4a18e1c80ccb11e4724e5d20380ec2314b8b7b4b4a358d230f7c69d7ed446a91

Analysis

max time kernel
146s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19-02-2024 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1M4g17MhbwpK9GrsGJbED9vy4xVy5Q8zI.html
Size

537KB
MD5

61cb78664a82771544351e51eefcbe0c
SHA1

5f12752d5ca4908f0ff57eb009a24643d7b52e82
SHA256

4a18e1c80ccb11e4724e5d20380ec2314b8b7b4b4a358d230f7c69d7ed446a91
SHA512

250ad4f80656fae12c05004deab74d0b98914a1fd7be47a2780146c4072e42e486b959d3ab35042f62eae0ff089d1ae561de3f3015e4e1b819ed48fa5040970c
SSDEEP

3072:W9nrcRDnOc+z4elRPxDxWSyOBAOMlhi/J8qIQD+B7XfXC4rDF7uiSqOU5ayMGtY1:I4VnOcWlRmjOYXac5u+5ayJYDnCDI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe
1924	msedge.exe
1924	msedge.exe
1504	msedge.exe
1504	msedge.exe
4580	identity_helper.exe
4580	identity_helper.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5256	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2336	1924	msedge.exe	80
PID 1924 wrote to memory of 2336	1924	msedge.exe	80
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2016	1924	msedge.exe	82
PID 1924 wrote to memory of 2988	1924	msedge.exe	81
PID 1924 wrote to memory of 2988	1924	msedge.exe	81
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84
PID 1924 wrote to memory of 2916	1924	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1M4g17MhbwpK9GrsGJbED9vy4xVy5Q8zI.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbc22a3cb8,0x7ffbc22a3cc8,0x7ffbc22a3cd8
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,5396026634840428162,12543761862129353076,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4868

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1504

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\227d99c1-dbf8-4013-a530-571d110e27a0.tmp

Filesize
10KB

MD5
d0214e4264021e5140653733929355a4

SHA1
920f4c646004c3eb611195008f3c08f3dab79d0e

SHA256
45c813f3f149e45caa5c091fd35e83519693fcbc15f92ee31bc63d9fca8818c4

SHA512
93885d02410ee48de1e11e405cffef8f7caa2b008021e0fc40dd8015fa71cf228c68085fbe1a5ed0ea135ff55660b707260994f9fa44fbb9645f2a641c15900a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c7088b345d89a8f65508a536d470e64

SHA1
c7f144ced04a66047253a5ee4124985adab6375c

SHA256
70807a89747f1c04394549aa800fedd6a737647bbf95af2cf087bb53e066724f

SHA512
8d6491e8da8c117f527feb6cc01612aefa0819d35d7b961bac8bf41154a1b525438ad928af70bbb06956f02ae3b0b1495347d33c769fe789496b8f4d4232853e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
70db17d66c8e1cdb8bfe28917f910680

SHA1
c11e6fb7e197f4a04c214ba11294ab77de595c89

SHA256
6729ebc90e4ffc1c23df5a009c60c16d5b63b8e768a2864ee7f7e8fb7629ccc3

SHA512
0e5a460837a8391b5db0aa267a6c832d88284dedf79697d30337b564af6fc33c69072c893db15da58b99674ebba354e8a0af5c34db761c9adf3f0c1a5b86ef63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e40d64bf016479a552e6b7a497b60657

SHA1
b4ad127fe797e3fa4eaa975bd1bf2dac3abba8c0

SHA256
bf203bd170e3ae7fc857ba8892884ff35781586a85227b5feffc683ce71b6fc2

SHA512
a1ca33189f700de5d35dbce23f0741c7f0f4eb99a2a80606fef54a19a9fe53e031cc54d168b07a22e35fa0c6dcb2fdaedb4a209e643afde3382ec86df1e9ea52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8c07ecc25141dddf47569c781434ed8d

SHA1
44e4007172a47e304a8b3f3b5f317e2fa0c61217

SHA256
d8afeabbcd8dba58fbb36b830ee44224abaf2e0425192bdc378e9c13ae1ec84d

SHA512
a3172dbd17ae7d90c23f2e46ebb9f0300eeb20e7fa412a7a8244ef15c1fc20de836f1c53918f12a343493620042488ff63b45814de73df4a99ae4a0ec93a8847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ebb2237d4b7c944cef8737325e8f81ac

SHA1
d5f3f40e959f7d30e8ff88e2ad7a49dffdc41c69

SHA256
58a5a89eff0efda284caa191e1fe39c378e4aa9a68117f52bb10b8bcfe7a772a

SHA512
1a3423359a91afa3f2a09c338d15c760cca2edfea68528016806f1debeb34673173ce351d1724f93cce9411045475678b8c2804e83f5c6b1fe125fbb0eff582d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
947e9650de9eefa2e8bc4c31a69ee539

SHA1
349afcc9471bec75d33b0396fe679c62865ff4c0

SHA256
fb541436451749f2601dfea10fa91d327bc64abdf836da0171561d5b3cf82e28

SHA512
b831ba42e795e162ce3c8476ac81941975917806c45548b35ee0ad96777e9f62d97c58a20d8af8106bb65e58f0999b1a9df030290ac9e911b145beaf82145dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
a73a27fe4e406bae8ea5f5e04129a2c7

SHA1
ed324510688f8b08f30475e0a38e885e1dcbaa2b

SHA256
312d5b5397d0523ed36b5d93a6f7fde0435cb41390e4ed233f5e57b9b9df717e

SHA512
72c313af632bb252ce84ab419f0a19be9a47bee9a0220127063ef79ec4d305e12d6ec4be740bd4c77fce01cf1c1737dbd58df261914a9ae6b51775f805c567cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c9131e917e6bfdce58f1bdba7b9801a5

SHA1
ba66af9ed8fadea9c7d360b8dd62c6a56dd6f698

SHA256
ba8fbcff478ee13f1caeb631a98c5a32cf9d5b35290b458a48bd27f76111259c

SHA512
d665bcb87d82fa0057b58d381dff25433f519c75191305b3337ef81c746f6d099f66f9bd080e346af8d8546e74fe6d7951103a5864f32ddc3c5b05406056fa52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ad42157855d379a842ded258c0cc9b07

SHA1
c724b10271154a5ac61d706bb7278a029d150ad3

SHA256
8c65bdee328ad85cac186ae9bbd4979a80830f0e0282a80fe0fac8099fceb8b9

SHA512
fa0886587b3fb36e7724502101f38cc3df659d378c0e8fa4aea2493354a605e2c838505ace1abcc78b781368ffab7feb5d23aec93802a907f07c9ac51a8d18ff

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
9af5f099ffb1cb8ef5d0f394d5cc30eb

SHA1
b2d4d4374a3cb3d025ecb95d9b4459f809fd49cd

SHA256
2e298639786032254594b05100f029f0a05fd05566a04a94c3fe486aa9cac0a3

SHA512
07d8c2e1aecbfdf5f2dafe65ea9ef6ca0d7aa8594b43718b3025fdddbcdc598e556b0e6f9e5ed3ef979375fed56a39c28b833cd841468e6d0e632f8d4993695b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
27d17e86fd02a8d804656d44a4784eca

SHA1
83353efeb41c32a79b5930f22502744bdaf74cf7

SHA256
4349ff6cf047c56da5da1b3378fde7c45aac3f07dec8fe16535737fa5e3eefdd

SHA512
9d52b21edf9db54a6f22c8011cd17dd7afed2201dab86467549a3cea45c084d19da40f005403727448191b7a0a53c558b8e7f12ce09a60f78d193231d5ff9b5f

Download Submit