45e8c5fa8482be691b1a89fb8fa90fc8272124dcb611467ebb469266c0f419d1

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9bbf9c916b7e640398d68843a578a19.html
Size

432B
MD5

a9bbf9c916b7e640398d68843a578a19
SHA1

5f7f405c2c53177c687273473b1504d95e7ad5bc
SHA256

45e8c5fa8482be691b1a89fb8fa90fc8272124dcb611467ebb469266c0f419d1
SHA512

c4de395f69b5112d41972978af4a1d40a9ecae5d191f879b80d6754849f18f26e67c8317e5de738f9e11dabac30559a545afc36548d30331d0cfd1c4b51e1d4b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3920	msedge.exe
3920	msedge.exe
908	msedge.exe
908	msedge.exe
3540	identity_helper.exe
3540	identity_helper.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 964	908	msedge.exe	50
PID 908 wrote to memory of 964	908	msedge.exe	50
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 2616	908	msedge.exe	88
PID 908 wrote to memory of 3920	908	msedge.exe	87
PID 908 wrote to memory of 3920	908	msedge.exe	87
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89
PID 908 wrote to memory of 3488	908	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a9bbf9c916b7e640398d68843a578a19.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaee9146f8,0x7ffaee914708,0x7ffaee914718
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=184 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10178836260680082583,16790225417738959822,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d190a916af3c2b980e2bfb3ffe4f2515

SHA1
1c54b9ca91bc4d053cb600ff3d4aa77e640dcf09

SHA256
f34e21976aeffd585db795a4fc16498db97dbc114385af432f75a609d53c2801

SHA512
7e979d5e268482d25ba113557adf4d64fbec031347f3364c3424f45f8be5d591681e550f8f5426ee227a1f878951ae3b63c3279f977505682830717cdba50027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3e773f2bed386d5c2e2eeda5c2bb9710

SHA1
fd5a4c7559d141da9f86a3a0f1ac55646d34b98d

SHA256
a9bbb943c95eb63d563d10c49cbed0480ff86bb6cbea81a1654cbcd9fea5e469

SHA512
30031f2876d0e7e7812a947d55843921f13521f84c0976287cf7cd9abedd0d714e9f3b79a752a112315170c24b5d1ec90f5250f12325ff08ad6fe58c418633c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31c85fe837afaefc17597085040cd572

SHA1
54082b4bb8220011eb342da6b7fa656b4e964560

SHA256
34dfec0a5aaeca98f6be5b50032ab3826c7d0b130723b73afc2698ae040e4b96

SHA512
c63105525ad9a63ba38b65531ae8067b77f4f775105f71dd90263d7a716bef125959f7b3322b7a56b690cb010df9029d0558d35fa34105c9311e02d8ae479390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f965172d2f57aad2d0f4b818868042d6

SHA1
f6a649b0a1b94800f576d77609ea177fcab6b207

SHA256
e8294077c4d205a73281155bf3e121b9546f30054de74c9045e1ec4864eba476

SHA512
04de6f73201b37b333b3a92c8fdbb75585ef91ca476388198223a1417b693533657c9ae0f6673b109820cbc9b3e05d04b714b27d0adc4e5c8742018c094104c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f48fb82b753b7da21ad144631cabc81a

SHA1
8a398b27ba556923cfe54ee88ff5f94e0e34903b

SHA256
3246005bb28bb4147294ba2ac8b9fe7342b4a1033c1bfe1964ce32a3e8640732

SHA512
f7e533c2c743181e0b18bc872e8f1d3256bf3280e96478f93fb10cd177dcdb5fdeae7c253b8e731a0bb080692f3e402ae97fb9bacc7bc33c48b3ece9cd1eaaa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8c0a23a5c160088adb64278ac4ef0a19

SHA1
f6aa939223bb55ad5351c0b69699c7881a668f8a

SHA256
03f659b555dca646f2b255a739004553be42feb777d91b0de124047b9b9bd3e5

SHA512
479f2f1cd86e590f8eae190f9f95d48bc0b16a5ac3749406322cd6d8db85e5bb541fbe6497d08a4deef0da92d53929165fe9b39682377adac6afb7bf2ad644bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c2a4.TMP

Filesize
48B

MD5
9dd866f0f41a48e4a3ffdf1197b303d5

SHA1
57cecffa485f900013afa1df4f538be331e82e57

SHA256
ad04d2f372aac6b07f739e63ffe5e6ed453ae4434382857df698a35f3e63d5e8

SHA512
1db2ac787ca864c5679de78f6d879971390ee770c8d706af1b39ac13c85672b17fdb5cb35e8855bf1bbc8aeb69db3b6de62668bc6f3ab588ffa34aaeb955c06a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8d720395d2d1bd8ddeb96bd4aab30c1e

SHA1
8167770ed608b0093152857944c1da23c12d00a2

SHA256
759f796b95edad0271f8df3a060ad7a3a10af06fda80bf63cde89c9835d9e0a1

SHA512
05b602a48fdcfd831f6ac56a0bba1c0b71259f96c9923a0947b207ae4d471c1ed80396e49aa47218db373ae37d7fad0cd73bf7d17271b8a0ba2818cd17e0a6e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
631142b19a4b71ec51d3fee6809f67b5

SHA1
f2774607b85289039510a913de6aee01c22139fb

SHA256
61e4df2a040c5a93f70bd22676e8a7685e45af34ab88e4a2a805aaf8129f4378

SHA512
8b6a109a51150f39e00d9df6805496927721a92ac588a272adccdf8458609622b787834d23c289aab0e480eec7206cc1c832a731b566d16cbff46a06e0316816

Download Submit