ad851ab3fc73e639d679fa596779851eeafddf052f70724483c88e64e8f6d28f

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 23:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b5edda5ddb2c5fe42df8a6e19f9851ae.html
Size

126KB
MD5

b5edda5ddb2c5fe42df8a6e19f9851ae
SHA1

26712b094f7b260c715b8887ef56abf598024cff
SHA256

ad851ab3fc73e639d679fa596779851eeafddf052f70724483c88e64e8f6d28f
SHA512

0d58c4d294632b54dff4415d6c8bb2daa93819846bddf34f1e9bae85d187f29912651f1dea7625f5341e35b1e3e01cac592a455667bf4c9583db36a17bc9a6eb
SSDEEP

3072:1BunptrLcfu37p3/MsUrAVKcosloYD2oIrZHF99:1BunptrLcfu37p3kES

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4252	msedge.exe
4252	msedge.exe
6068	identity_helper.exe
6068	identity_helper.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 2372	4252	msedge.exe	88
PID 4252 wrote to memory of 2372	4252	msedge.exe	88
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4656	4252	msedge.exe	89
PID 4252 wrote to memory of 4652	4252	msedge.exe	90
PID 4252 wrote to memory of 4652	4252	msedge.exe	90
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91
PID 4252 wrote to memory of 4736	4252	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b5edda5ddb2c5fe42df8a6e19f9851ae.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb2d246f8,0x7ffbb2d24708,0x7ffbb2d24718
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,5998761610299090677,11756469499608712940,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b492442ca2611ecdb14f3c5e8c1cb417

SHA1
4edc5f1643497a3ba9218bd783315ede5cdeb953

SHA256
de7592991ef8abfaffb2f58d85baa64397e193dd0e455249e0dca06c9bf5b261

SHA512
199a3c561c78361022f46258f4d5d78b64a7017a3cbe5e027ccf09d3716b3afed7e1299e4b331cd04cec7205f0f6a016d790bddff04177800eeab784fd2ab978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3e03a9142dea21aee8a9a7c599e4654d

SHA1
ecbd894889212a577a28779aa05c7acf8752cb36

SHA256
8be81cf63cb3c528505ad12685e982b1e8b9473e2bb7f68936730312304107da

SHA512
4381cab642b3d20249f45a76c200aa38b845f63137d7d84128082939424fa784802bd279167f97f3ce3de417b665642e90ecf8e809a4a01a5d8272f01d2a2173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
91290ab3aea0b1a2d3c81e88004119e6

SHA1
293a9296f20c0191751ee975fea2101a0184effa

SHA256
6397601cb9b5e4afd909b923811237548f0bd524af1958a2af59c763d96d2215

SHA512
8536cd10845db4c1270ad8df4858015dde59d23f25ce8c092e14922108ad85abd56a74f1f4a2586e98c2419e0ba0b9252bee51e79d0f859f8bbc484b9bc4f1dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1e6e6ae0a5dea3e4b09977cc0ceb703d

SHA1
e32560ad19d9357860f3b356c8f2ed8c89e42619

SHA256
fbe054cdea9e431f345506e2c0c0d6a189e949be650a55ef7e0e191de8f22bba

SHA512
e9f4c75ad3efab6e4b0c8f55523914ec307fb002d6437e8d8ad4dfdd3b6ea49118b57a18472a1f50d39b101ac1c8279535da0ee5b1cc5a1caa1e01f371df4efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9ab5b05e12d86ca0421933bf95d4d379

SHA1
99511225f361ce88849ac376713f1af8bc8b828d

SHA256
79986c59b68d6f16849ad0aa8e5871c35592b9190474ba6c0691e14b30ac7540

SHA512
d90b879c751269c060eb8454bb317fa428e02bac3cf131116cb06dae260ecef09ffcf6abfdb9489fe4c14f07e9bb4fe5fc9538522f93ca71557be5dfb8d9a0d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6e8d3267460001cf1ea658b710812a6

SHA1
7dde9178149c5e2a46d7d42b4ee1b4151ab2c681

SHA256
8fe8f90b95e3578bfc3a0212b9d4f80e39adda95c9aef6762f9c98514005cf4d

SHA512
168a61afc82885fcdb266d65ab948c64955a96f0c31f4a24b1e33ba9d0b05bc0e731f0ce01fe121ed46e057d79bffa968912d0633afbfb24f97fb1bdbce34401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3c72cc9b547068387c0119b65308b87d

SHA1
b9494d91ef506cdceda1c6bfe8164588b6b826bc

SHA256
983a58d58555ccf7f7f09d1a1c2961f60b842dcbaed04487e5ccf706bb4919ed

SHA512
ee643f50130eaa23081a3d001355c9a19e5b190def569a707d32033ed9c06ad5ec0c180fe8f377f29898be6091256477cf1e0951b2144d36446bf3467ae132dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
751f7b2273e5a065329896fe1cbf32d1

SHA1
bcd8a50fddd08b876cd840d2ca8ebb7ce131f128

SHA256
8b52ebd6ae4d066962a25877777d7cfaa93d4fb831a0aaa32c125afaf9371ef1

SHA512
1d3f1f63983333848dac26efbf8c52bb47141db2efb4602cd5c57f97a223234e4a8fd6dd0da762d356164a0f47ec633070ec9f8a370f15e6e60419d9922e3249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584c37.TMP

Filesize
203B

MD5
83ce36ad805e9797e84b8f41fefbf730

SHA1
aa9f879d766affd73253c841f8543891c0b83fce

SHA256
89f68348b9814039e3854a324d5ce902786b87909f64c92082cc1bfd39695552

SHA512
90c20816e8c650208e50cd8a305161b81aced177f45a5d6595425f35621642cf8d1d118589f7f75aafa84569d6b0b0ae362f5524ded3ffa04b8ca678f349a832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b7ed45464610e818745cbc508b4f7a09

SHA1
1369a8ec9e5c5a7a24e491fc3ecaf854ce1e25cd

SHA256
fd58a9a5cc9bdb0e3a463a2fc7eb3ff1665104e9319aebe66d2fc92ff854f316

SHA512
771edac0208c420d9c776cad1030fd565f61a154f52b1e4926e1150189bbcb6b6f69d95f20f657215cce598ccb727b49a35125e687326a986b17b7e464940637

Download Submit