9c788af3829252c97e4bd4d4b7a8753675dd296fc69aba63133c5314e287ee09

Analysis

max time kernel
155s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-03-2024 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc8e1756051d4416c28cc8fbf40c025b.html
Size

14KB
MD5

bc8e1756051d4416c28cc8fbf40c025b
SHA1

bc718053647003ba2f903cdb4319ad7707597610
SHA256

9c788af3829252c97e4bd4d4b7a8753675dd296fc69aba63133c5314e287ee09
SHA512

c888e3f4a31019992ebcc93ee9c44946e97f0ef934f067202a729152b17d847589f988cbf4bfc0d7360089a0de419227b046226331bde9806e40569c0f7acad6
SSDEEP

192:+yEioELD/ZmXg8oWllefMJkZQ3wf1v0mlKt6DvE:aioWD/ZmXg8SZQ9mlXrE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{8713AA5E-20E5-48B7-8554-EA0634996AF8}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2152	1804	msedge.exe	86
PID 1804 wrote to memory of 2152	1804	msedge.exe	86
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 3300	1804	msedge.exe	87
PID 1804 wrote to memory of 4192	1804	msedge.exe	88
PID 1804 wrote to memory of 4192	1804	msedge.exe	88
PID 1804 wrote to memory of 4980	1804	msedge.exe	89
PID 1804 wrote to memory of 4980	1804	msedge.exe	89
PID 1804 wrote to memory of 4980	1804	msedge.exe	89
PID 1804 wrote to memory of 4980	1804	msedge.exe	89
PID 1804 wrote to memory of 4980	1804	msedge.exe	89
PID 1804 wrote to memory of 4980	1804	msedge.exe	89
PID 1804 wrote to memory of 4980	1804	msedge.exe	89
PID 1804 wrote to memory of 4980	1804	msedge.exe	89
PID 1804 wrote to memory of 4980	1804	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bc8e1756051d4416c28cc8fbf40c025b.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x2c4,0x2c8,0x2cc,0x2c0,0x2e8,0x7ffe51082e98,0x7ffe51082ea4,0x7ffe51082eb0
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2272 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2912 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3048 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3384 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3400 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3688 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5000 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5160 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5332 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3480 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3480 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=700 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6184 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5984 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5424 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4488 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5892 --field-trial-handle=2276,i,15817828578236204210,13026862889161134178,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
6bc7b83e008ac944cfac50555f56edd4

SHA1
93798803725ba38ba4e4c6c1c37e1dad887320c6

SHA256
51a524b6c5989c12fd42ae6311f5075fb4c8dfd28012f4418e27a1a4687a2fb2

SHA512
ed7f79cb392182e47cf1b29c77a07be512d2d3f70b35ee8bde2a576302040dce4c173cdf76f4108acc3e2c2afa88152b6b80c61fe6be15743ce201890728b093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
489c2f7bc0cbabc82d71177abcd193c1

SHA1
1793093c4174eeec812e9e5aa54da8ed66e5dea4

SHA256
a857a74544890e355f1c0a3d61a687a8099cc1a0487b5c94c30a8e65e596447b

SHA512
f9f87d4cea8048d8562de8a668e29cd3e4bb925781509326a546d4329b20509813ee6888d063f65f1e5d4e62e6c4f960183e5ae46072def9095a9f6c57172f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
b26c03a82a5747103bd8ba1d40cf379f

SHA1
d95956593da23ec43a63d6698d9a33e0ab2df2e4

SHA256
94af6b3dca36c67bac4ecfd89068781be246927c5dff23d9a0e6c07d780c51a2

SHA512
0ca0cdb29146938e53dd58ab79adb1da4733c7654a7f710a593222017b98adbed729ad981caf492828ab3aa9aa1d9650ae6a2792a92270d10b8e61ee4c75d675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
903f0cae34efe1b54aa4fc09d0044336

SHA1
c216ab02b2f0aeaeaf9fa9514136640fdd207a33

SHA256
543257fc71ea07fd3319a76e42008716266b82ffa01679afd7359a7fa27a5272

SHA512
271eb4346dcda42270fbae222393b06627825724d03f6270a89aabc9b2d91254df798d9ab426bc70344524be833298ecac6a5fc1a4ce63f2b0db240921370c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
72f1b61119635ed96dd8c09391ce8ed1

SHA1
e56598d4c35746518ac07271d07b2ffee1d8e8ac

SHA256
885be5055fe02b3f1282b1ebbd3f4cc6c0c0cc104b89d7995cda9ac9fe77b404

SHA512
b524f9c87887640d7d496b6fd482f1051b738b90cb079c1eb0a5c267f1ba1a259de843c8ed8dd532cd2e09af763dadf2e259603798115078f0604fcc0cb39488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
1b4ce16a10c8204c360191e53da5b45e

SHA1
c3196679df7796d0f501cd6940f4c684aeeefdaa

SHA256
95de495acdfef4149f89d0bd53ec725e7b6919538cd03e8ab55adf11f32b397f

SHA512
c5b99958097881bce28f9942479f188850ee7fbf7f5e429871da902b73f6721512da2b0958db39bfaf7e2ca74de09a3644491f0ec268b66413b927064e59c05e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
ae3a93b691e9b3dbe4044680b89d9376

SHA1
a7c8a6eb044b66412d39f80567e41cd33b65d7e3

SHA256
0b51c228218db6a18d4221c57ab71095b0d539717dc9be1d0ef84cbfbd2fef15

SHA512
8ac1b52aa53d21a4598a4675aed45c62efce97372ccb5cdaa6baa6de1683208d1da0bb3d2f443f36586f880a1c96c6125a8c3bad73aaa8328564f876fd33c0f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
0e9113e6d2fa4440eb3c0fbaed2c20a6

SHA1
9b47eed6c65493f311738ee2aac8f5fc851bfbaf

SHA256
38d64c2f90813e3ea7952865c0942d51bba8eb50cb0b6f0912a8215f52da514d

SHA512
5f9169bb9f304c49d17e6ec362b5dd62fde3daa0d3adb74497154860db1b0c478a9265ee50f8c1368546bf45a7b5a892ba38bbc9479974fc019fdb8296b1b043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
78d652493dff801f5ccc9569ae8a4fcb

SHA1
14ff8441542be9bd3ca9a0b97bdf3c6348e0772f

SHA256
f0009e4279361152bf90dd4e44a22dfec926246f29eee9b0ff2b83753311590b

SHA512
4603c14eac032da1d3908cbc5a9bf657abce856af2eef037f67921de2414e2c6e212c56931bf59d2d70426619efa58988aad3bf8d156bb54fed702c5e7aa64e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3047e394ecc65dfcb31d7cea520b0bd0

SHA1
ef8184701ddd1526dc9df544070e67e14ef3041f

SHA256
76d4222720054bdd9f446c716dee2d4c0a692fc89ca910ddc77ff056e8f9c926

SHA512
9e6baa6bfea3dca5ec63db0fc0cfb0adfc8d989cb6b9091d1039fe17a719820b26b00a1f1264a616d61110f364a95bd101c73c5446ac9465ee85d090bb73229b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
0265e2e4fb79ca78366efb56937e1a14

SHA1
eca29a4b0bae09053970635361c3472333b669f5

SHA256
2ec015c41fc21d373103eccb0ab21e1df445263fc3c16b376d28ee0c7c83d023

SHA512
dd2a0b05c9e9194ebf979d99938d9febaa7b42e0c11604c7f55677e452445704728ef80b5d1cb806f10bc49e285038dc6cd48b96bacb970e29b6fdaa2832be07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
31KB

MD5
294f781d278219d07042f1595d6edb41

SHA1
d9590f203020e97766cb48a87274317695641556

SHA256
fb916fcc7c595629d62acc6580b917e1b850873653e684baa676eb58e3c064df

SHA512
bfb2d4b686650d6115160977318c54e88cdebcfec381c413c22cb40e43fc7fb5b475be14f15dfea5541b371de8243ff915c2534080aeb76b8d3c02a521531b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
be42bdc94a27f33f47b269dedbb8b1f0

SHA1
59f3917d46badc0c05274e0a2f253c15628a3049

SHA256
32073576bf8cea087e4d23dfc4c725f14438af354a62688727e9d1b108a2dd34

SHA512
2fbf8e31a469852e7bb1443355470df9c2289461349dbecd15726d90cd2c39d91321fa5140159f57a371ff531a75ce3575048a83251be3b2aa369e345db2a0ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Filesize
9B

MD5
b6f7a6b03164d4bf8e3531a5cf721d30

SHA1
a2134120d4712c7c629cdceef9de6d6e48ca13fa

SHA256
3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39

SHA512
4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Filesize
574B

MD5
5089ba0ebd4f2e4a43a65ff5953a0509

SHA1
aedf42a7bc4d2dcdb336dca15e990585442707c9

SHA256
30990221619cbb9316531316cb8b296f86416560dc222d7983ba8383f3960379

SHA512
9d6a24339468dbfed16786a8ad5276f4075364769dfd94cb0b48ac431d4e3a19e1ad5b23daa87f60ea12748cd9078067a6062c8902d8a4d5896805178f07568d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
21ff079e5ae623e5a285031df994d1e2

SHA1
87f38987077dd649aefba278201e75dc6ec4984e

SHA256
81693edf3b96e3ed9ee821029fc746c1191d0da406783e52d5fee3062368c112

SHA512
40d8882d6273018872ca42be14b0c8b810d4f753b293a69c397551617c9bc207184e7ebb62bc5a2278b3130836ab92396a96948e391d247d896a9ec43816d9bb

Download Submit