4a52081b966e91be440a8da3963c9898d2d6f0bc2cc0ad800480994fec2b75e0

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 21:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9a021813cab936f0470ce3f56b2b9471.html
Size

430B
MD5

9a021813cab936f0470ce3f56b2b9471
SHA1

a162a1a18d1cc8c14640055cceb025f55fd34f66
SHA256

4a52081b966e91be440a8da3963c9898d2d6f0bc2cc0ad800480994fec2b75e0
SHA512

8613ee2b43d2034d38c9093f5be74876b48298eaa52ec9776529019418c8d6db49bce8044dca491464700cc65ad24b218068b149a5bddc820e4b2166ed8dc41c

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4924	msedge.exe
4924	msedge.exe
4636	msedge.exe
4636	msedge.exe
208	identity_helper.exe
208	identity_helper.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 2656	4636	msedge.exe	84
PID 4636 wrote to memory of 2656	4636	msedge.exe	84
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 3564	4636	msedge.exe	86
PID 4636 wrote to memory of 4924	4636	msedge.exe	85
PID 4636 wrote to memory of 4924	4636	msedge.exe	85
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87
PID 4636 wrote to memory of 3388	4636	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9a021813cab936f0470ce3f56b2b9471.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff921f646f8,0x7ff921f64708,0x7ff921f64718
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7863963415371485319,5417619397107620222,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
3deed2eaddd4297ed7e973f44799175f

SHA1
0dc81327f6054ee8440a0cddb39ed912de0eda89

SHA256
7df0b20241de4b2a520c04583658fe402ad53b6de6367140db39df139f2de3ae

SHA512
a6282202159e2c83faa19f5aab3954a32d74997e6f456789068752de45a4e3063518e7c144a6e418bff718a1e779cd7319455005ed05329e7eebe85b58f115cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b7961812e66dd31f37df85d8e6df05c8

SHA1
a1ccd4e3295b16e3658f4dc34fdf73db9ca3c16f

SHA256
b42a81c395e021f22db02c0d750dc8b992e51f0d326b8b08f244dd098107cc22

SHA512
c68aea191de278c806142a7d3fbb0a56c6e35cb0c6210e5323ca22b5ff5bb0cbc52e1963f62bf977a357258165e1854468cd3ce2a479acd6d34ea89a62927f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
336b2de3facfdeca75a7f1ac3f1e2c07

SHA1
a6a6bee812513406e96f6418e80c4c38401cfae1

SHA256
64c2ecbb6297a2469bb1ca4e38a6ab21e410a6a6b755a5449bc848c79e5c81ed

SHA512
7107b839bc61773fbdf1c4a0b5229168cffce9184f8c1bd86e315ba8e937fd4a457f1d6dae83b05c3d2623803072e2b3e67bd42ec79ba573074ed30a16ed6670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2f019ed157f365dc11f91a630234da81

SHA1
6cb8ca38d7a04d058ef8ed52eb3a44b10216b288

SHA256
a56aee6a0484dd076033bd844af5af85f0a1c9ac365099d0ad17f955fda7523c

SHA512
eae360d1fdec090302fae23a2f44e9125ea5ad66706a652d6caa32308d6eb34b55dc8b1d1f072deea1ab299d624bfa0c5d2ef8dda806ac8c2d0e2db082aa3206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
865bd74888af21540bfce2aeeb3e4802

SHA1
ac137a6516058bf522221986ec3049cdb9210109

SHA256
6c7d0f3f2a2a1315080e7f0950151fa2d36fef0ad6669a3bccef4d439258a634

SHA512
b2422c64a78321c862b19c938c64a29918bb8c3b70b1fb861bcf1305c5e700f80e293313db687158ce2eb5b3f3f1451ee3140d514aa0328b43fcde3e89a4c9c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581ba1.TMP

Filesize
48B

MD5
0230c0182a1b8685b754f83ade0e59d7

SHA1
7377043656fec96003c56bdae23b737adaeb114f

SHA256
007c243a306b1f5023bd825f898c4085cd6b0df142d03da5e1ed8a207cc5e743

SHA512
a30dff4c06d3d00d058874c5f475565dabb80cdf4455d6eb4f51f82c0a141e90e96717c77a25fe06570d5db0ba38c976eef2f0ab8330c910287f41efbdf41b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6551ef3df84647e2d1c651238260e2e4

SHA1
35bc65b6c286c9d7c21818fa4c8bf1b4d850e39e

SHA256
1432535969c7f68a49245ec95c042dfafd54455a6dadb3673c6fb55ef4001b6e

SHA512
020ba5d3d8665a414e6c3607465c3cf49c61aacb60e8e43c252fae3115962c7fc21be21904191857b5063d0fb2b54d134acf8c9888f1c7c8c6d33108ad36f34f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
de38aa07ea98fbc57ffc372e431a7a80

SHA1
b6c0ce46a6d0f445be84f42ec756c97cb32e92d4

SHA256
9740e2b54c942784558284d1716f9fb9978e5377c026cc1e539ca6a713503afe

SHA512
6fee4384bf9e269f3bab92d1853217c3b77dd4e3768d5373b1bcd5e2b75d8026ba83d5226031bff8d7bb446fbae2bed9b687e79d7325a9fa64dfadf173422f02

Download Submit