16f24ed5b3b9d458e354c9ff46c45dc0b1896fcfa91e889dd65402ea4263cadf

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 06:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

57KB
MD5

4b9d80a7955ddc566f01b0f64c0bdff1
SHA1

42e715c4e3b3efcab0319c8d7c8b3ac13e4991cb
SHA256

9825c676111fa9d44470e6f5b61ea8d4305e8ca021a4c31ac7862253b1a4f2e3
SHA512

66ab7d08a3e1120ce9df94f5e18ac9486ac1c12383dde13329204499a8cabc076b2b363e3befab6e85e790eab846f552619b4d12d2ebf79a3688144d290529f4
SSDEEP

1536:kT12E7m2mczLYSPMb3lPp484fNofDx4mSz783cRQL:kT12SmszLYSPMkNo6783cRQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
964	msedge.exe
964	msedge.exe
4092	identity_helper.exe
4092	identity_helper.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 1920	964	msedge.exe	87
PID 964 wrote to memory of 1920	964	msedge.exe	87
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4908	964	msedge.exe	88
PID 964 wrote to memory of 4184	964	msedge.exe	89
PID 964 wrote to memory of 4184	964	msedge.exe	89
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90
PID 964 wrote to memory of 4812	964	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0a8d46f8,0x7fff0a8d4708,0x7fff0a8d4718
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6904 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9412728447983521651,1253537442149185233,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6632 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
22KB

MD5
14734a8bb0bbf70e4c2baa3d73adc7ec

SHA1
b3a16d617c95fd8da1af3215867abdd80a23a708

SHA256
56ad32c2be9235dfe4a5653351f1121c4373fb48147d91bbb9397b65d5bf0bb5

SHA512
aaed10d4b91749bda93e69b4188c93d4fc89cc9e05b4ea5bdd8363cea53a3d1904f0080f23826edf35f18fe4bdd51a86c04a5a43b7e5f5aaf1568ed17e3a0d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
8beef3e232eeca61db5685957423b156

SHA1
080ad810f7fc9f986323fb7b27a69c663f1ef686

SHA256
66396a0745aa94372f11a271f22728619c7df37341481bfe32bfe731ffed83da

SHA512
ca2f1e922e1f8cfd3381d8e926a57bb27ced07b4e91632fff0cccd9e752dcb1a4572f02bbce250e2d41f2aa2772f43a14750467f7e450bdadef64a50417b7091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
7387566d48d9a81cbdca52c1c7fbed68

SHA1
c36ccb39aba3b6c83b24b77ae56417b790fbcde9

SHA256
a6914b7d2c3b185151e86a428a15a7e129f8c0e84c23b54fd465400bb6afe58e

SHA512
2b9574fdbf44fef6fd85f7ee04f67f2e816ea366e50b76130c564aeaf219ccde9e3c83e9f6d92280904acc85effa82452662252439eaa93906797759415d7de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fa5a04adcd09dfc164bdca2335d09692

SHA1
89fc387442d1de2e7b425191fc7fa360280082c3

SHA256
231658638868fba12f4238104138bb377e52afb22bcb644754baef88a0f85896

SHA512
cea45f084c98c8f58782432c96532729531a58e052848a018975bd6efd9cbe78964e3f3074c10e92ec270154f7411d7aa3aec69246d6801e660900d013d830b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d05285e8d78b33c0bca750d978142503

SHA1
0a3b7449a9d8a9035bb8774b170d29a0bd223da4

SHA256
80a3024c5d678fd5ac2727646aeabc48e9df681eadfa1ff46d8ef06fdc963506

SHA512
242dd026f6ec9780ddc95209fda42accb841207e954439e4ce12f83740d286b920103d7e77fad8d5b68cd97fe9c0661307efce8dd219b9f046fcb02a1c232e3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7e09a4667b016f4440b9a2e7c9aa2cfc

SHA1
b0a5d714cbd1487273cf435b2b648093eaf0da82

SHA256
39f34746ba11e88aceff321e53959e4dbaf165e72bf6ef142627f798745da9d5

SHA512
354a8a5954aafd2600be9a99b5029dbbd294eca474e1c2b68adf9a88d9ef40cbed55f070c551a42b9bf9ac9d9d2957c66cb6061f22a012e068200494cc7f494c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b1878ea7af051a544201f53402e0f058

SHA1
1d0c4a6c5c3c03012961826ddc9f19f23659dd3e

SHA256
028743fac2d95300bd0e608add99d08d7f4012fdf28881992a8cd46320195ede

SHA512
294e7d4ee86b9bd5c1f95940bc0b4d1227dfc82d63055e5b9264495aedc2c983f1673a7a9c1a9c4b066da01ea5f762c848fa4abd58aaeae5f2ed67918aaf2d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
836992618e60fcab421760324d5751c5

SHA1
c79fe96f6de0e714d5cde05bce6a6fbf3a3d64b7

SHA256
5e362a185d03446481d6ab92b591d1d0d898cf19751666696726357f45ccd3fd

SHA512
151f7076cdcdabe951a120c10ac0080b27f4de9ab49eca81a5e2d9fa675b1e2d8532e6bc4c35fd01440e4f68cdd8c1f9d3558f513028bc39b20f8fee92deb708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
67520feeb096f6eb4b2577b2ad13756a

SHA1
5671c51417aca2a06f467872bd6ee6b2c79163ef

SHA256
731e8f838cb41c7685a79a89aa7fe7b37f7adafa3c84c617d534d17b76c20701

SHA512
8a6840cbac7a4cbe09de87d0f486cdab7921f35fd58dfd8cf78f6cc954c08c0b50a801ba56beab03c19973b85d2235f65efc36f6c10e4502fe640ba352cfcb15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
edecc88fe31654a14db349636afeb18f

SHA1
d4a442408cbb7cfcf1cfcd6b06014611704cc17a

SHA256
f2512191e698970a0dbdda0d886c5aafe9b7c25172c905e98789ec9dff522233

SHA512
8c87e8a49f105e7fd5049922314b39db31ef317a77582d8072370fe26684f1fa06e4a3e2845431ac6fb470ca45d5d341683e05cecb03289ca2ed614f84b9a0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
699ea6b52c3045980b0cd02b156499f9

SHA1
68d29d90aa290c7a3eede4745b24664e1bfa691b

SHA256
fc1bf36ef5ed48dd8699426c8b0e99b854b3d4b49cee5bd1abf8ad340fca428b

SHA512
9c9f10a6ab692516ede1c5183a2a5e569484634d1a50c1a15b9d69a8d0fc9ee29f79de2bd06e186ef8ca8160a5b422f159c6f23a66bf8bbf8aa4d222bffad044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de5a.TMP

Filesize
703B

MD5
ce374b0e83284b9d72a2c0b3bca6d889

SHA1
b99a59f504bcb7b16ffcdcbc4a7ca251337f8481

SHA256
5ce7e91dab688b6ba45ed54b0cf1f387bfbf03e7a5fe7e73f5c81a9fb5ef72d9

SHA512
e6f1f972f547533d43e8ea55d911f936911e61af22e483117fe7389b42bda3d74f0683660bd4f1a981bd990f9f0111d7bad7381d2dfdf3cedcdd88a1284e2b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
febbbf59817550d2b9ad07e9513ad25a

SHA1
cdf0215f8dddc6348ff95c8b5e7c96740f53f804

SHA256
4fd14f0da5eab1e760f4a63c5e78aa1bc6935909dc78db8e0895e369be4e02e6

SHA512
ee576c4599bea86c0f4d24ce83b6c648f5850e36e7fb127e6a5e7c274739ce6afe58c7726212d53d08ae2b7d16ba15a9b1c50d4db98bdc3003305d6ab5c291ad

Download Submit