d51b59640f556c6d45642061d74e7aa4864e81440524c64d65f56ee0b55d23d0

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 09:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

991f3d847f46c20cc5226fb71136a8ee.html
Size

66KB
MD5

991f3d847f46c20cc5226fb71136a8ee
SHA1

c7863ca81550a2c947e4d427241a377dd7e88529
SHA256

d51b59640f556c6d45642061d74e7aa4864e81440524c64d65f56ee0b55d23d0
SHA512

1ef5d6fcb149259e4a0669f45ef31c693ba78f60bb8fc1873b644c1e8fae6d63e205d2fcbad9296b5e77e7bb8101a8c0a641dcdc4e37c1600662e92a7a5ad966
SSDEEP

1536:0Lq5dXvCNkXAWV88017DFQv3ZnrIq6jjF4gO/:8KR+JjDFQv3Zn8q6jjFLO/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
2424	msedge.exe
2424	msedge.exe
1112	identity_helper.exe
1112	identity_helper.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 1644	2424	msedge.exe	84
PID 2424 wrote to memory of 1644	2424	msedge.exe	84
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4560	2424	msedge.exe	85
PID 2424 wrote to memory of 4524	2424	msedge.exe	86
PID 2424 wrote to memory of 4524	2424	msedge.exe	86
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87
PID 2424 wrote to memory of 3188	2424	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\991f3d847f46c20cc5226fb71136a8ee.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf55046f8,0x7ffbf5504708,0x7ffbf5504718
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14363962364422707597,3449054054558625626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,14363962364422707597,3449054054558625626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,14363962364422707597,3449054054558625626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14363962364422707597,3449054054558625626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14363962364422707597,3449054054558625626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14363962364422707597,3449054054558625626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14363962364422707597,3449054054558625626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14363962364422707597,3449054054558625626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14363962364422707597,3449054054558625626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14363962364422707597,3449054054558625626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14363962364422707597,3449054054558625626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14363962364422707597,3449054054558625626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14363962364422707597,3449054054558625626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
21KB

MD5
3369efe777bb13be4236419dfe5c7126

SHA1
e5eb4fdb4a414bca63e4a38d3760f181630a2ab1

SHA256
4a8da2b5a6506e8b349b5de79389ae9f3e98322d13bdfb743efa7e3847a329d0

SHA512
d1d5c13ff21750726009923e45e79af6a374679770ddd191ef07860dddd4df8a29b5c9920ca0ecd91f3bda8f3b0bfa842f480d8cdc0bc0540350f7f49e1a2de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ebb9ea8d99b5f4ffec4894df3c62d931

SHA1
286aa75c1e3014d5353804c181dcde0e8557de98

SHA256
cad3ad95ff29eec301770a064538c274638c040144e659ade9731dde65434d61

SHA512
14c748849d818d9e0673f0788fec727dab110b4bb878f070b420fb5691cac2c4c112a38a42774c31908080f6a62b86c73b54ac294771a5add3d86dfe3d064a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
73a441022e1773db058dcea44ee97aa5

SHA1
aa7dfa03810014b5916d999c863bc709744337a5

SHA256
bd32a4c2d519dbb209551a42fb89319f8916a9fd863a77da1f58f8afd70fe63c

SHA512
5441eb78c012203c0d78f7160b607f9a67df22344d11c4e71989da5057601f8d473efd0b344deb31a673f0aea0a2eaeb7bee47ec1e09cd04ee09847839d02076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
50a8d1d13f8347a942617cf64355d874

SHA1
0f74084e2e7d9e37868ac6c184264798cbe6942f

SHA256
71c5ad093e20299e7ea3c1a03ad6ac20991f69867e4584944d838aa61891f0ef

SHA512
dd8a15b5131bcf53a8817a90f36bd84d251350c2042b56792c52f78710b8d0ded70c738a974b7ac8699c49945b8eda34d3e9745c077671f9bba0d906c912230f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
959736f91c9da527bad39f0e93f58e71

SHA1
a6d8283ae8cad33abfbbda363ee774c8a25eadbd

SHA256
1b4eeb9baa6dd705ac1ad7af760ff917f9f239d250b393e6adc310653d362180

SHA512
753347619c252cfadaf74269da50fece2b0493d713cc0bca4ed8fb119d8daafbe02948cbaf4dc51a8852483e8cff1e53c8623e1beffe372c0e4c0d32849378bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72df49de63579e56763f4dee38992bb5

SHA1
45989e7a823507e628229fde1280bd31b6486529

SHA256
3f8162a3e9f58337e2546f858cb4599f55401a9f65465ad3fba6ff4836998a6c

SHA512
4a5c022c1bf0540d58681f82bd493fa802769f797b38b9456f86a062f11d78019985cd4bfeffd6f1030fc4bf36fc1ea42722f53207a4523551907d1afd6abef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
78fe4747c7b81ad7ba782c5342275797

SHA1
3de54435aa8e879b3615f3aedcea783d25c8543f

SHA256
d517072b952fd3312df1fb06ca21c1fad19480013751c1c7ba5d75c2ca623ffc

SHA512
7421cda77618a7b08946bcb954dce9bfe11d32724eb0cad7024c1979305ad2720d3b844453461ae5d8562aa8062fb732d5a037bba9845567dad9d809b58e7624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b81925fe9529272c2ffa6f9bb1da71b7

SHA1
ea959014918d4c5c14d63ca2432f5e180c7f7b0d

SHA256
fe7654b8aac4361868031e9085aa8d830a04e2c84e4d80763629a7fe2adbe918

SHA512
a98963588de19f7b802a152c4fc09e6bf07bdf351e0b87573920a804cbe786d305d0b99c5ebe2e5eed22b2b6568ace5d6432aec60af223a7c80fc71429603cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9734afdd99180f34d83545f1d8365ca

SHA1
48436084def046de48ebe6ef8339366684a3df24

SHA256
733ce6a2b1abb45f1dead8d09d8cc34052dc4989d0a60e43742160db038e57e5

SHA512
56f4d2c84341890e7db34bdc9b0ae9e661ad4a04db1c64db1f25691449835ccd03c9e3838e479c1c307b137e06ccf8ece3832cb0324973fe3940598784586a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0717ec84484eda07f30bdfa9ec042050

SHA1
a7413cd249ef7594f6221037991ce1f0011ff6e4

SHA256
bd869dd4152c2ce7fa45a4fbdd4ea6245aeae5e43887fdeba8e029fff78932ba

SHA512
a5392293bb7a2b0499813498f449fa1afe6f9a9bf3fcae6bcd556a12f6eefa0a712d0d7f0228bd8c3772f92e91fa0892f48a66d9f63f7a232494bf7a6460a92e

Download Submit