a72c11b00d95b3676150e3787aab63aa06ba3f06bf7a0806c808fbfdaebd0c74

Analysis

max time kernel
145s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13-01-2025 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

266KB
MD5

07be022d36b0d8d7cbe84a168c4ff6ee
SHA1

895b5f1df21b4638ee8a41cab0352235de02ba8f
SHA256

a72c11b00d95b3676150e3787aab63aa06ba3f06bf7a0806c808fbfdaebd0c74
SHA512

6aba9a076a9d0934667e98068530493ab1362fed7762f4354dd7aa9576395915d11db17ab85ab888cd7666db1b94cd38b03bafbe8084e61feeb9e3e13309b4b5
SSDEEP

3072:abgRUuHLXaZZ9iI1kWaUlARt4h5UHaduIIAwtN+T5/j74:abgRUurXaZZkI1kWCR+5UHJIN74

Score

10^/10

google discovery phishing

Malware Config

Signatures

Detected google phishing page
phishing google
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1504	msedge.exe
1504	msedge.exe
404	msedge.exe
404	msedge.exe
2608	msedge.exe
2608	msedge.exe
2440	identity_helper.exe
2440	identity_helper.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5032	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 3348	404	msedge.exe	78
PID 404 wrote to memory of 3348	404	msedge.exe	78
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 4800	404	msedge.exe	79
PID 404 wrote to memory of 1504	404	msedge.exe	80
PID 404 wrote to memory of 1504	404	msedge.exe	80
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81
PID 404 wrote to memory of 2304	404	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd36633cb8,0x7ffd36633cc8,0x7ffd36633cd8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1644 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3272 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15575366165071617036,14188268610680561413,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3160

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
1⤵
PID:3572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
47KB

MD5
9f96d459817e54de2e5c9733a9bbb010

SHA1
afbadc759b65670865c10b31b34ca3c3e000cd31

SHA256
51b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609

SHA512
aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a533eea4f42f4bf5d4c8bbb2e435ae10

SHA1
376ca57b86b07d3750c038838966b515d9b96397

SHA256
99792657e85b643daf9c46d7bf21d5dbf1f865f006d75d50dd1a1945fbfdf089

SHA512
9fadebd631104dc373ea8c916bf527b24fec38f3bb2329628340d6d4646a606efcf10ba15fcfb3e3dd242ceddf94d093a903f01646ddd9709ae05b9cca9c2992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
afcb29b8c49ef72c93fe93322333512a

SHA1
9a9cec5dcb81c29187c0a5f97d3be0d32043d787

SHA256
89e4b162b03ee7d19fe8ed2d6b5481307634193b344c1e4586ab1e6d6eac33b9

SHA512
af3ab1ada9fc5c5b7a2f0c2c7314de0bc5c13ff57cb7329b426d58116e02e0e81aef09b7cd5d2922c363a74e8b235fdfcf139bf0138def4aeb9c43e872fb47f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b2d46addbd136e196fb963580c4b109c

SHA1
471df7e40c0f5772c93f8314e1d09818e4f06b26

SHA256
6a757d1ebe21a7b40f1b1c1f7c2f9d365602797a40e849af41490c1b00e3e2e1

SHA512
d60ea7a5755059529ab53425cab4ef81e5b15e395fe25ac2b87acde633df77427ea977477e968e372aed693f64f936b22c7182acb0cf1e435b71ab45313b7717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9673695c834dc5a0863743a83b0aa859

SHA1
c9a468f788fa26e8c2390012d027d3642651def6

SHA256
4a2fe935efeb0bb7e2f23754c731c554dcbcbe6a83549022ba702ca3dab451ce

SHA512
6c8ca80c899822da5cc027aacf6118f09a6f878a636a40ca480b48628addcd58b3347e20b66998cab3521ba1bf1de8ed4d33edcc4c1d256a1214586a35937118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
860752c9ea20c092584968e1b524962b

SHA1
a7f78ed801990956b793c6ab85a0b2fe0c3ae7b4

SHA256
62ffd7347fcd1f6a1cc7e51cd40f25cc6791344bb8c40354b5b7bf2aaf2dffbc

SHA512
747adadefe17caab550937ddb5dc1dbf519645741e8a3c5ebd720dfa178713247a1106127bebec8fe1e609e8a14d2681fef90fcd600ce16d2ae4dc6c05dad158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d07ad95d41afb797524368b72ed48d19

SHA1
55ef0cc96a659228f1238a74619dac48dc49afcd

SHA256
ac8111a2b8938733832bc35b40fad5c08f5d5a5637507bc953dcf63f3c2956a0

SHA512
6841ae021e7b67a2460f8c08089c726069856ce81ffef448e28dcad99f230aff73e343b6148ed877ba9d7db31761a3ac1dd719f6398d63dc3c9abf48e3b0efed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d1de8038193414c3e24d35a8329b1cc0

SHA1
d56b5704cacf88aa9b60f4997602b6e5b79f6be8

SHA256
206e59ff6620f8148997c3b6788712e2f72df2980f18ff927336c76dfd60e2ec

SHA512
792aac13df5e116be1d60a93c3e7e784063986f899e167d1655eee3c64d2d4bd1ae7480e6bc77ab4798e71e3e5bf193598fcae24d72b94e3b5fab8ce000b6b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0b891cb9940c4effde5109d3228d6676

SHA1
1fe514815d026a71d481820c2994c2892039e911

SHA256
2041830973e9b88cb4b9a1d2ae56ac0c9dd51dab89e44a960c2b37e367f7a976

SHA512
c9012338d1216e8e2d422c41f2cee3e8acdf11a6886965bf62da6089d6758c2e9898c38f6e1f563f88ba118b1121340dc1e8d139bd23a54f8c8708affe4a2b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8072c416cb1e638868598464bb262f4

SHA1
e7f81db4915be6cc2112294a18f6a5b9acb1fb65

SHA256
f74f3e2e616c27faee0ceb4bcc982c9557a5f493882eed38171700662487669f

SHA512
937800d361b359eda940d1267738c5bea569073809acc93f35e125eaf739682df208359b1bca97e0cf027b270e144a1d3d922814e6ed2014ac66aeff986c60aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e24ed6da90c471847f7d77d9c90b5511

SHA1
21f25feb43369348561a2f0cffd28458ecebae58

SHA256
07428e6541042959b42a8235de46e39d97389aa6c459f9f9019d397df04e9109

SHA512
f16daf784c1fba98b1cc504bd927cc1c9adbc5157d0977e8830df4dd5d7a715284df622a96beb8bda24154fa71bc661df6eb0a6519c2496b94b1f716fab7787f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
417115c67b632604145a4fd1829b1632

SHA1
e9f2aed793060cf44fcbd21c3e74db6aecc4b53f

SHA256
24cbee66426f1b0b68e35f310bb111857e84265406678ca00735983d622026e6

SHA512
004f169db6a6c22f26bf6e8c173190adde7c47cb6c7894c677813d133fbfdbb86f88d9cc7fbc5aa7620bb44ab1b67113cca44c1f30bda58b1a1fbccf747ed763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
d2796acc99a2d5583158eea5d9b335b6

SHA1
d2a950cfb07ddbbece1994d26d5d72c6c03db55f

SHA256
6d4a65f3f0ef88dfc709070b5290586cfdc804c8de9865925c89320c50faf376

SHA512
9b8c4fd418a8d2a33516dd56b2ae65d233ea79995fc974d528f51c29bb4d8cf4ac41051eb8fd37987bae31b9c5813cebf9f50e357b0d8b346a05e1d3f1e3f812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
d07923901618d84822a8cea02d62d3ef

SHA1
2c28a85bbe67e42c21a6de428099a90f49922d7c

SHA256
a9fa7bbf0647d834ef33ed8269d2673d3861340a8b4da7fb180b72e74f6a5ebb

SHA512
1fd1efd03331cd038e8e2cc3d364e69f3570c94a5d07ed83e172c2bd32de89686910b55a5e6b497ff2bde0ba51d4f1693f9b2d358e09fe0c1d3443db028f48cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590e1f.TMP

Filesize
534B

MD5
1d994898ca3540cf141f46f6e1242b17

SHA1
f5cc84519a71e6940d188777d10608a9833de08d

SHA256
98e6a3382c493ef0294cb15c9de646c449a558365c49b6b6e36f19005b37ca7f

SHA512
a927a16b5fece8751a764826677dd9d4c49b51bd8fd4ff5ea1bd2c07812b6f55ce3347b4cf9c2397ac679300f40587366c8b22c2d0517eddf382c2aba02151eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5c3d008f07c4c05db45ba046c051c4ce

SHA1
4fbe2f3790e838f9ff8db9df310590fedf928bc2

SHA256
4897669dbbdfbbdc879717d91960a0b71f77d914258f45a2973a60b51034560e

SHA512
9f63bb9d8018ba2ae30fa9d8b17c0467f30f101a2ea73a7a6f11b8a3d914b17b3181f5d790bedbd5fb306e1178509d25e39561e9fc5db5d83760e4b659da7a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
71355fcc2f5ace90da74a6c7059bd0e8

SHA1
7f7280e951b38368b13959aa0611b1aa1e45439d

SHA256
46e299ad6205b036aa47b70cce624c72f5005b9360c4e4e62a0bf07df5df5c64

SHA512
69c0aaca79cfc0e612a99be580a62fa4fd4f81a0aecdfc05f6806168fb16bc46711defa9244d0a17fe0bbc4c2547316f0334bcfcf725630fa28f8abc475a32e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
d6d3499e5dfe058db4af5745e6885661

SHA1
ef47b148302484d5ab98320962d62565f88fcc18

SHA256
7ec1b67f891fb646b49853d91170fafc67ff2918befd877dcc8515212be560f6

SHA512
ad1646c13f98e6915e51bfba9207b81f6d1d174a1437f9c1e1c935b7676451ff73a694323ff61fa72ec87b7824ce9380423533599e30d889b689e2e13887045f

Download Submit