1919f583e35de5fd3d552f0cf43315814c2add54a8ccf3b7a6e7ef70f1db1b1d

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a258e7b04c4c3c17ddc607f2962b096c.html
Size

432B
MD5

a258e7b04c4c3c17ddc607f2962b096c
SHA1

012bf6091bc21e3c2839710f4a6f8cb1df04be57
SHA256

1919f583e35de5fd3d552f0cf43315814c2add54a8ccf3b7a6e7ef70f1db1b1d
SHA512

e72abc66cb82e5d215105eecd9fbdd8a595b384f4e7f0abb49744d1e1b5ca99c75f8542d5f7aba0d6c0f850f1db899c11073b467651c8aa6b8e146a790036654

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1996	msedge.exe
1996	msedge.exe
1208	msedge.exe
1208	msedge.exe
4752	identity_helper.exe
4752	identity_helper.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 4936	1208	msedge.exe	55
PID 1208 wrote to memory of 4936	1208	msedge.exe	55
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 2056	1208	msedge.exe	87
PID 1208 wrote to memory of 1996	1208	msedge.exe	86
PID 1208 wrote to memory of 1996	1208	msedge.exe	86
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88
PID 1208 wrote to memory of 2044	1208	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a258e7b04c4c3c17ddc607f2962b096c.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbef446f8,0x7fffbef44708,0x7fffbef44718
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12342579492361659431,7159697262699571655,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3bde7b7b0c0c9c66bdd8e3f712bd71eb

SHA1
266bd462e249f029df05311255a15c8f42719acc

SHA256
2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a

SHA512
5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9cafa4c8eee7ab605ab279aafd19cc14

SHA1
e362e5d37d1a79e7b4a8642b068934e4571a55f1

SHA256
d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166

SHA512
eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
c0cb618eec8bbf2992666c02cc96ccbf

SHA1
e6145bc7c9fb02887d5fdfb7a4c9afeb814c5634

SHA256
2f73ef7922c53e54d7f3dca8686ad843b6665589f68ec46113f798f86211f82c

SHA512
254dbbdd1d36bd041abddef44e47572c3f5d9808040879c7ae3248f0a8b3fff68510efcf7ec2f54b0d756f95ec87fbe3ca23bc890800c2943c77d8641ecc2138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eea8e0210887763ec4575d1cb4822f6d

SHA1
b015edeb31bb5057b3fefc69e614a38ad5ca88fe

SHA256
cf5b6f097e77f4745ce30a6b7d21c2f16c26852ce5aba933b490e28c9f33c199

SHA512
64ef6868004a643f8ceab398170f5d7e80b47efecc8c3caa6ac9f9ec955a1fab1eea97c8fb1cb7c523ed7f4e7ead3392d42760654df1de9c9e0074e712108bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
004034b9e9349d2fefdb2d065bd5b0da

SHA1
7beb57fb97493c676bbceb154f790a1a80abcebd

SHA256
b459e49d0ab5c393934381c3e72bae16f5ca977c8ed013bd9ec3a10f69e25e69

SHA512
d9659cba2c10c82ad70e666e0b01b0276643566d112492324886e923382a9ac0098db38f749f5cfe5b62dd93045c77e22465d6b1494745ca9a4b64202127a2fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d0ac9e6b34beac0487a0f3e93825fa61

SHA1
0008ef2daf4b37b5a4cc035319c40c0d6740569e

SHA256
9589b1e53baf6c5e3ab5fdca96ad128d55c784989037a51a0119d19c163cc26f

SHA512
9b0f8c5dae7976cea8df49fe5b171b475ad52ee15111766e1fbc559ee051c394226e068642ec2f5ea1ddb4a519ca8454926665490dc2c699efbade89aa291e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f5a11dbdf1de4c37f157d0edeed4baea

SHA1
6f15cb0a5bf7b7227d9a655601b25075698a61f4

SHA256
56dfc710a4a5ec7ef4c08ac7221b4ab7f7e9cfe5316aa756a9a560c12ca108f8

SHA512
0b3d08339f417e384133dbc67915f0cc4d8434aefd69922c6ef1cde9e6f006c6a5c5d9ba018da4676b8f81a6cf10c2ecae515e46fe84590869ee2673be07efe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0bc498f196a0d37badbf44675c00a1fc

SHA1
d6a78fa1015865efcde4a15e1a992583099d0642

SHA256
c2e7ecfc3f417b20b189334d82a0160d7855046de9ab075355ed323563eaf1ca

SHA512
4794f5e74c76b43d1f0054ac783ce148da91f673052152b9a6110f3430d258c9e7531f5295cc00263a45d2f4bbb214ed12e03465f1636d3fd4e4001168a456f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ade3.TMP

Filesize
48B

MD5
59b9c05a1cd3c0bbdcdc334f87ee0e49

SHA1
780565b1a34101e9fd0b5ff3e49efea391fa031b

SHA256
73059649e22678de71d849a96c6867877f34be17e0a3b1bc3d1559f14a86be4d

SHA512
d09a68dda0681a59859d229c50d9f13978a79c1cf3d9e72f5dbba67d5c03ce522609cd042cd0f9e6ed4d6894d43eb2536f6a413ca341af7c64efc44bacfd1547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
429f519c5041ec227cca9435fb87d7d4

SHA1
76ddbf62627e9e083d14f541f4990f6807829514

SHA256
6abb7408797c96a31669e8c7bd74462be910ec659d7a5a43b6265f20d637b1b7

SHA512
ffb72d3ac487a89fdf6a169801a1a676dcdf620e674d6eb6b811003e7949be5d3c6efbbc1ca32e92a0534a3e7d2f50b8068eb2f847a6151d274aef53e22d9443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7de3a2120d0c9a5b885d1dfe42d8b4d7

SHA1
712a37f3eb3e8e64532c07dc4cf10d6afcc1831a

SHA256
fce670c07c5d6924bced93dce9c3b82b22a883c2fa9c44b3edab6a950f16778c

SHA512
b770514ff6af4507a8013a674f7ef9e703e2e82933dc066a93005c1e8fd18116b0969a56c3999b3e9280bf751a9645051a1d7aa1f392410b89337037f59155c7

Download Submit