9836cc8078d1c4539781be84bc470422827dc89902b6bb95cf624645d13d20f4

Analysis

max time kernel
142s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
15/03/2024, 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

932KB
MD5

75c01a2a0f3899ebbb314bee21aee79c
SHA1

702a8d6efc11ffd6a9a7a8a09551a47644c3f3c4
SHA256

9836cc8078d1c4539781be84bc470422827dc89902b6bb95cf624645d13d20f4
SHA512

fd25f43525b2122c6dcdd3b569744974e93e91f1595f5b886ff6e22865ff6112c822f04097cc46de3169a6c222ea5a14d2eb879c8878f37a8f8d2fe905c4b42f
SSDEEP

3072:XqN6RLvvEoJ2ls4LkWof6FVRB90yfxnUNnj5lvS1V:X3EoJisMkWtF3LFtWj5tSH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2567984660-2719943099-2683635618-1000\{ECB2122A-D51A-473E-9BF3-D13E3ACDC7D3}	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
4488	msedge.exe
4488	msedge.exe
4612	identity_helper.exe
4612	identity_helper.exe
4468	msedge.exe
4468	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3600 wrote to memory of 1900	3600	msedge.exe	77
PID 3600 wrote to memory of 1900	3600	msedge.exe	77
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 2928	3600	msedge.exe	78
PID 3600 wrote to memory of 1748	3600	msedge.exe	79
PID 3600 wrote to memory of 1748	3600	msedge.exe	79
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80
PID 3600 wrote to memory of 3572	3600	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff88fc33cb8,0x7ff88fc33cc8,0x7ff88fc33cd8
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3300 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,2928115148022334405,17152015579296813370,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} -Embedding
1⤵
PID:4608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ec7568123e3bee98a389e115698dffeb

SHA1
1542627dbcbaf7d93fcadb771191f18c2248238c

SHA256
5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75

SHA512
4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
13ea3c970dcaa377c9b1fb22cca6df23

SHA1
a06028c159e029d32a3d42c3ea3ccd625949d936

SHA256
c1d31ac768ffa42a1ea88c480b4ebb402ae43b8a9e0c65d332c04c669efc6be4

SHA512
c3c704b590508524d9ecf9c7e61bf2192c22dc568b4e6a08f1f85e12dba841c63dac8cc604ae9a768cd6a086fc723cd4476066b39a7e726d2c9cbfe490cc873d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c2b0eb2eda006afce403e2ee7fbff0a9

SHA1
3a650c4190f856c844396b28732bfb1514aac8c7

SHA256
1407b0e85f2839be9057d09b4fae75adf8f6af4426391e995d639df1f632ac3b

SHA512
54079905efc5d52d7f69c1c6e9fb94e084122b163c6e6c3c9011093eb26e7def3245e093e1fcf8e3ac1b313beb1eda9c90d6f56203d5e3f10c98262fb42c31b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
666B

MD5
2f9ec9e0ff27cdb0fe1dfdcdd56e18e5

SHA1
ba78f3cf4ba6f752a4361a8cd9cd00d3e2079452

SHA256
cef714de6fc78f53cb45aa6d5a36f69422bb7af253503d3c6ac23ee339f9ef78

SHA512
105641a7e65ae59f9d9122f422d1d0dde3c7432e57eee84830537112276cfbc9b481a55124bbc226244f74e0e3a81e1481d4d5c85bc0027bedb4d30d281bd6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
666B

MD5
f4d11f94f09a2108183d7c165cb50390

SHA1
0b9b8b0f639b33c5424a53dd053dba205ed660d7

SHA256
6d8505e5f7d3ea78d6de0e951372bfdca5bcc2240450480c0f10fba8a9120f90

SHA512
97973a54f46cd0ed228dc72bf0e44a119bda7d7cfad772a64d8e87e974c2c7aacae434ddbd7d052fac2e0785aadf3655b1bb313f290e6a5f40454b4b38f66e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
4733aedf22784f753f3775a152c63613

SHA1
b2665769faf5c2f6dccdc5cfe2ff9ffe0ac19f7f

SHA256
da3f4df30c6654cb4234bbf41bec6953613313400e1664332ece122305509217

SHA512
53fbf9e89569deaaf9cea6f43cbb9cd42b8c4a64623c847e2679f70064609845373a83fe78dc3c8d325dcc02d0995d3aa6f63d08661c68cace693e9aad87fd79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9636ca531585b79fe22db9001757727

SHA1
4473025c3a08813578b36f7e503a05bd5b30f1da

SHA256
f8c269be3700e6f71aca58cad6f89554bfd4bb0adf66e1bcded338b1618b5b3b

SHA512
4681c121a83af1c20e1dea2dc45349fa95e7c0fde9b8b5009807f0b1b5a6b1ca5337a6138a86d55201f48794cb0adb3a522dd5f9e92caa81b4934655a0a88163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b6f9cc7a6598eeb1fb8170ed76c79ea

SHA1
ef5db9c3d97b81c7d9b52f6b711a9d7936c7f0be

SHA256
e8a5636ce1f5cf6130b5795a4fa88c56195dff6a93079597e2bc2e6e55ea3ade

SHA512
14095aa4e3b47fcd734beed9ebff8461589c6116a3f36f84618e5fa44cf4bb19392a2a17297a9f49846970bac171887e99d50ffc3393251aae351d37c4faefa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
26f1b9070214e238e75209d779d2bd42

SHA1
67c914c6addc4242959ec49cccda4109657f900c

SHA256
56d1d83945107f03588b090ccf184ca7a0cebf42802c36660bd6f3ee4104f6a1

SHA512
1e7bbd7161fd26ad6e13a02c18ee181073860bcfea946dd854c4072d3f25c5c1bc2def31027d79cd82996e0eb5611c369c7387994db3ea115f47bd342631eb13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0ba15f72ffb0a37243558588d3e78221

SHA1
814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0

SHA256
3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a

SHA512
02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b61a89fbdea27e14b3a358441d47bd1

SHA1
896b8b230a48286853ccf061f398326bbef31e92

SHA256
9f29f5ba0747a21523625a9dae09443d5430bf74735a69545c98a1cf1123b690

SHA512
f3787b48a550951666511474f466fe13c4242739f3c2f460156182ace5a68c961bb3433cf763221040ba7b6b2eb3c8c3b7d8c5996f4426504c9e3d4397d05212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58076d.TMP

Filesize
540B

MD5
ce65ff6784e66ac879237011d40a8893

SHA1
8c2b3a761ed7ce787c7ef3b6fb4de80403bc1c79

SHA256
5b91c5e0d770cc75270143b514681b6fda694bfe2c9336817823f5184d00d236

SHA512
844b6b34c9721dc9988c8281cd2f359d6465ab579655b0f897cecfec54525b110ff5fcf52115ce6d258dee9843d81f7202ccc0e5bdec7c14f9d7a8bd86ac3d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4f36535b0a1add20466338829a51af10

SHA1
21d8154d8d03a231b40d708b882cdb1abdf50efb

SHA256
b371d4dcc8adf628e974bd73733ea0fe46119d2930c2baaa219807d7019861bf

SHA512
0b7c2083246ca0bd8c3d937e57df2041afd13b5bc7d3a428d5d2ff99f2fd09e0e6725f114dc8f48345b85508ddd3ed8b138234460e53d4c43ccccedf805f2fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4a373215688e624f8500dd5a4e6cb272

SHA1
7a88e762712800e03e4b8e77d80040c3df7a19e1

SHA256
f8f1e469dd500908624b8ed1b40b066690eae6d1fbeb88a3ec535402edffda07

SHA512
3bf5cd489ba47dd16a1658559eacb47a4ffda8b71d746eb8a3680e6bc5cd073fe90d2a6e2ab60dda775225fe4334f0acd900ae2d3fe532f5ede332d44ce05bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
66a3201d31bf208dede73105a2ed1aca

SHA1
9a53c6c34af6a4b933597375ab1d384009e606e2

SHA256
39c1fd560ca44199bea6b0bfc9569c00f115ee72104b43ff1b3912bef0207b21

SHA512
29afe13b0cc7b600cf44061790c07baf793cefbf49b4c3e90d99d95aa37730aff07414a3de4935ff0b3eea1c9f02160bead89afafd6ce2dfabec33a4d7c0c634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
40aee6a2b24b02818d781e2dbc67224e

SHA1
b98c07aa18c7c0749165c11c8973e6388ade43c2

SHA256
55ec1d53d77ee057815f3c391aacb0655238697b948811b7140da23787b6ea7b

SHA512
907a878131fac4613bb0cb22495f9fbe04ab707811430eeb919c68499ba8271551cca4fff4816d79f9e9700f30d4277877a4dc3be11426acba972a468b313dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
04b25f4e3a8f2b1ac852451214c8e403

SHA1
08f9a55269e786a8015768573bdfe0d77a3659de

SHA256
1a2b1d860d9cfe40ff11331a3b4fe57c413fc1a7ced91449f0835e778325c7d6

SHA512
7cafa6153564b6bbddf8954eb67d2a3fec6c774f07e7518adedb07a8cdb5062d61a84b4a709e27eedac163bbe19ceb701723bcd2b4730ac8a36ca2f7112c0edb

Download Submit