a2ced6cf5784533e068c9f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
181B

MD5
584da1b4dca15c3b9345a10658d5695d

SHA1
3ab059f0586e3622b4967eacc9550fa754d02b38

SHA256
e12fc784d28b73aed21ffdf1036698f5ad614413dc14a71ed4b7b29696c6115a

SHA512
609d67605233ddff013eeffe7020190ab0493baefe548d13bd532b1e95f4c796b5ddfdc4984c0768cafe6cf3a7599fcb84099218c1062607703a22929a7bb818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
175B

MD5
4756702078f4aa787dcd53e89e350fd5

SHA1
7a98e61f5e39c97cd90a35c04ca6b6f362305a61

SHA256
6be78fa20be4d6f5487d0609d5623d7a75aa935726d1eb0b67b9ee7e1612156f

SHA512
3e6ba0ab2a1011c43409c9bd2018a9d846aac1f05196029c240c1aa656e9ac92cb2ad04a82e8b6e6ed07a7fb2ed4a988dd6eca63fb27dd8dc6d4872ead58ab16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
9d3530b37380ccb1dd275622bfdf3267

SHA1
cf2f7db04e3ff0a194a6502a67e163ffebd397f2

SHA256
7ceb5780b55f97edfce639416a79ada17cdc718703f04df17c679e427a120445

SHA512
50f373bc1e991cb7b2736b90579a5bc92601840256ed2d873413b4f43da54bc6f09584160db76d18f90c1c1456257107b161bc6b77d1beaacbaf1089f09710f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e3b5f38e707282111c1187934865cf9

SHA1
fdfa3be69c7594064bb725e3a9c44c13c7df84f2

SHA256
32a2d4987aa20eb9db62dde3958d1a58e101f832c627aa527623699a2a9c130b

SHA512
b2e8cb77052a480bb92a7bc2cefd34c19e8c3f184ee7c76215317eb01ec1b1cc7d28672c5107a15657b2573d82b885d0d1b7774f1731b33d77e38cbadf257a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b8ab3e9846e389774105307b7290a685

SHA1
d2328f90da79345d988c6f12f65403a77f73d7cf

SHA256
9959380b6fd30e909669c28c79aac11acdfb2314b5e7b7d9869de47321bb276e

SHA512
b572ef7a708b2f0b07736b18d8b56db21d1f2243f16627698584b99586857fc81c9c689ba11290ba65ccdea0726943889ffcb043d12b97aca66b8a3661ff21f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
af8d8e315d4c22d2b41fe0c6bd12086e

SHA1
813f2b0d4b22e061acc74bc9233fc3e3102c337d

SHA256
0a544fda929039fd0daec9c6b693d98301fab82e4d429b5f4e4b423a07cb5358

SHA512
717dd4a2d3c46ab72cabd3831e5bb3f59fb64d3c4556ffb7c9b909c9a574054c04ea72c9fd3a7af36b9b9605cc90521ef7c0693ddad140a200ccc9146bb8e3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c786.TMP

Filesize
372B

MD5
77b1d16f4ec8a19cd1d0fb0d90843ee2

SHA1
75d09be7fd6cab6f535f46171b740d1fb97f65fe

SHA256
8f6ff79141c11e88b1ddffbf136a24c486824475ff6fed5ebd8b256adaa8d3d1

SHA512
e5d3d6482905f2f2745320657f56806b179c18922807ec1da83620ff313f4d28980d89288d898336e30fb6ab8be0fafe59e3dfecfed4289f340f0b905ac20bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1385e9da60758b9c489521cb906ca392

SHA1
32131d404fc2c922777448996c96f448084d3565

SHA256
9475ef66564d074d2e0edd388a64f7f7aec25aed465eb715b33694f7256d425d

SHA512
7627b175fcb139f989e21c99d71e391923fe86a53e7d6c23391b2a00ef62e70370abf2a251fbfb78418953e63ee50b9a5ace150539366c6ccd98e82cd9651c17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a2927b2e35abfccfb96f69977e514b19

SHA1
59620872e90b5fca70a28f36d3316579178400ae

SHA256
9e6e0c7079d0e893fe6605662dd4c06eef6f050afa36d312c2b3243a7819802b

SHA512
51763e9e92e7b3e16acaacaf3b8ccd8c77c2069377d7ef995c5c76e49bd41d93c1bc0c14c2c08abfd6134264336e4bc70d7afb028f4e1519ae94aac16c8649da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e104947a25a45d8963a9af3e26615715

SHA1
834b5ffe5cabcd41377b5676a74276f9d9ccf92c

SHA256
b87ee1835966ca21afe1c22df1b9f20515fc2c630d43f1e55b14274c30173ebc

SHA512
ea7cedea44381999e1ff328d4e8e4959c33179da12d0d08ec926ddc3ccc113221ccc410840fa7fe4aa86212d56d5df40fb7c52531d85e35f86751f6ffbed4b8f

Download Submit