a74eead9d1371b3d21e50f902985d286c631feddbc60afb10176d7300c6536a6

Analysis

max time kernel
525s
max time network
520s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

51KB
MD5

af44d3deec3db04b77f74d33c372c3a0
SHA1

dbbd398f0706b8a40a5ddb14071eecb581912d07
SHA256

a74eead9d1371b3d21e50f902985d286c631feddbc60afb10176d7300c6536a6
SHA512

de1d7fee1fbbb7c0a6c918cb52a4c70251550f6bdc629482ddf9fc5433654ab9ea99a0f3e3a7d349c504a19b5146ff8db53e7daf7a5da80d8ca34f40aa362e87
SSDEEP

768:3QHSspl9fmlYOGrWrkJbze65kX7nFeipD0HlSkkmO6OmyWZgXAnAOhJSt:AHSspl9fm7Gw/X7jUOmyWZgXlOPSt

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
12	discord.com
19	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
3184	msedge.exe
3184	msedge.exe
1592	identity_helper.exe
1592	identity_helper.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3184 wrote to memory of 4564	3184	msedge.exe	87
PID 3184 wrote to memory of 4564	3184	msedge.exe	87
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 3156	3184	msedge.exe	88
PID 3184 wrote to memory of 2672	3184	msedge.exe	89
PID 3184 wrote to memory of 2672	3184	msedge.exe	89
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90
PID 3184 wrote to memory of 1144	3184	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb807a46f8,0x7ffb807a4708,0x7ffb807a4718
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8085597916314147308,4002850099491522655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
eda44a0826ac00525717444ac6e69aa9

SHA1
f3c45d6f88c8c3dd25312508707d8891031bd16b

SHA256
e937ff2bc4c03577f42b09d2b1e4ecf7252b2de577e05689c30967ead834e4af

SHA512
533cde86bc5e837e926cefd2fa5008f4e6e6fd4c8354b5f2fa3ae5224f98d1eee0e06c07cc5474bc1fd5b18d90ff81d29fb62acbf2a3f1c86909ba1fbcacae3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
918B

MD5
c995724c29cbcee80175b3c90f1068fe

SHA1
3436b44d4a2dd72c5e9f0558efc36c854373ef33

SHA256
eac85aec5132adac0d253cc67596284073fc79bc950a9ed4ab726ab5f32b6021

SHA512
d69a1fbf89adc5056d00f5da7aa248a5af8c41fb8129ea550765f9c43960bc58cf4c5e12397152e2c305fe09b4f8c8d7966a7c41b14215ad22b9447044e61a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2ff0c6620478c9261c68a9eca7e72387

SHA1
309f26781352d329765df077f317416991b169e2

SHA256
7e2be9efa742580ca829cb714c27f164e82a11eb9ff77396056d91c9d56e294e

SHA512
df5dc4ba01a7426bb42d0ba430abc23701cf17162864f05c7da45d425cbe1c3bdd856e8a106012a4c82272ba4d14aca325498fb87abed94f5c239df7c2a96bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f8aeef99a07b256b59b23d8623d7ec2

SHA1
b529c7739ba487a26b52d482b0565122b1e9e30a

SHA256
a62475a31562e2b010a0caafbd8795cb2dc744ef5eb21d63cb29824a241c15d3

SHA512
ae52b5d1ec85519f0bcc5e52e30542a8b9ac9f24a0332e0dbeb858832579e6464b5277230d85737897f21703938995283efbc94a72d82f1452e60a4682b44e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0bfd8626818b495236f4116dd1c67f59

SHA1
52c0f50cfb8e25d37764fbe6bb0d8fa85f7b7791

SHA256
3b610ddd06f906fc6dfda6214a8e2540972f35570ea69d8c31cad9885022e973

SHA512
3943699265e5c0fb13ebbc6d28ef23ce6ceee59c56af9526ba32c6b92be9efdc3ebb5606e010bcca3eab03f92e6eef2772281b13959dbea82a76ff3bcbcc6321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
012435ff9ca539230876a6b3f105a1de

SHA1
0f5a6580dd013216e91e9a549eb1fa8e2a9ab54c

SHA256
eeffe5a257ab648387b5f8447fc158eb9104c23ba8ba84e3a67e1226f0c538cf

SHA512
281859c79ebb6a11e9111d49b0bee436b5bc8b9885dde753dda647193c739e155cad29960518250336f269d29c9b4b52eeda90c884e37c8ebc98d8098dd222bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
98c7708dc0a7c1dc8e595b9e58c5fec7

SHA1
e23d826561c30680935526ca8513f4f61026a7d7

SHA256
f86a8b9069aeb5538ef0a4241efdee5393e137784c4d80e9d5140e781a4deed2

SHA512
750d69fd71f400ad9fee3c56067def3f1cfa16de44dd2d09d085b225cc77a93fbb50acf80cdfd3cdcd379baa2646f3aeac7ba556a6a25273b56b67a587709449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6db2d2ceb22a030bd1caa72b32cfbf98

SHA1
fe50f35e60f88624a28b93b8a76be1377957618b

SHA256
7b22b0b16088ab7f7d6f938d7cfe9ae807856662ce3a63e7de6c8107186853e4

SHA512
d5a67a394003f559c98e1a1e9e31c2d473d04cc075b08bb0aab115ce42744da536895df2cec73fa54fc36f38d38e4906680cfacfbf4698ee925f1609fbb07912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
e7a40a95055dce4bace3ecace39f4464

SHA1
12ea3f8f001c2755ae5270777ec8aedd2dbb8acb

SHA256
b4a502319611ab830b907406e589d90a41a988623656c591ea0a001d814a659d

SHA512
c5c0ba1d8947a56552795015331d35b8dc832340a7382f01dd4aa4d501e91f3405051f686984a4b8283854602eedb969ac115c6402cfc1c127cf8e9e31b1f23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
d6bf5824e007a1a199670ca4dede598d

SHA1
3d1ba502da2fbcecb41f8b83eb700a4e9870937d

SHA256
dd05e41158a6207217eba6becfd7ee890a92f699a9fb73f1721f32c7e750ce68

SHA512
79520999086a4fa6c6fb9bdfed62feac8ea5199e6fa9f9434172caa195c5a7d64ff6b42453cc75973be558aad4770afdde8828e9c4b6d8b04a6f12f10bb285fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
894e4044abc590798fdfd2e42299769b

SHA1
ebd0c0a34808df57b7bda308f0f0e516aaf6dba0

SHA256
1207540689bb771f894f29f8076775ad053f011ed5c5310472ffd27cd73669b0

SHA512
16af1399f992b17c479b4d8333eae6f63199ff333662394be9cdd1ca390b7593902f626ad85dc52a6ccde59d5ba92738814f368b428a1ac579165ddaa383ba9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ca35.TMP

Filesize
370B

MD5
2b5e07a50c3736eacbd9d602f94694f2

SHA1
f7d08dbe00a4ecbe64723e425b49b134432e6409

SHA256
a31e9fb7479ff965db13d43c411a3f647a9f5150c5e558c69703704b67052832

SHA512
913d8c263a27890a1a9b8a4cadbe88b60a95239ba75bfd82047ac79c74555d32943f9ea456ae5ce34562fec18bd7291993b8a215fb381c838e16389715fcf1f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\e70fc469-a64f-4bdd-86c2-659a55db2aec\4

Filesize
2.6MB

MD5
f70eda301b86608f566ef3f771ba2227

SHA1
13d688cd74e569dd720e8f2d67baf5696e0c542a

SHA256
e1c1ac67456d0302a2033b9200d2b015bc9877bbfe01bca229b2544cec44ef0a

SHA512
6f76edc5725cf377a0f0688b06d34cbcd654b608a4e62c93c354e7016090b434a587c89e7e7024e0a42ac3083c0c5df2453516364aba4ae30a7aa81c600d4104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
66f09da60d1cfc3fcb96d9cd856a1052

SHA1
927deb57aa04d37f70ed2e6294454bb18596d19e

SHA256
0bc261eadac03e67850bf92688a3285fe3504d8fdfae597a8f77c90c715a0490

SHA512
a62a6c897835926d510fc2c434cf319cc86d60a7ac94177df34b6fc2d3148ed76b2f7781c833e329b8f2f3554c232e8ef61021e94634b7251b47971ab70da2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3f89394c7ff8497abc6e4c1afe037aea

SHA1
0843b0fef5f12fdf2ff6ec38598bf521650b5cce

SHA256
11f2776e1f9163be88a59464c5b73e4b76671789506e81cce78c3dfea3e8f7b7

SHA512
491168088792878a04b78a43936c5b045c22106cb97ce8f7baf86a12eb042f123725b8ed4597963d71d3982f7599efdc94f0a998fee5ed46a27d68137e9ef58d

Download Submit