hxxps://cdn[.]discordapp[.]com/attachments/1210890454485442563/1210890781221720074/file_release_2_0[.]rar?ex=65ec34eb&is=65d9bfeb&hm=4003e820e2652713a56076607a66a4561ed3da1ea58d34f2571fc81549450d2e&?space=File[.]zip

Resubmissions

24/02/2024, 18:40

240224-xa85yabh9s 6

24/02/2024, 18:37

24/02/2024, 18:36

24/02/2024, 18:35

24/02/2024, 18:34

24/02/2024, 18:31

24/02/2024, 18:28

Analysis

max time kernel
600s
max time network
589s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1210890454485442563/1210890781221720074/file_release_2_0.rar?ex=65ec34eb&is=65d9bfeb&hm=4003e820e2652713a56076607a66a4561ed3da1ea58d34f2571fc81549450d2e&?space=File.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
2528	msedge.exe
2528	msedge.exe
4900	identity_helper.exe
4900	identity_helper.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 3168	2528	msedge.exe	35
PID 2528 wrote to memory of 3168	2528	msedge.exe	35
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 3516	2528	msedge.exe	88
PID 2528 wrote to memory of 2076	2528	msedge.exe	87
PID 2528 wrote to memory of 2076	2528	msedge.exe	87
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89
PID 2528 wrote to memory of 1736	2528	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1210890454485442563/1210890781221720074/file_release_2_0.rar?ex=65ec34eb&is=65d9bfeb&hm=4003e820e2652713a56076607a66a4561ed3da1ea58d34f2571fc81549450d2e&?space=File.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9735f46f8,0x7ff9735f4708,0x7ff9735f4718
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5560 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2645849561642337032,156209493925876920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:3640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e189354a800c436e6cec7c07e6c0feea

SHA1
5c84fbda33c9276736ff3cb01d30ff34b032f781

SHA256
826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427

SHA512
ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9e3e150cfe464e9ebf0a6db1aa5e7a2

SHA1
3cb184e2781c07ac000661bf82e3857a83601813

SHA256
2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc

SHA512
f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
476B

MD5
37af099ed25af2261fecce38c986e949

SHA1
5117792f1712ef7ae639170f1e2aac05a140219b

SHA256
5e6649ca679f65d602af6b8ec6aafe192b014db49ef9bdea52377b5549716d7f

SHA512
21efb0e8e77fb5a44572d2a8ea4587d9e23d3c18c8440641197cc233af7b09144d1800e6780ad9ff3f9a6aca59ec85939e2611d3bd99fc7c8ae14ea6a7a92cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
476B

MD5
22cb79e7c1eedeb815f0088e82b77ea5

SHA1
d0afb94a7dfba4bc4fecd904aa1c19063d66510f

SHA256
fefaf880bbff3ade8f7b9df01ff85dc282ecab4d3e85a2c30d8292245f7ddd72

SHA512
1b1e3f1bc729d7f1c82e4419c78b4904a86a9617ac3509774a934f98003224917d8dcbe25853f3db123d4f28898f9e6d33e35c675b57a688fa0497824ea08ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
476B

MD5
2707ca1fea50b8053463132f611c948e

SHA1
63134fd1faf167fae0f756ea0dfff3122042908f

SHA256
bb0881113526313776b4c95fedc7bb00958f0a954e4d6a313ad1e91b4d8cc48f

SHA512
891be94e72a866d96cf7c2a97fe3b70edcc8a23e2ebbfa585bd18c215cf724225249e3dbda84bf0283d86fd38d094b8e49b806bac91004631fb552056ab10187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
476B

MD5
f7a0aa29d773a5a3a53e2ef947ba4bf8

SHA1
b4d7d0ed175f67c38a057325ee30bc0b97b8cdad

SHA256
55a2082be41a53297c3f34c9815b09c9830b78e47447d1c19ddd96538c94e4b4

SHA512
c8f2562dc067acf10b529abf8d390882b1ca2cc6929278bcf6af1188fe2276a012df024972163136cdc43199bcb61b1b560d7e12c80067cfc5326eec80194506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f42f8d13d81cf89bcfc619fb647b9296

SHA1
cb92ae259888a16ebe3dfecdbee3dc7751e02bcb

SHA256
683d6b2938f7e1e01a20c79f1855059df8dc13d08eae16931b0bb490ecc5860e

SHA512
2865fdc70ef3a0b3c3a4c6183a457f3f634ccc808fc486174462626c22273370a1ee2a3616ddec5ead8e74d29d4f34f88d53847499516495bf0b982d283f7e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
09bf93505486510d5de826d3be374c56

SHA1
a01f59fb8d4e8a5639f18c2111f0ecd08a8248a5

SHA256
ed22af9f920a8c44e50569ead92005136f5ff97cb1a1f0e68e1ff2fe6f0edb38

SHA512
c64cd43a75b493a959b5330c5e24d4c25d77cb59d4893d345705d507d908ffc525273097babc15e5116d5d816f190d483482e66c2f4843abf73534a072847f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a453e0e87b3894eefa4e1337b1663a9e

SHA1
c14072bab9585e647c6904378d1418efd1740619

SHA256
4d86cf4430f6b26244246f44eae17ff146f1927db9a620f63010a87bccbfa0d5

SHA512
342b5e74a943401791b0b5832def2962fd402fa3243bb2c9d50c4d10fa6f16a0bb0507971a83572bd41c3eb24b511a1f20988cf0ba66e61b81121063eabec3b7

Download Submit