fb0b3194e70492f613552522a48b7abe7a4878080559a42370ec38f6e05e11f8

Analysis

max time kernel
140s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9c7e4ef7a6143e0feb7894afad58ee0.html
Size

76KB
MD5

b9c7e4ef7a6143e0feb7894afad58ee0
SHA1

2f4e578d01d92bedc2e9d53c56b2217fd4e5b496
SHA256

fb0b3194e70492f613552522a48b7abe7a4878080559a42370ec38f6e05e11f8
SHA512

f93934b408e4a36098568d5b6d08af0cf31aba625a0e60b22099db977daeb985cbef6c6a0bec1a912f022526f4a936c54f2e10199df02b183d723e7717e4e8cb
SSDEEP

1536:2RTSjwNuSRlgblu9FDRcIIuwRGkIbvU0ck:2Rcbs9Ms

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{85182167-1F00-40DB-BDE5-D7E75E8A4B4D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 1316	1160	msedge.exe	86
PID 1160 wrote to memory of 1316	1160	msedge.exe	86
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 1452	1160	msedge.exe	87
PID 1160 wrote to memory of 4836	1160	msedge.exe	88
PID 1160 wrote to memory of 4836	1160	msedge.exe	88
PID 1160 wrote to memory of 3268	1160	msedge.exe	89
PID 1160 wrote to memory of 3268	1160	msedge.exe	89
PID 1160 wrote to memory of 3268	1160	msedge.exe	89
PID 1160 wrote to memory of 3268	1160	msedge.exe	89
PID 1160 wrote to memory of 3268	1160	msedge.exe	89
PID 1160 wrote to memory of 3268	1160	msedge.exe	89
PID 1160 wrote to memory of 3268	1160	msedge.exe	89
PID 1160 wrote to memory of 3268	1160	msedge.exe	89
PID 1160 wrote to memory of 3268	1160	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b9c7e4ef7a6143e0feb7894afad58ee0.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x2c4,0x2c8,0x2cc,0x2c0,0x2d4,0x7ffe51082e98,0x7ffe51082ea4,0x7ffe51082eb0
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2332 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2392 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2704 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3388 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3576 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3868 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5380 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5528 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4236 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3648 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3372 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3596 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5960 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6448 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6448 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=120 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=6076 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6200 --field-trial-handle=2336,i,18260370164128483876,6783217298101890848,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
6bc7b83e008ac944cfac50555f56edd4

SHA1
93798803725ba38ba4e4c6c1c37e1dad887320c6

SHA256
51a524b6c5989c12fd42ae6311f5075fb4c8dfd28012f4418e27a1a4687a2fb2

SHA512
ed7f79cb392182e47cf1b29c77a07be512d2d3f70b35ee8bde2a576302040dce4c173cdf76f4108acc3e2c2afa88152b6b80c61fe6be15743ce201890728b093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
489c2f7bc0cbabc82d71177abcd193c1

SHA1
1793093c4174eeec812e9e5aa54da8ed66e5dea4

SHA256
a857a74544890e355f1c0a3d61a687a8099cc1a0487b5c94c30a8e65e596447b

SHA512
f9f87d4cea8048d8562de8a668e29cd3e4bb925781509326a546d4329b20509813ee6888d063f65f1e5d4e62e6c4f960183e5ae46072def9095a9f6c57172f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
b26c03a82a5747103bd8ba1d40cf379f

SHA1
d95956593da23ec43a63d6698d9a33e0ab2df2e4

SHA256
94af6b3dca36c67bac4ecfd89068781be246927c5dff23d9a0e6c07d780c51a2

SHA512
0ca0cdb29146938e53dd58ab79adb1da4733c7654a7f710a593222017b98adbed729ad981caf492828ab3aa9aa1d9650ae6a2792a92270d10b8e61ee4c75d675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
e80a802eb883de1d312be997996f6571

SHA1
a17dda9f427072d43d06a2bb173c64f8eb33a858

SHA256
b39a3af8e4066eb95f219dcf50e9ca938e26480b13b7697d63e5e9f86cc759a5

SHA512
2a2fff5ed1d5efaf69975d020b6877f4c5a93b5f16348fe17fa10584c93a09af985d8e352199b925664592e775680e210eebdff2af6c403382595bfd3de7f9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\9a47c7df-a68c-4e75-a853-64a22020e226.tmp

Filesize
1KB

MD5
99f3ccc98afe7e8c99ee699442a554f6

SHA1
b33461f2a0d32e6fc1723c5630f7a23e74cf9d8d

SHA256
9f7d8aa6d39e5e19933ecbaea7f06532d689b3b26f54b10aa2a3cb678ca19dd2

SHA512
7354d86bc3ea8d067bfd92eef19088e969c4c5f0f552d6661e5e392597a737a8b3f0ebba3057a5b76b8cdadc4000ef54022784c8f45a7be114b9e3df93ec7ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1defaace032888aeb03078fe6174cfbd

SHA1
0f25022e4b230606c3cfcf6c41ca1c0ec052945d

SHA256
f2950d4a1a4ae9d48ff5e1a743de440d3f275080e417fbb089f88acabb6cb114

SHA512
90cd4b3301f7a9a195646e39878ba3e584219dce676f3afca144fc3b97f927e3fe8074a23edc8ce9e5b3f7ee1671093d52a733d7003fdecebd6e6c8844719ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
441c43895e15147636ebe7a7f58bad5a

SHA1
e33f9ecf5af37f882f27280cf21726809272f3f8

SHA256
d462b0a7c7e4ffe56cc7b2aa3219035c8aaa87d2cedb50f60c2d8dc09b566fa6

SHA512
41804fa309c46c4872167b2ad3803efc27d913006280ad3365882d38a90266fa2c55748b36952d1934a8c1fec6fe0af826980fab325d0cd5f6ed7c320c021762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a1af185e2ac429900a9a283ac4b1dbb6

SHA1
4b300cfe52f8bb7a2c0d384a322601af9cc003e8

SHA256
666469aab92880d9688a6ef2f323043acc35d983e5c68dbeed6a7cb0a5fd582b

SHA512
d4aec7a690124fdda2a46335b04c23741b040d315807384b28dba3d89ffbc6322cd10d9d09bdd0469256d9e3c9648ff962ec7231e34fde9fb6ff754ce6ead04e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f940bdcd695018cfe40e5a316d1c58a9

SHA1
2ea68d7e0396adc38571718df1cb5a76efa75788

SHA256
41d03ec014bd5a2ab6319c5b12f372db565c7fe85e38160e28793d6b26ac22ac

SHA512
3e8810ec2e00dc19b1260bbfc1f0d30bf71904bbab94ff08ce2616abab728db88820062b3b1f23f03225a33eac358c4f74bfe406bf1b27054b55ca81d41f0831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce95d835dd8efea4caae504b811a0317

SHA1
b5f3205d42d0f5d6c6d3bb859656496ba73e84eb

SHA256
3616e090d646d5cc6be4f6e39d839f1679c020e9d1a178f1d266bf4d2b6a7f32

SHA512
8e5a8c838c8e969261fbc094cffc249ffd9b4df2e3dc88a686794af08f46339f8c919c803c2effa6739ba22998c6bf3ef90ca087f32dd0c8964975c4e22802df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4819e5b923d62b2b9787acc312e65203

SHA1
933ce1180d94196a64d929f3dd7fc2b555f318f9

SHA256
9b61a4ba6cdbc5e2037f41b142d1f967ddc80dfe613775992983a8190fd8bb94

SHA512
a91365d71046a8a3464d5d7eca3e64b13a3a5c9bfeeba6c4e0fdc8a22fc90a2cb9f4f189cd10e45d111a797e414fa9b770d41b6e38452874a493b9f7e67481d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
73034f76b78819c9807a9f36f62e4553

SHA1
85ee39a6f9fd5dc3c469b3f4315193bb3acd4dca

SHA256
afa31600162fcd340eae4e3b3cdc4cc827e3f7ef1c5643b6d9c9ede9292bc333

SHA512
547b9fb1a6a233ba546a84bff433fbdeebb988fc0e3d4fb554920f249f46bdd48618b4340196ff753650b9ceed917b5830c11ac00be2988a652e048986ed9b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3624ca4be0d4680b65f8f6cc432fa52a

SHA1
bcb6fd10c7a618cf54a93611bf4aea9461d647bb

SHA256
95690abd4a20f1b223b7f1e16beaf421080727c0654c93d563342da02d275e87

SHA512
f95852df4d9b5d4eb1c353857ac82b7893c66226f92bf9d2879ba9e6f0ca48c63d9b8d604a0cefdd5d3c59d9885e35d4e059d8998fee6155b56db591fcb1d268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
48f8e34317629811f777eb7cca071772

SHA1
884452996c998553eaf6a25640f46c66e91074e8

SHA256
7e61ca631a97884d2f0952ede82bc31b6855a8d1a82216d96b8f35f910dfcd37

SHA512
be40c259103d778cf1bb5201f595d5822363dc8b7c05102c1578e59f6f50c7d4208218d7690fb7d9e8e16964b34aa1d301af71445f23ae61b2c4ff0098d0e015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fca16fc49a33794c61519caa911fb2a0

SHA1
d86edebc108b89833bd27ca5a7f960ce47999db2

SHA256
1e1f6f88d7501623cfdb5670e60a5a807606f406d48969c281d832d7f1467a29

SHA512
5ee7403657b40b5b0802e3290af13f2817c30d5399ab9755ca3ccc45e9cd63810ed2ee574a5da586e1b59cd84a24ddcca5f8a1a8a3be2cf775935183642401a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7e41cd93e2f35d2444cb57cb08a77ffb

SHA1
889658f65e58b4daba676a373d9df613efe78a36

SHA256
62eb10ed6896b4b87a85d70e626e3ef02521bc01f673b54f77f19b1552628092

SHA512
67de6108774fa910ab3b83145d975f7f47c8caadf6f5cc3f49f4e28d77cefa7770ac9a4201cede2246ef0bfcd8b24bb9f28abe9abee67d71dac7722906dc266b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
40d28f29e5193c56c6f03e92f619ce9c

SHA1
3d42523aa92c5072638808b8e834ce21bf2efa97

SHA256
2fa2b8ae7b719fb7d64c5e7316547ad74db0f77cbd7a509d054dd58f0ed6fb05

SHA512
f704997c8501b1b649d4ba219cb46847cf4bc566fe14a03356a65c725c143ae5d6a7ddd97c7aeb8f845517dc328ead7ca5da4bffee4e3297cd0ee216119c51b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
31KB

MD5
a22c37241d623b28596b47fa00b49d4a

SHA1
9285d57b879951cf3282dbb8b53ad20db61968ca

SHA256
1b3b11bf8e1e5fc4ab73c7f978ba0ac752ccb6583698c424502ef19d44ed0cc9

SHA512
8689420921c841a78b7459a594c171a6fd26557ca348df7a7642bc36b484995ff40069e8e38943cbba81a2f6ad83b51f60b4a562190e5ebcd758d45fd0567dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
31KB

MD5
1b70ff94474853bc1bc8b3a3c745e86d

SHA1
23a828e06efa5d9fbbb4c9f61f1ec4c1eca12453

SHA256
5144124de949ec1e0a20d31317f3159cd829d7d19d70068082edc27f9c044f09

SHA512
6e2ef340c01cce1b81f7d42db7255f9a3495aeb00483500e49cdf8f8af0704684fa8883e9accb71a81d3d9213cc2b1eac2f191575b37f084f79a66f96af2f7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
cb0450dbc8032ab4416b2af84fec86f8

SHA1
80c3db5c14deed639aa0cd8813590c98eb20e03a

SHA256
d20ab5708783b722459adbe55cffe631fd3f64c229eb4d5e22821a23b0510bfe

SHA512
ea83e9528433137b25bb4f69f1155632539407a05a56ad5038524b90a78f3add4a4aff53e2a187313a90f2a3852e0c394b0ffb536445b785b2597807da9412ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
d6700cbfcce27cbab0e00826054709a4

SHA1
eada0d3e38e2877310544fcfa9f464eb402a2a2c

SHA256
02a95a9b90230c67308fafe86f897046a4b88ad3bf5fdca9c950bdc24e94f476

SHA512
697948b5121de030f8958a9e84b0f16231f10e7233cdcdfb710f33fe1a00bb0afb917084db7a3527a50bf4e4c652c38c124fdd6de0a10bdda2f064aafd75a961

Download Submit