5c36c0b900c307bd749cd5cd13cbe956ac00d12b888696991120bebdc1502384

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2024, 12:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ddf837a23e8ccf223b1031d064722425.html
Size

144KB
MD5

ddf837a23e8ccf223b1031d064722425
SHA1

37bb7a3e80d898a20f48b39ce5774876b2aeac4e
SHA256

5c36c0b900c307bd749cd5cd13cbe956ac00d12b888696991120bebdc1502384
SHA512

15e6467ae4d2bc226eaf84815328e30d61da79a2cdb43c1ae30f8074ffc09af2a78ec0e65fbe50235d9018c283edbea7887d38ddea21d5318953c0250b852ab4
SSDEEP

3072:QF9SF3z2UP13G4k5QhLpOatVSYcVUSw/fNbYaaLStRucxWUu/v66sbsGon4G59tz:Usr3G4k5QhL8atVjfNbYaaLStR/xWUul

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe
3700	msedge.exe
3700	msedge.exe
5732	identity_helper.exe
5732	identity_helper.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 1708	3700	msedge.exe	88
PID 3700 wrote to memory of 1708	3700	msedge.exe	88
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1316	3700	msedge.exe	89
PID 3700 wrote to memory of 1944	3700	msedge.exe	90
PID 3700 wrote to memory of 1944	3700	msedge.exe	90
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91
PID 3700 wrote to memory of 456	3700	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ddf837a23e8ccf223b1031d064722425.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe08dc46f8,0x7ffe08dc4708,0x7ffe08dc4718
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,2647153954474023129,12126623316017530021,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
22KB

MD5
30be678c3eeac810a11baebd8e7ca39d

SHA1
a7759bdbd6d81bda5addb7d297125faf8d162712

SHA256
b631fd3a2cedbe8626956c3f914a4b338372f77b38d7f477fb2a1a03873bc69d

SHA512
150902c52cb87ae836bd6ecf64a7940f86d7971105b6baa1a9f28239d439028ae9f65b7b0a03e846eff8eec5b861f328f12e2dcb8e209a26d4dddb5074360ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
76fd6a1dbf5a28812f8c4e158e44a97e

SHA1
ad9cff4eb7d4e9d8ec161609ab3f8b2a1a9288b7

SHA256
aa669f8b88399d6e1277170502caa1e0645e40e336a88c2440526af1de974fb1

SHA512
6b5909127249dd65487a3279b12906b4bfe4fdd963392aced50b2f3a33d7d08d8d5ce7a39b7251efea1155457d5855ad921c1d29b4b667014d4bcb51cda224b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c14f815316c71b19c5238504509218e1

SHA1
200af8996f8f87b3e20c49e400638442f11d608b

SHA256
7f87ee46a675abd3320d8228912216c1df9eeaf0123c87e5e8811d6237c12ab6

SHA512
e46f88719f94758905624bb68ccc0ecc040ced6eaf60443ccf6ceffed71cfbaea4baae9b9d960f7d0be02ad70ff891ace1edc8cce06d5849d7398f12a6e833b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d15dba430dd377ea2ffe7034e5a8f030

SHA1
b32c806cb2d0b5d540c14adcf3befac8025821c6

SHA256
3ad4db6013dbe63a18df7e9aaf4ad9f6ffc22a3660dbe2771830ad82b653a657

SHA512
8a831f1071265841cfc3ff113811e4cd7066186d5b496b783c137a53689ab83a5bbacf083e43657fe8390d0a574b4f591a314a87f047dbdc63da802898c56e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac934ab4267ebc368e5cdaed5ac3f0d9

SHA1
7ce066805d863b6f4015d0b9b2a5cd0e823c33a3

SHA256
5f27539cee78bd787f2b3be8c09ac0fb7641a86fcf3bfb24234531b2655c9066

SHA512
5d0cfc2b503317fb33bc4b1a000093fc951e3d5840adeb579d531dad39d0e626086910a6e80c34073d488b179fd4dcfaf1900e30416628dda1c31585e3446c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
89ef9db2eed091c4a432003f6ef3db75

SHA1
04d1014c0fc4b1abcee8700031f2b807fb68a0fd

SHA256
0bdf7fa5890e1a1438451c7b14a115e3beacd0d52fa53c6b5cfef7bbb91ced6f

SHA512
93fc7b97267d244a5422178a67fcc66ba1dbf4e62425ac299194a335b03e0168ee3b4acccc06431cd6e777183fafc21f0ab0a16a2b8a159c16d23043b934a26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2a5d9593ab24bdeb10dd16979913c891

SHA1
788e3aff49c7ab626572d3f6f348d1358aa45fe4

SHA256
4e308ddee8eac0dce017bd26380c791ad5740591c699e4d1edb2a640674c9760

SHA512
251627b74f3a2158608c96cadae4b84094b4d0847ac27c864ba5b566f1b645459ecf762b1a8e7eefeb4a9f117f9e151fa43212baf8da7873a0c92134a546f648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
96b55a7992b8cfbbbe057a2fbcb70757

SHA1
7f51f48a568a3e5ef1b362e00baec88c5767e26c

SHA256
d3e046ba1ba8095430e36dc6619a0d03fd5bfbe5e2c734c1aa092be64c723786

SHA512
ad973e4a0702f8df362950054d894f9ad0a1958c2e5b612d534edeafb1d6f797ab8ce52bb6f26aba35a347637290a9d08e47a350229d08dc711bcc99b8ef7d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b4900a2676061afa63af8c92e3eef96f

SHA1
c85e5d83bea063e71faec3786e3ef0f80e3b1124

SHA256
c1cbac00175e1ba6e9bc02f13348514a7b199592376400a63e5a56dddc816596

SHA512
da49c3edfc116afd51e6c6626ca6ee042fbab23798dc298931b1136b9396f89fc624db75b85610f1cff71295bfacfd7c295852938b1f659f37a4834e0b757bb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bafe.TMP

Filesize
370B

MD5
f56f7b432791dcc11175a7fa13a9c446

SHA1
79675592f7830c7ada48a54e6faf9ad45c5e0980

SHA256
29970799ea0602a3aa600abc426faee653274ad1c4d1fa128e508cdb4a4bd412

SHA512
6d197fab0838c006e4287d1148180f2a5943c58004ed931f46b675941ddc9804e07829272048ee501ae3ab18a3dd83d9793f28dcbad5ce4447593894da09a6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e368fcae0c580dfc19ef4a38f1e39df

SHA1
5c52b037164319f48d371a72bd4e8f426a6b1ab5

SHA256
77309719fad4dc4c8a32337aca0451236f3bcc5f50c5f864d588d629607c4961

SHA512
efd829986557b0bb7e9f9c9c38b295171f88511204a65f0c056b6e9748fc72ec8b5e8da55d63644a2213b374bc9dfec93e99a4ec5fed3df69a634b6fc07996ae

Download Submit