8e96fb10eaea6aac4d09d1b45d13cd259b55d180f0a3e80ed2466c4a9bba0b64

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Data/Top100.url
Size

89B
MD5

69c38f286df818b3143262368d2defac
SHA1

217fdf3e16aedc6bd7c34fc65f841c032763a3e3
SHA256

25e1f4f403c488473499ddd83212d5944fb959accb2593ad2f614ff0d4421eba
SHA512

5349c894ad2125c4e8dc6b61697261974e46e9de7b8d8c4bfa29bf7c4ab00351f18260395901117e5aa3281794461aa2efd0c74ef187bc42e59350e42f0eb1f2

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2796	msedge.exe
2796	msedge.exe
4784	msedge.exe
4784	msedge.exe
2768	identity_helper.exe
2768	identity_helper.exe
5920	msedge.exe
5920	msedge.exe
5920	msedge.exe
5920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 4784	1028	rundll32.exe	87
PID 1028 wrote to memory of 4784	1028	rundll32.exe	87
PID 4784 wrote to memory of 2716	4784	msedge.exe	89
PID 4784 wrote to memory of 2716	4784	msedge.exe	89
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2132	4784	msedge.exe	92
PID 4784 wrote to memory of 2796	4784	msedge.exe	91
PID 4784 wrote to memory of 2796	4784	msedge.exe	91
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93
PID 4784 wrote to memory of 2452	4784	msedge.exe	93

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Data\Top100.url
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.top100gamesites.com/scripts/arp/rankem.cgi?id=mminer
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffedfb46f8,0x7fffedfb4708,0x7fffedfb4718
    3⤵
    PID:2716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
    3⤵
    PID:2132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
    3⤵
    PID:2452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
    3⤵
    PID:4408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
    3⤵
    PID:2292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
    3⤵
    PID:2640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
    3⤵
    PID:5056
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
    3⤵
    PID:1572
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
    3⤵
    PID:4712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
    3⤵
    PID:4840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
    3⤵
    PID:5388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
    3⤵
    PID:5380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16790350460305303619,11807626935520363498,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6088 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
5b2559577b5d5e0554aa3d0e8b35c25f

SHA1
a9cbc61c4ebb415fe2c665679e1613931567447d

SHA256
275a000c48c4760d74568185612fe4e6f6ffd50eb7ee6ac39a34116a6c217958

SHA512
d318c0e775c65d0abc42f170a1c081eae0baf8675439b5c3941badd9714f32d3df6c07996a401d10d1fd8d0f32b6175ad9b790e67b734f7a5b199436990a623e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fe45020fbacd4a58658f47777ad1634a

SHA1
f9fec843567a51f15598a69381213751eb337b7a

SHA256
8a0263b232ae3252183eb0b17e3c95ad32472aca926379a916375073474422a4

SHA512
3fbf3abae6354c51809705a48f17cc725c973e90e6325efb1e7572ad7bafd78b33d3b7394d4a6b8ceb65c3c11fb92c6ea15c8508bf544b252c4f36e43c5b51f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05fcfa5f21375da46dd77d30734a052d

SHA1
e1d0f5f4ba265d636f6b1e6cef2366b54b1ba153

SHA256
a528f5dd477062a8dd1a15c2e2f9eb26832e9617cf99d101f8d20e2473449ac1

SHA512
8ed33c3c4e56cd79a473dfd4fd8ac88f35d9d8ecf2abf1f972d079b24f7733f4b01fa624b785121e2add2caa579d16845883be3430fb719061047f1c7279521e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
57168128cd091d456749ee6f89fa64ae

SHA1
3bf7fa186a589eb442b9b43552b57932b6b2b522

SHA256
f4dace73d8a5d5dd3aa26b03d8fe186eec394703631188ea1b5a5e763e1045e2

SHA512
09264f9ee52891bd0e23a858cf8d1582301b045c0ee46b1de6facc0db5b747a472482bd0650ae7acf354491671da73a69e0d8a0390e3ac0e1f7fda011e88b838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
83003221053892e234427af58518b5cc

SHA1
b1c21cc4d4aa00e2987c5b974f96848eb771ae4f

SHA256
c4c4382a0a55d46d88fea3a7e54dcd2b0678a1082580b75a7806693755a39bc4

SHA512
265e548136e4e5ae6dbd42ca5ceee8b34404de865d895daf120216d60c4a9453b5852b47f53edf29f913e412c3df7986c2e48a9271a763ba9d6fd039ebcdfdc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bcb778d0-9a6c-4e99-a718-c58da10e7b68.tmp

Filesize
5KB

MD5
a988f13f06b4958fa49c25f548d3098e

SHA1
6090e70943c82200cef3d922896f9dd5632691ef

SHA256
5f2193ca2a992078631fa51187641cb9d2e8d90349d2a8b75528492b8e30f22b

SHA512
bdc3fb9eef043fe271341a27018d83f3606cf5695df0921542e1126578b4df029f1a5b4c219052df5ea907b3c3cc5e512c039cc917ec5944fe7eca5b5cc20540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4ff06c483ed1f6c71d3498a184b4e2b8

SHA1
42ecde8e0859e6f03c4577faf616acf4b125765a

SHA256
f14abed707cd57f7c6bbf64feecb754293418adca006f31bf11a54bd392b46da

SHA512
a43766b01d6e64d5af3156d60c1a36ddb6b04bf8c06649e14d26b5b928a1b79bcb29224b6ea14ccf3b95016eca800913aca45fee26a142483926694e402fcf73

Download Submit