a0e84b7112da329e03b00e76ea20ddfc8cbef5171334511560878bef5878a27b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 06:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d564e8a898289ef685b332927ef9b92d.html
Size

92KB
MD5

d564e8a898289ef685b332927ef9b92d
SHA1

d58fafec52d890dd60f6e45e0a17db422b04da1f
SHA256

a0e84b7112da329e03b00e76ea20ddfc8cbef5171334511560878bef5878a27b
SHA512

92b52cf4c3b7fdc95b54ca6571a452846ddabc3a94209e22c9a14c3e318989144d0018496bbaa7fe77a05255d0450a74e3578f24e0edff29f9d40e0575ebf954
SSDEEP

1536:XNDJHH2wh5/Us2A3odhhU9Hey5L93FhZHOf5jiSRtWhpo:dNHWqSrA3odhhUFe8JZHOfRpRtWhpo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
228	msedge.exe
228	msedge.exe
4612	identity_helper.exe
4612	identity_helper.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 348	228	msedge.exe	88
PID 228 wrote to memory of 348	228	msedge.exe	88
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1076	228	msedge.exe	89
PID 228 wrote to memory of 1964	228	msedge.exe	90
PID 228 wrote to memory of 1964	228	msedge.exe	90
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91
PID 228 wrote to memory of 4036	228	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d564e8a898289ef685b332927ef9b92d.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2a946f8,0x7ffdc2a94708,0x7ffdc2a94718
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,161200829960188031,1302399587624208857,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
22KB

MD5
30be678c3eeac810a11baebd8e7ca39d

SHA1
a7759bdbd6d81bda5addb7d297125faf8d162712

SHA256
b631fd3a2cedbe8626956c3f914a4b338372f77b38d7f477fb2a1a03873bc69d

SHA512
150902c52cb87ae836bd6ecf64a7940f86d7971105b6baa1a9f28239d439028ae9f65b7b0a03e846eff8eec5b861f328f12e2dcb8e209a26d4dddb5074360ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
b6c557c5427cd1be0251163a022e7493

SHA1
664a57b5f83db026957e3d19e8f0fa20bb527597

SHA256
fcb20e942d947c9e419887f2559fd4c021f0b6e734924d684799741d118b30d4

SHA512
8853174f82d0a31892c180dcb89c9e82620c87d8ee34307579fcf25609f16a5f2788656c5a0e23e6f7491c7cadf1429604e39dd58b2560fd924e90b1cda7a2e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
687b063b0951b30ae69987c7f525ea85

SHA1
c1ce9d31cd3dcd469c306915b578f476631aaf2e

SHA256
a83e184ef1923aa2875b9d39d1865340a85e9c842def1919e3bcdac949b9f03a

SHA512
79c2c2ec3fa75d5f00d396b49b4b006ea614f5c94886cc468fee6373ad7580881c63fa889c83938fd7e2568611d10ab886558c3a4536fc1dc01fcc8ae62dab09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3b95c6aa97d1877419ee78cbe640b4d0

SHA1
ef607cfb682fe8b472ff376534105f15506aa1b5

SHA256
6ae54a4bff6d3e662568c341e914b7eaf5387a9542f2b3ba7953109ef2db362f

SHA512
5c0d246f8b0b226741b4b9a4bd3ef0a7f5fda78a5dec38797749f8ef0a1e47eff41224ba5c66599a809bd80fb7004cee4c2ebf323bf7ea771f0f84eb4e3b6315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43a71f95f3b1241bb3f8ba0865cda70d

SHA1
7a3faf1f64d35a9f0bd967e09184ab8d6ea28eae

SHA256
6199ae3823901652b07e3e3b58d9f5d6490e4e2bf2cd24e363c3a91da4bf1b4a

SHA512
78edb243ce0579d8f93a788ca7c644980127f55ee031321f7beca7e45a467e67a3872642b275274ac670f26906c5ff4c0d2eedf0c7119fd30634500f593b5840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ae7f59a29072214c6af75333709896a7

SHA1
80c40cfb4915db1599d3a5b4312bb76643ff88a7

SHA256
24edbf3f03545ec81511f80f8216541de4d68a365eda3b770694247750f479ea

SHA512
1ac29ba79c0f42d19a96f3bc3e9975c68132c3a490c847ead804420526689d0501ed783e0a4621bdbfb2d78d2b8c30018b2519a6178e1edbaec0915068b1ccaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
da4d0033eb0b60570aad6c46fe217f22

SHA1
f9fd32f3f1848f41bade663da634f19a8b412f4f

SHA256
261a00472b99c7fa84909426b488eab4eb5234e1f5abc0fcfb36d6a5587f2cb1

SHA512
5a52e0ba3ec3c39baa6a4c20f3d5f24f5be0edeef65cd5ea7d1bebccdf175d5f063c4f2c71d16f50ef061bd9773047f91e568a5975d390ed4599fa8ab6582f95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7e5c8bb780f939277268e70035cce735

SHA1
e05380b2fa7a1c8966a2a3eaa4e0267630ac65ca

SHA256
7d9365a8692ed3fc3c7c2fff892fa2abdfa403a99f2a4a242a6981c8d978d108

SHA512
b062f8a5e94e8e13e1c6bdf48a328bfcf38851e98f3a8a43749f6405de99c8b741b3ef82b2b155ee43bce3da142d88cf63a0936c6e2343e8a6d905430cf40fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d031.TMP

Filesize
1KB

MD5
c02e3bbd92de5fdf261e75f100b7fd58

SHA1
a6b563e170f2572298d341d2efcc0dd579c698d5

SHA256
61b180c7cde01414397d32772f22305f48a767f7a140f32c4fd7b2ffbf694b4f

SHA512
553adcee53cca61d5d9a0834a3b51b6d80711800c60f30c9dab7c1a73e02a4c03115dd95eaf208a29ce3c001baf041f2cfb401c016ad4902296a7767a4b8427b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
269771cf28ce6bf9c663b6292613c91a

SHA1
5cc110b624c917ed8edcc84e91711793d7075c8a

SHA256
ea968261b2170dd5975f4fb814500d8f020a99886487adf61aa6de3d81409b63

SHA512
a2fa11f4c05251f78dbc7513280e8cc323a41881897199e692d367124cfe550d75e59dc7b3272ba5e7ce149ec644896c885838249ef77ae23e78e004b34edae7

Download Submit