3ebf04e395911c8fc3c14b2a5fd375204924c6f6e257e4e0cba1bd8aa89b11db

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad96d5ff6311c59eb6da27847e571889.html
Size

90KB
MD5

ad96d5ff6311c59eb6da27847e571889
SHA1

c7085b3e3f2f7d7cb55180eddbffcdb4eedb83e5
SHA256

3ebf04e395911c8fc3c14b2a5fd375204924c6f6e257e4e0cba1bd8aa89b11db
SHA512

ecf413b0180538ccbe9f0df9d3f84a52d6956d6a9a1b62e6e41a6aa65a871f6ea532baf1bb160856c16f4b927d567086440c0a8a84046b9bad905c661fbb6f27
SSDEEP

1536:/TMSDymU4npHT9b4AODBQNB+3ZGtB3r4QPXEApsmxs1v/WF4TfCYj3AfmoXRzqeM:LMYGupHT9J4QNQJGtB3r4QPXEAp5xs17

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2188	msedge.exe
2188	msedge.exe
4108	msedge.exe
4108	msedge.exe
4232	identity_helper.exe
4232	identity_helper.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 2356	4108	msedge.exe	42
PID 4108 wrote to memory of 2356	4108	msedge.exe	42
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 3560	4108	msedge.exe	89
PID 4108 wrote to memory of 2188	4108	msedge.exe	88
PID 4108 wrote to memory of 2188	4108	msedge.exe	88
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90
PID 4108 wrote to memory of 3488	4108	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ad96d5ff6311c59eb6da27847e571889.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa122f46f8,0x7ffa122f4708,0x7ffa122f4718
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7682616450460405048,8046574127033168313,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4268 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
50bdcd1bdf2164aa68bc94697b7bb561

SHA1
0c51579c09ecc52206afae60609a785067ac7b41

SHA256
9a760c5fd2faa41689af17ce41139e7aca4c9d6f91a22a07a1af242c29e4b3d5

SHA512
54e22caadff2869cda544671d017663260b0425b8fed7fe1ad44c34605aed911909d92f31ae77a04e200c2491664667299ff41767251d2f3397bb09982ebaff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
009a468e7ac4229256c214a2d71df6ab

SHA1
bf150cbeacf65c2944a8c440d776eb00e70f79ed

SHA256
3693d9a7abd6414122a98683f3d1fa818ec6c1f2f4a25f0b2b21bca21e281175

SHA512
615df9c1f6f718048c3eec844d555702a37fa508f4c6d2bad888eb3aa128700c15d69ade2434b6a69d5d264cbcf52c2c1025e027b76dd58a83cd52c32060423c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a230c85c82ff0eab58f3cdb5631c269

SHA1
ec4c878994d258a256e5f4b69a181a6ffa216e39

SHA256
91ee075cb4e93995af34c05dfdbe1a315466c52887bcb5826bab23c4289d9064

SHA512
544322b13aab75caf3052cd966ae21388e8a19430afe725774e23fa2f14581b579202249d7c991286725ded2948cf9ea29f163854d78fef1ea67cdcbb7f1d5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7a54a46d4e1b224436926e090579424c

SHA1
c866674afaf3e360e0ae43957e7055510654e8e1

SHA256
e00bc966d40f20e71b2f7e84e42e3f562f32697c9f4e519c9a0f180faa67888d

SHA512
debbb9f8b6760b34d592edf7d7300d41bd5a216f3a5ad51e31c1d79d2068222d710dd2cfd1602a46ada2646639575e2fb912ebb04fa764ad192bba5299fdb243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6f191750700858ff48c6c5aef081dd7e

SHA1
7cffe2b4f3da8b76bfab3e4751dd224d7318c2f9

SHA256
2c473fbec7f8cb42af5c9ccb39647ec4830a4d3766d8d18e2c490a805b1bc940

SHA512
11e193351729133c4a651c1daae6d9a526536c57d73058bfbdde1ec81379dce6ba0e58bf51f72cae72843eee2aecd23eafe305e0d41f089cf66c08d19b9be18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
af14443c9e2b464df4109e9262c3dcbd

SHA1
9ebe4209a2576ac38ccd10a60a6b8e36c6e78ff9

SHA256
78088aa7135402f7bebd08a2f70fe751e6d65b39df2daad200d0f67af614ea49

SHA512
170bd5b46bcf1d8be3d07ad233a9839d7e8d47b398f1c6b6b28d16f9f47f670a9eaf14af3fdab41600b90a9ad5d66aae52a1bc9ad991e9e98ac45b5bed7d93a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5202789874e04b65efa937b529f6ce9c

SHA1
bc11d1bec00781cb2078e4e7fb5f07cb8f9db86d

SHA256
c8a3273cc70831c28de46c8924b66ad926ba019fdd53569f891cf2d1547acab2

SHA512
4885cb108a06a16055f9be36cd839374ffa125700c27f4ebbac56e660e11b89c4549c81d4879af6eabf515feb30fcc7cb463f99a08360f4826b77c761fd83aa5

Download Submit