03793a182abbaef555b6a46dc1622a64a5e85536482b355cb23e050b6a7f3e3e

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3573850393fd285988a562219741273.html
Size

133KB
MD5

c3573850393fd285988a562219741273
SHA1

2cc16a3863eaf273145103d8d7e53fb0fe168537
SHA256

03793a182abbaef555b6a46dc1622a64a5e85536482b355cb23e050b6a7f3e3e
SHA512

c175b8a465ffb8e4a9b89d3338aaf48b1b51847694b8c240339b6ca318829043b9b4258255dfec37c80f476f46f42b3504855fb994b77e0dce5f3de0b43de1a1
SSDEEP

3072:TFLSF3zZP13G4k5QhLpOatVl0YoO7/fNbYaaLStR6xWUu/v66sbsGon4G59t9Vcz:JuV3G4k5QhL8atVPfNbYaaLStR6xWUu0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
3000	msedge.exe
3000	msedge.exe
5308	identity_helper.exe
5308	identity_helper.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 3732	3000	msedge.exe	89
PID 3000 wrote to memory of 3732	3000	msedge.exe	89
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 4744	3000	msedge.exe	90
PID 3000 wrote to memory of 3108	3000	msedge.exe	91
PID 3000 wrote to memory of 3108	3000	msedge.exe	91
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92
PID 3000 wrote to memory of 3904	3000	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c3573850393fd285988a562219741273.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa356346f8,0x7ffa35634708,0x7ffa35634718
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9816168496925765534,3765811172381866533,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\403957c3-bcbd-4bde-aed7-51656367f627.tmp

Filesize
370B

MD5
ced808d865af1382be2338008c064500

SHA1
038045df4efcfc3b2a99ab0373be3c99d1ea6e2e

SHA256
f9740462bc0813359ede8f06b35849d30477873881202c771aded03129cda757

SHA512
fd6d6907cfaba48be61cbe998cabb00674d5ea85eab8c9ed9c3c18b9df1fc543fa5db09928aeb71db3e203a2fc2cdcbda02228ae49bdc505409f6888eeb3cc62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
22KB

MD5
14734a8bb0bbf70e4c2baa3d73adc7ec

SHA1
b3a16d617c95fd8da1af3215867abdd80a23a708

SHA256
56ad32c2be9235dfe4a5653351f1121c4373fb48147d91bbb9397b65d5bf0bb5

SHA512
aaed10d4b91749bda93e69b4188c93d4fc89cc9e05b4ea5bdd8363cea53a3d1904f0080f23826edf35f18fe4bdd51a86c04a5a43b7e5f5aaf1568ed17e3a0d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
969e8d4317c0825eac8550f643be5e6d

SHA1
b38d015777d12f302932209353e45dae2e124829

SHA256
01b8195b9278343b406c028faecf5dcd6336df33a977c5291149c5e1959da750

SHA512
152d8e4aa8f714a3a8290840ba17a617f35232b7817ca7633f2fd8f9570f2451c4572e89826f179dbcf53fcccc617fc700e34139f7e7d01927baaa50bf155e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
ffa7a9452cacb50542f44374fb3bf27a

SHA1
2c1f2709a961aa89176bab41031da811f188a098

SHA256
4c3819f8875caa7a2d82af4bcd35d8a011c96c1ac6b9b8da99088ee1faab642e

SHA512
c199d9a84588d159e758697e0eed0dba88f76370994982154d83baca5d4765c20932509b45ca9b959fbf065e66339550a8979fad83ecd814b55dfa3308fa15c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
40083f66ed9cd42d7ab278fd0718ef1e

SHA1
2dec9d5d97272c08d663a57c4a7dff641f448413

SHA256
a0ff3a315fdf938c59c28a71ce0cefaf139105897f2bb94d47013be5463a83a8

SHA512
4847817b85fc1a205224573d27384d4cdbf26b110e28e4b0d7d2f4fd0be8dc83fc3730264136276305a322aa267dad556eac3caac97e1f2cac69fd85800c3969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
baf73f2891c3bc88264de47e54b0d0e9

SHA1
a791aafceceebf54eed6c248f3f19e65d47bf691

SHA256
b12ce5bb9bfbbfca5c92c9ecc978c654ecf286ead152559706c027b4a2256258

SHA512
c8b0ef7b271aefe004f49aa5a80fb9527dad5f36fee262671a066e8a3fffe2acb7f8330b4eb9cdc43d0ae222f7a3b07f0bfced28e0c3113c718366bdff7fc93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51c8e572d7848fee970e0ec8be15af0c

SHA1
cf3a465f38dd15e75aa29e9611539c626c1ad366

SHA256
56d3093507274a64a08f7f7f73b73b1c43fc01268266684126aca6951bf6688b

SHA512
60b60beb59baed320a5ba9d657ac2a91b95431e90faeb4841407e7c10fa8cfa6dd4beed2bf31daac24548cf0c64d1af70ff9870a74a22f5bab31686d29e4e9bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1473ef3a07ae50c1b8d836e9de0ff99

SHA1
3e4f58097021d407c0215f554720eba1328dd8a3

SHA256
76c179820f4a311ef931bdba02a71755193271ec939ecc145633185db3284d35

SHA512
a42fa61e0c28c20a8094a0993810145a4bed4d0e66910af4f3c015a8b2ed1926ef7fad2bf5ad11b6568f096eec4ec399f3c4f2e7c2dbf8c8c7437e1c4b5e3911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f473fc3db2086d474dc626a22392aeca

SHA1
21b5231b7e5bc910997c325ed2993b1c49fe31ec

SHA256
bccb8de249188564d39b2871af6894894830d5df41655c18ef2c230269ac69b5

SHA512
f3847adb89779c782e3f38aee60129edf02d28470dec13ce582d8c40cc05afe7c870ebd4dd5a4f1af47eb4df9ef38fa8ba94b98d9159b16792c838c1694f74bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6ddb51ef80ec12ee17f3c2050fdc6df

SHA1
5ef994f3652ab3a72777b1b97c2dde9260c2c0ae

SHA256
9e729e97c2040afbef083462c2451416c62d7bb323e4a0e499423792254e30b2

SHA512
05c50dc5a938945960612e95d8940f5ceac052a18e8838585fe59bb8427ba1120f711f82c2ed74d3368fbaea42cbb9a152e685fd67bce04e691b1b35811d26f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c014.TMP

Filesize
203B

MD5
041c8ffd67a53c34498f802cb5a73fe3

SHA1
23cc0f3cc86e42e9e56431bc0f73ad9463002549

SHA256
cb6ebaa8897ab9f8fb35c08b0d51ca527f5065b8818312c76d794f888a8a999b

SHA512
b23aa6b211390c03d35481d1be971b7137555ec917517943d9c5fd064510cb2e89ed4b3f726bd9e704a83fe0c75d889d8ac05e952f8cd36d268d9d637b6d063f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
96329cc7aae3c26843e890edf531383a

SHA1
420114affeeccd4bb5f0a63fbb3feb62ee80c57a

SHA256
4a05387170650ae6719f46b00edf208362a87a1878b2238c1b5a767cee229403

SHA512
c82acfc6322aa232f2c6ec4a564288b45984a52be286e18359afc1fbcf765ddecca3de82d93679342889fa58bc6cfb80143bbeb30d7baa5395a6badd333ca747

Download Submit