923ae78ef3ace374cf0d3674376943b0cdf1747b46de74dc5c14fda16df936fa

Resubmissions

29/02/2024, 08:14

240229-j5f6rabc41 1

29/02/2024, 08:14

240229-j4ypeabe27 1

29/02/2024, 07:42

240229-jjvr1sag57 1

Analysis

max time kernel
1741s
max time network
1749s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 08:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a (2).htm
Size

1KB
MD5

fa29916f652602f11362858fc58ee874
SHA1

3e79b7c48adf7dbe39c935633d442d4826730344
SHA256

923ae78ef3ace374cf0d3674376943b0cdf1747b46de74dc5c14fda16df936fa
SHA512

902f2b5c73920a4610f898804cc53592de6bc62979ee092b0c15121cfd632c1c1b1d85ddaa3e2275d7e652fbb0a6f7d977f77456f1fcbbd3007861ed49781d6b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{5C8D0995-3A5B-4ED3-87C6-9D1E2F0BC1D5}	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 912	456	msedge.exe	114
PID 456 wrote to memory of 912	456	msedge.exe	114
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 1456	456	msedge.exe	117
PID 456 wrote to memory of 4996	456	msedge.exe	116
PID 456 wrote to memory of 4996	456	msedge.exe	116
PID 456 wrote to memory of 3092	456	msedge.exe	115
PID 456 wrote to memory of 3092	456	msedge.exe	115
PID 456 wrote to memory of 3092	456	msedge.exe	115
PID 456 wrote to memory of 3092	456	msedge.exe	115
PID 456 wrote to memory of 3092	456	msedge.exe	115
PID 456 wrote to memory of 3092	456	msedge.exe	115
PID 456 wrote to memory of 3092	456	msedge.exe	115
PID 456 wrote to memory of 3092	456	msedge.exe	115
PID 456 wrote to memory of 3092	456	msedge.exe	115

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a (2).htm
1⤵
PID:800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4840 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
1⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4916 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
1⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3408 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5400 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
1⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5400 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
1⤵
PID:3088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5880 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:1808

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\c35ad94b1d5747c18f17aaa4355a1128 /t 4968 /p 684
1⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5680 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:3336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5696 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
1⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6460 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
1⤵
PID:3020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6392 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
1⤵
PID:1104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ffd3b3c2e98,0x7ffd3b3c2ea4,0x7ffd3b3c2eb0
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2528 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2384 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2316 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4452 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4452 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4628 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4788 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4952 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5348 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3956 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5572 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5276 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4872 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4868 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5372 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3608 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=2320,i,3672226996972604788,14202736178844135430,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
d170e6affdf888468a44c9993db225bf

SHA1
6c78c818434964637f98ad9f677996c783f76465

SHA256
d41ff18b9eac9083ad5d45ad71cd32dcb5a8f1f595cd06886caf697327ff2f2c

SHA512
bac10c7643e04c42c67e5e760986ace8706171a642b9b4a8dc178ad65ad5de8cd92a7e26c5de17c34a33e9bda47fea1e552717af76f4d97546a81c51ce2e8828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
c1f610379f06764c2f2cea1c7a5de030

SHA1
df576f43eead5c9377f943aa3bb0db40c8bfe2ef

SHA256
e25832ce1aa72199828a861773742cb50e38e74edeaaa2973297fbe04713b58a

SHA512
b0c899ac3f181e1d46e1920289050cf8d05ed03008c4b5753d27cde9f26aea13dbc0a73e48ec9acd08e26c681b07d42901b3ee0b440cbbb0d32322e41e769029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
868f27c5865b3f44637cc22a7f8486dd

SHA1
30a01eb038515df266d28a28109c2dc902b35686

SHA256
4ec95607cf3158c923ebb485d6de92f264240edcf116564ae281b15fe60ba7d2

SHA512
31081951c2e8cb02f2f32918caa5064f9cdb487a8a76b9562289415b96fa5add439fa32b92db69604a0c3bdd76a5b6f354a3537f1f26fbb08b2e3751dbd4e3ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
66912986b84ff6c0b652068fb446adfb

SHA1
e1eb678bcb25abafd6dc61c9b58d3fa35b374b8f

SHA256
007b46e33ba4fd7af0933ddb037b8cf9685eeb9b299f569391c82573abb9f025

SHA512
7dee5a060bed668e203b292d8a37e434f5bec79c7bf36ee192a9a4f3c7c9e81255d89d76213b706baab5da65328ecca47ad09f10379d317c062c2fb074840f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
b9c89acb07705890f71c060bf227a53e

SHA1
e77316433d6888c2ec6a806e2a344b265a7cc3ab

SHA256
df992124a561cad6b9e0f78919cf051f1ba76ed20ea0b4b94b9eb07bda144932

SHA512
ab14220e30932ae6bf7bf4d68ae33c18e4b8b8356047292cf3aaeef9f3367590f2413bd38884e16f0af978411eeeb7067574b5843de90daf07e8e284bc3f1d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
291902536757699ea1c4efd96e2741d8

SHA1
16bc48719b3728a984ee2c2d7e2a482e2ed1ba0e

SHA256
28b4cba247b305205b78ecc6ed571781b482ed0876d4da7dbe8a79175a6b42bf

SHA512
27a16a4148fa8724c29a7321248a105953e15982e6eeffc04cb6a713e8a92496748bd47ffde402fe18009e92519a3f1be66e8d060a3fac046684d8ecd34df1b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
102KB

MD5
e9ee903f5b45074bda0aef6f0df178f2

SHA1
3afe5545524bf030fdad8fd654915ddd74c60abe

SHA256
b240b0c04427a7853e2b7617d2cd459aa50da650553a8c8336d985c517d5edcb

SHA512
8180c180a24bd68dd4d520c26088d7147d1fc5bba568ee588d001ba9d1ca26a9d261421880bb848ecc5d661bf46e0475e19752e70f0eafcb7a9af80820b44bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
92KB

MD5
aee82eae13ba5f68abcdf65bb2a9d355

SHA1
36acddaf57f274067d0c387a190d5063e9239474

SHA256
993c90e2ce64ee5248fc8cc6880d60788de1a2fb7a81a4abccb60773b4c5173b

SHA512
832aa6bf9190089c2e0133e61f6768cbdc47a8de9a2092c3436fc8145abfe6ee6b23936664b0c65ab963f37c6241404255e5bf0ba02e1ea420d3b37052c3f950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
d41e0548df2aa3df01d6d3ad7f7b9f8a

SHA1
741d132eaa37c1574c731773e917e0d696439e9d

SHA256
4db400c7fda71e85c3d7297c1d5de175f82d74f7ed96ce0b3583be8efd42c119

SHA512
61a1e8bd7362d36a6cec6c0401f2c15f4ab90dfea15208b3e3e9f91da9f40fae6795c351fb690dc8c75a7865c0a46d9aa18f530a409b7368023c88c549db02cf

Download Submit