4e3a761416f9c865f53b45b96b02105770ffdc3c6a40bb3585c22e912fd60538

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2690ac977feaf1f2d0c853b8186f5f5.html
Size

173KB
MD5

a2690ac977feaf1f2d0c853b8186f5f5
SHA1

7bdbc712d5efa4efabbebd484b3ad18124e51651
SHA256

4e3a761416f9c865f53b45b96b02105770ffdc3c6a40bb3585c22e912fd60538
SHA512

2eeb31b9dbb16bffbda5edd5237e772a4ab7cfc46fa6e691b3cf54744c9dfa5dc910e518d99ae97c0e6c1b4a4eeb3270990d182787bacbe2ebfa47249c71a33a
SSDEEP

3072:jFqSF3zKUP13G4k5QhLpOatVFEsHEAcHVEo/9n1V7wM7uuljcV22wOoS/0Ib+b+g:ZzL3G4k5QhL8atV8lcx22wOoS/0Ib+bR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe
1968	msedge.exe
1968	msedge.exe
4644	identity_helper.exe
4644	identity_helper.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 3220	1968	msedge.exe	83
PID 1968 wrote to memory of 3220	1968	msedge.exe	83
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 1404	1968	msedge.exe	87
PID 1968 wrote to memory of 2816	1968	msedge.exe	88
PID 1968 wrote to memory of 2816	1968	msedge.exe	88
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89
PID 1968 wrote to memory of 3288	1968	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2690ac977feaf1f2d0c853b8186f5f5.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd11b46f8,0x7ffcd11b4708,0x7ffcd11b4718
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6109109598777706501,16491463575706713605,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
360dd5debf8bf7b89c4d88d29e38446c

SHA1
65afff8c78aeb12c577a523cb77cd58d401b0f82

SHA256
3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef

SHA512
0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fbbaffc5a50295d007ab405b0885ab5

SHA1
518e87df81db1dded184c3e4e3f129cca15baba1

SHA256
b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6

SHA512
011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
21KB

MD5
d665d41e652d713020dccf0a25a7171a

SHA1
d3a4ac6b1f17825c105958e3590cad5e4e7e3a2c

SHA256
1af1748db5992e49dca425c2a4978e33860ac81a80ca24e08fd9a6556598f8e4

SHA512
5102ad0f2eecfbcba57acf1d51adfc08746785fc68580aefce8e04005faeafecdee4c1460ef7f62d775f8c9fe06afc41c60b768c41b5f7b0315acd45d5995d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
44KB

MD5
15d236690ae6ed6285bc3260340703be

SHA1
3b8475145f5f25c9b6b93a260b30ada4a4279b76

SHA256
bf521348d31946bb4e6d31c338e6efa0961ee907f4f871b1e9781a849dafa792

SHA512
2eca25be9587131ba4e4e4fed86283dbab3f959299d79db056619da072788c6480e5244095de5c84a58c40bf1f5b7bc808ec94c84fd7dca99464eba4f511bbd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
edc802cf233a8fc5bf932859d162decd

SHA1
56363d6c098c6f73a830e9ebb8662814bf92a953

SHA256
676b750c3119a98fb99770f3b3ad1c39a996076f7ed82cef77c1f7deed9e406f

SHA512
4e8e4e81822a6c55c540e05ebb9901d7e80d9d1a3527b8a77cca76f988db9a9ca5782e4dedba90a664b2820d54f6c1b38087906eb2dcd530df5e37ef8bfabfa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
478eea9a63b97ba64fe5f6b07d607fdf

SHA1
6a7459924bb40598f6e619615f541f26a0c09e0f

SHA256
879a0943e9a64c374e513dbc6d531ca22b759005afd7d95c28cbb96496e4db98

SHA512
f88dbdfc41cc96240d651559fbcb98928cf382884e211d31ff762148b59a972788a8b30feb65506812853cddacf6534f14fdaca9cdd149e2629fd423c3a01cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c4054449fdd3a164097d0965ae391c39

SHA1
60614d10ccc2f4f9e50b4ec094c353033265e30b

SHA256
bd6e03baa12674cb3936fa5411c9d424804642ac2e930d53ac2bf6145cbd5925

SHA512
11dfac4db2adf8fcf09be53f500e1dc3792c282daa8a4e36ad0231699078ea7034a85e5f890608b34777b3ca73c162785e31a18795974b50c8dc2a030474c83e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e4fa56f9191712b80348b8f5900890f5

SHA1
0359baa91a59eda50df086bb3327717273699824

SHA256
00d04275db235e97ed9cf009dee8ba022896ff98ae6dd0d3e3c017c3477ccd48

SHA512
ed7f8773596b1373a579b37eebd0750771efdb3d8a8a0bcc1f2e6fb2464c4e94beb4e5eea6022dc0bfdb1724c4beda72b360dd7197486fc18886edbc40c1e1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14771670a30a52080f20f8d6f0b03048

SHA1
0a58ae77b14f9d4926f82460d79105671d959cc2

SHA256
4d40feedbd8fbc860b9052e8750281d812f5d9b9dc1b3adc1cb02b4bac5cc5a3

SHA512
637fee4178a871448c9dd7e2e5702f149c0410e20da88a9f4cc485ec58edaf9e77e420495c5900b79cf4e484e1265e8e14e05155815b59341a634c3fcc691eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
deab4504402fd084c752a3c9622eedef

SHA1
275c5976a3a5d3c2d0d24fc94cc5d328cfed78d1

SHA256
f64cc313f89ab2ef088b35779a9fc3bf5071249cd5f8b92d3ee89e3f07784e60

SHA512
83b7cb55493381a543c2be33d1ab19f1fb2fefeb6edc1b9230be6f8b672a90fd7e35dbb1205ccb1f205fe75ee0639760729c0f93b397e4a7df970976952f8deb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
baef5fc41d591ab9218bc052889a7bbd

SHA1
fef3fb28f06bccc97d3e3ca62d971dad36388038

SHA256
72d6abc24deb52c54df6fb933967b3bcf8556043353079345861c038e9e535cf

SHA512
cfcb428eaad33b9cb973c259ebe650b24cf8b4004f245620faea828428be0dc18775ec4e34a063f2b0c7cbcfef8c5845f23ae41de9daa786cf73b8591519c7c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c37a146c4d2716eebb7cb2e0ecb13d08

SHA1
a89899c090b5275f57ec14357cf0d200f48b20bf

SHA256
07dd17a99c6eaae6db7b99a7431fc6eb4c80065f0e05741c3444a86db444e1ae

SHA512
e1c3bafad070f860a35afd4f7aa3ce67135295f457386df0223c1e483e45eda028d7b084b75e712c6734a05e2faf7a15e9eb4973eec7e92b63d190a096bab19c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e1795e34ddf2cdf601d1263dc602d336

SHA1
1f15c885cef654c7d9dcc8a23c7d4b49a74ccb0f

SHA256
589ff778b916cb5d256f57131148084db0c76a10d39779cecf5a1b4f81bf500f

SHA512
fc7b98e3ccc539b9d84e6f7314650455251a5800d0582c9d0494d3c1eb46b70b79e842bd64a113f80898f8ded9395b9a1b3f9c8948a988d4cafb20e7b4c11122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3355645c21cb5bcadf15fc43416762fe

SHA1
84c1e027ea9df6452e572c1fd18f6f31eca1184a

SHA256
a955cdf867c643b9d78013b0bb8b91f7ce513f448578a8884a7de0cb740754d4

SHA512
5e99a5d88339dc6e0108a4278f6410de365b31dc9c5199771a17c24386f054e44dfdcd54a860ad1a64a866b36fbf8f80a3c0c56e061b421b46ec7811a8ca0269

Download Submit