167328dd7e8b7fec7d25abe2e68a19a0313c370b7410aa1163edff942f8db82c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 18:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

218KB
MD5

d3cfdd494bbe9b4a22b1cbcbe997b8b1
SHA1

286979568b0f2f742bc2a583d6e6b25a17303786
SHA256

167328dd7e8b7fec7d25abe2e68a19a0313c370b7410aa1163edff942f8db82c
SHA512

3a0c7b9b867deaaaa1c9d3db72fe35cbc706234e42bbc6f3cae625c82e1e48f3eae6a4b661c9d2fc621753b45f6c46b9842d867b214cfb6d01baeac4728dd37c
SSDEEP

6144:Ure6LI4Lp4Ll4LsncUaFtXDf1zpbI1CbX1hb3ioSpb84TyXRbOW:Uz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
2484	msedge.exe
2484	msedge.exe
4152	identity_helper.exe
4152	identity_helper.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 100	2484	msedge.exe	86
PID 2484 wrote to memory of 100	2484	msedge.exe	86
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4280	2484	msedge.exe	87
PID 2484 wrote to memory of 4532	2484	msedge.exe	88
PID 2484 wrote to memory of 4532	2484	msedge.exe	88
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89
PID 2484 wrote to memory of 3676	2484	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa413546f8,0x7ffa41354708,0x7ffa41354718
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11231846423933378675,3530964989314280740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11231846423933378675,3530964989314280740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11231846423933378675,3530964989314280740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11231846423933378675,3530964989314280740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11231846423933378675,3530964989314280740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11231846423933378675,3530964989314280740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11231846423933378675,3530964989314280740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11231846423933378675,3530964989314280740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11231846423933378675,3530964989314280740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11231846423933378675,3530964989314280740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11231846423933378675,3530964989314280740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,11231846423933378675,3530964989314280740,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11231846423933378675,3530964989314280740,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:752

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x470
1⤵
PID:352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
1024KB

MD5
20648ff6d2f6731b79cdbcdfb98025e1

SHA1
3b122e83988a7af8fb0f3facd68eb201fbe93609

SHA256
61a1a3d698a1baffcdcc5a3d7e50fb531eecfe7c064f224d857deb6c31f3bb79

SHA512
3581b413c02018ffea8db88029044dfaa2180c8f39cdea2401c7ab52e0f07aa427acd4300db69300faca3912b8c1174ba205fb22e08907b8306f80cccabb2ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
1024KB

MD5
01ba2c7d06ec21206706bbf525dd6e08

SHA1
752120f2a9a04c63b5ee0e7e18b603077c86d01c

SHA256
c69efb491fc223b50b1a7a8482553872179719390630e85a44d93c109a95449d

SHA512
e8af90ab94b828c3a68514f533c58d5ef549294198a8593949bccb172cbb5e66721ce3acf97a3ef65d87a4f4a9ebb01bbdde7a120da9b4d9fcb81b89f4cc281c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
1024KB

MD5
5f53237e5d457cbd212782356fa94446

SHA1
2403991c7e4a4778a928f5d46f58c975898bb193

SHA256
3912ac5ead528ef68e66371b8e5a2182573b93b80ab5f1c7721e042b47412fd0

SHA512
a9854345724e3e168b81c5851eec1a8f4e94c3bb9938949f569d75112277cc2e4987b6960da2f0164b447d33e767081b774f01639ca48b247b9c99e1d01c4f6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
1024KB

MD5
75b0d41adaa0524ea789f57e672efb1d

SHA1
93153f1b771658a242734f054cade38dae855137

SHA256
3c4ce3206b45c29e26eb26b42e6a0c9077a4625804b39ab6b6f6e288384122f0

SHA512
1741960572dc531cf96002e67b2cf43b9ee66f18b4dd563de83fff510cbea759d73220a5bb237858338934c8905b0edc61c0606284fd809d560a0e92597fbed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
1024KB

MD5
e498bf4f2a875abd43f3be615dae42a4

SHA1
0ae90fd220452c00b503d8181e38614eab69e3f8

SHA256
7dcec973e1d7ee4e04f462d0049b2cdf0ec4b361594b9fc0d7f579e7135fa4b2

SHA512
d3a0970810fbb7ab7fabcd2ec9d6444d8eb5f9ace5299c004c882165fee8addf0c6160e9364e991da2e10217e28d33a0495fea7d4bc6b02ad03710b5acf79fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
1024KB

MD5
18e2988870712d27fb8cda3f8929c5cc

SHA1
44dcb7fa5fc6a9a22738f67623a138569395bfa6

SHA256
13dbfcb07bd40d1c664149ac46faf45caee0d2b340bf8430bcda09aad1cff2f1

SHA512
63643db2f3c50ac787a3c2f51e1e7527c00b35326129dffd295bc4bb9fc38e6ea97b4f8fe2dd03871bb338853d7444751d209a90a0af55ba96841111fd5dbc50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
1024KB

MD5
812298a221d2a7ca29524ecdf816c0fb

SHA1
43e96c4a2a2ac6257e501ca6721bc61581bdb7cf

SHA256
8f85c559b00515954511a5fdc4d27ba3645afc5480eb80ad7a9659df05c0377b

SHA512
3b24198e915436ab7a67d257888b12a9046b81d814a71b0302cebd03bd9dd8737e9f8d048ffc10dc96751ce13802259a03dac10aa7e81ae130ef9e71e09e57be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
1024KB

MD5
6ceb40ba31de75fa3a3eacf334fbc56f

SHA1
ae14f9b8233398383d19702237cf82fdc4c342f3

SHA256
3116c0ab4d5522fcfbdafc8d9de6139d56bbc715dd0d7d8cf3542dccde45fa4f

SHA512
b00a0254a50a25d4e4ee1157a7a0611faee8dc582a5e1ca6d4c5943e3d4d59ed606712901372deadeffb58180b01bb042c4d90e49b7fb9d3e16e0ea38712de3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
1024KB

MD5
1df059fe392ab6d5006210aa04af1f2e

SHA1
c4ff8269f2edfc5eda945783ae7bc750267f1402

SHA256
232b0561ea07f97dd3ada9a3beaec0da4797a4d29b989d9c9a010e2fe8323a02

SHA512
e315847c675f5f7abdf30693c72ac93361492bd9ddf50cc2238a3b2ecba5fdba991b968a87ea7c1d6a1a01c99a4e68d111db4847af211d492b76db98638df0e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
1024KB

MD5
c97c7e2db82b93fd58064ab9fab15da0

SHA1
2cd6e9499e4af6c9aaeebad76a7e71da33c38ba9

SHA256
dfd4a66b746b4e2df961560c6db1a4e13f71cc5f738edf11dfbe35c42bcf2c61

SHA512
9188a647c37f9eb35e6395f061d4a1ae542f2a6b31c8ff02689d973e0f90c170856a46eb29a2dec6e4d382cdd9ed85f12dcaf39411682e1a7fc1fe5692090dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9a85dd9fafdbfe14b6b88a6e11e211c0

SHA1
53427f3b818717be6782d1d48eaf4f51dafb1481

SHA256
59964d12a14fde8bd404577445511b9ac9fe2587c773e974c864850afa12e7e0

SHA512
559544d995e7e9f4c2a1a37582112465b845c5f3b8b63e845483fe282c8938e1e0ee532994346ec5b1755b4802c3f3bf8c9d62bebdce7663fca050fcaf77e7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7061e6c3f37fc915089652dc0e1eb34c

SHA1
50c4cbe132dfea107e5e923408c81010a91149a7

SHA256
f44f79767945557cb5f63656b02d0a74fb810542b23069d7b9821f88d83e3588

SHA512
2f4f5a81389bc35d37d65312542a3c4b665ecf6b38bf758d6f8cf414488f199a991345a7c3683492cebd77b34ac378d3721a6d691d8ec72dddcd185ce2b105e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d938a23070ec27e05ed5bda5a66528b6

SHA1
7a30ab91f865de2c09da05ac6e4d0168367a9419

SHA256
0b2efc13379d530c03a7220a76b85ff90bfd3ea5f41c6e497c5fd3fa70f83260

SHA512
e6fba4fd24e658a4185d384b35a351e04dd201f8e63c143a74c119c070abea741636e1459e266433ab9dbfc4a97ba33e9ab5608083ae19e0eedb74d39fbed7f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9cccf7f280e8122a0ee36f7ba761cc7f

SHA1
71915783857967f727b70212c7c5988dcaba64fd

SHA256
e6e59c855e1dc1988fd4797f7bc26af25e51ce0922981c1c718d2d44ae7498ee

SHA512
a4fdc0d4219f84bab23b0b984393ae27a6581c3c16ffba50f849c880431214ba55f9676b0bd35199e306b16d509d83dfbfeaba38fb9ad127a5f94a3aa35d8145

Download Submit