c1e3b67a9ba3c66bf487f26fb6eb3bf8910184d93474bdc8e053659976ca4fb9

Analysis

max time kernel
140s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-2.html
Size

5KB
MD5

2a79b7bb42d3b1042fb9013e6b1fcc05
SHA1

f8d8f34bd520bba27eb8aea5247d01640e584f63
SHA256

fc0ce70bbbe7d41c21aff1f87b91c6a13194d9783c3c2cf2b3dac97667b3ac20
SHA512

eff94f89800acdc8f8293b0d38b39f56b3817224a94cf0f459f761c8f1af6ed31c34f6acb9e5a87fc0ae6568453a8f332f5131398b58f5a4c1fbad66f48b3159
SSDEEP

96:9wtCPxUMJw/6F/qUejjExd9pzE5cqmPHwqmZWhK9FNB1RIBh:2ZUKfCm5jmfwdZWhEFNB4h

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
2332	msedge.exe
2332	msedge.exe
3444	identity_helper.exe
3444	identity_helper.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2084	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2084	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 1672	2332	msedge.exe	85
PID 2332 wrote to memory of 1672	2332	msedge.exe	85
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4644	2332	msedge.exe	87
PID 2332 wrote to memory of 4136	2332	msedge.exe	88
PID 2332 wrote to memory of 4136	2332	msedge.exe	88
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89
PID 2332 wrote to memory of 4016	2332	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe9cd46f8,0x7ffbe9cd4708,0x7ffbe9cd4718
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,8041400665084583574,2241749079720657265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5016

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x2cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e2ece0fcb9f6256efba522462a9a9288

SHA1
ccc599f64d30e15833b45c7e52924d4bd2f54acb

SHA256
0eff6f3011208a312a1010db0620bb6680fe49d4fa3344930302e950b74ad005

SHA512
ead68dd972cfb1eccc194572279ae3e4ac989546bfb9e8d511c6bc178fc12aaebd20b49860d2b70ac1f5d4236b0df1b484a979b926edbe23f281b8139ff1a9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
864aa9768ef47143c455b31fd314d660

SHA1
09d879e0e77698f28b435ed0e7d8e166e28fafa2

SHA256
3118d55d1f04ecdd849971d8c49896b5c874bdbea63e5288547b9812c0640e10

SHA512
75dce411fce8166c8905ed8da910adb1dd08ab1c9d7cd5431ef905531f2f0374caf73dedd5d238b457ece61273f6c81e632d23eb8409efbb6bf0d01442008488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
704KB

MD5
a19fdc0c5540fc679314b4610e94f0bf

SHA1
a8c1901155d15fc40a9bf2beb82ec69625544442

SHA256
515cd13122ec47316683a037dac037ac2155ff25bbde71db8378ec7141cf7a60

SHA512
1015fd49e868742f16f2c3bc11e97f7c3cbe4927ffe968ba48ca09f8f47754230f1c9fbc8a48a9b0d4a5b7bbce457239f62495c3a344236d8798c870dc51aecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
6f44adc52184959d7b41267a953e5bc8

SHA1
1d2695013b507a4c8cd51ef99706cefc70a639cc

SHA256
df1a373c2c604c40db964e47c9ed646240bb67e906602bac91f65beb53a3118b

SHA512
d340bbf723414a8ca2f5b8280b1318c1d6d481860cd30d44e50a956c1a1bda4c4e4d8d3ba69823ccdf868de673f7bfac233dd1531c1813c323787dffd786b403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
666B

MD5
ca13ed0eec3071c7bb1cb2f53c31606b

SHA1
7e5fd38cfc4e57bddb0659f401647910909101d6

SHA256
4bbc3abf6ff23e3768ec46eb236c54f31a1ba01dc5c7175948611961ce72b803

SHA512
5529997322f9721bc0622d65bab64263627d597ed1b90b6f967e832ae14e9392407455e98969b6611b08b4ab23d7dd8e844db96a350a359b235927363981c77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10f60e56e6e0d4c9ec66fa53c80b5ec0

SHA1
df9c41f51e13f2b817bca21925c0a2d556408ac6

SHA256
5c05a65ff1ed832ddf3d7ee9a5ef7c1e6c0079b04b691d5a6a0b89b6ae26e3fa

SHA512
ae36b3f7c8e11cd229fd8bf98d07243f31a021bbac1ebe845e155e75dd833f6b0118ad3a5c3f089147c245a4b2a359c2a1c80b01eb24849fbab2baffa40a87a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af86848192fbcfad1f2d8af03f874cc3

SHA1
e42070f795d4c0c01204627504143eccaefbd0c0

SHA256
f498326c41b56cb5fc76153f7a0e25c8db770ba949c73148f6d2895e7acae454

SHA512
ec368c0d217a5141f8b8f1de24c96175ce1fa34acca90d7dc9dcd91a3ca3872d397f675094d74d0a593944dc9eee2d5f1a99212b72f5827ef0fc3c65d5498830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3f7f400c1c5bef4b0db0847040ef045

SHA1
07b1fe657e10c275db44c9ee904b6c67f7222d3e

SHA256
016b3d86fb9a80ab93a35bfb3f089740f7570ad80439348a87950f087ea83d26

SHA512
965c9bccf84587cc4862a7474df4603c5c87fcee093cb488fcedb9003adae5f2fc7ad8c9076a4db9c18454a6083ee943ba1da2e441710ff06ec143e5cf64ece0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b8c1c0817b103d30939f4ab7899bd42f

SHA1
5cf739d84a9f2cb6513be54c0baa6840d232e9ef

SHA256
588dca959f326b965559e6cf0202fcc3b0ba6783975de6816d0bc6b255dfdf2a

SHA512
0937fd354ad6c18152d0f7bde9ffb2f0b91c9b068c7f3ee6f2dc157e8930e571438c0750d1bce0aa2519235d4aa173e37971b66a3366c446bce48a880ee5ff43

Download Submit