hxxps://protect[.]docusign[.]net/report-abuse?e=AUtomjpFak9GlbPL0zFFi13J0ojx7BwYDTgQY0_eVu3fHjIxkpz6CvBFpsVHlT-WCRHqdXgX8iFzOkaE_z3SdhcE86WDLzVJ7EatRrlktkLlkvBo9VNIcIyOkFTcVgynsp1eEhFLs_aFnuJl79ojGKpuz7BXFhr_DF22zdsTvmx-kFOahsapNhNwgV5vqqHwXXmpsJTf0E8BdRTT-X7uhCHk2PWt6rfY0D2yBomqVgrEzVdty-TW_mxxd8bD9iorbug-Ab0TIoxT-a9qc6ENLMoUrtmPsbJI9hfo2PhtH1WTDUgMURso40LSXs3JrS-WNESAumoMvW4x6jw8Ir7bZc3K5kL6bBTCRWCTPxmN-UCX0amlieCUPUKh85LB_tmdWflDTfJUKOlbB4Ao3GarrFlzi_UUOqbWgJK-rtxYk23VfHj4DBNZY8rPogcclIyJ3g&lang=en

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 19:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://protect.docusign.net/report-abuse?e=AUtomjpFak9GlbPL0zFFi13J0ojx7BwYDTgQY0_eVu3fHjIxkpz6CvBFpsVHlT-WCRHqdXgX8iFzOkaE_z3SdhcE86WDLzVJ7EatRrlktkLlkvBo9VNIcIyOkFTcVgynsp1eEhFLs_aFnuJl79ojGKpuz7BXFhr_DF22zdsTvmx-kFOahsapNhNwgV5vqqHwXXmpsJTf0E8BdRTT-X7uhCHk2PWt6rfY0D2yBomqVgrEzVdty-TW_mxxd8bD9iorbug-Ab0TIoxT-a9qc6ENLMoUrtmPsbJI9hfo2PhtH1WTDUgMURso40LSXs3JrS-WNESAumoMvW4x6jw8Ir7bZc3K5kL6bBTCRWCTPxmN-UCX0amlieCUPUKh85LB_tmdWflDTfJUKOlbB4Ao3GarrFlzi_UUOqbWgJK-rtxYk23VfHj4DBNZY8rPogcclIyJ3g&lang=en

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
4048	msedge.exe
4048	msedge.exe
4260	identity_helper.exe
4260	identity_helper.exe
5816	msedge.exe
5816	msedge.exe
5816	msedge.exe
5816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 2592	4048	msedge.exe	86
PID 4048 wrote to memory of 2592	4048	msedge.exe	86
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3568	4048	msedge.exe	87
PID 4048 wrote to memory of 3500	4048	msedge.exe	88
PID 4048 wrote to memory of 3500	4048	msedge.exe	88
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89
PID 4048 wrote to memory of 2436	4048	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://protect.docusign.net/report-abuse?e=AUtomjpFak9GlbPL0zFFi13J0ojx7BwYDTgQY0_eVu3fHjIxkpz6CvBFpsVHlT-WCRHqdXgX8iFzOkaE_z3SdhcE86WDLzVJ7EatRrlktkLlkvBo9VNIcIyOkFTcVgynsp1eEhFLs_aFnuJl79ojGKpuz7BXFhr_DF22zdsTvmx-kFOahsapNhNwgV5vqqHwXXmpsJTf0E8BdRTT-X7uhCHk2PWt6rfY0D2yBomqVgrEzVdty-TW_mxxd8bD9iorbug-Ab0TIoxT-a9qc6ENLMoUrtmPsbJI9hfo2PhtH1WTDUgMURso40LSXs3JrS-WNESAumoMvW4x6jw8Ir7bZc3K5kL6bBTCRWCTPxmN-UCX0amlieCUPUKh85LB_tmdWflDTfJUKOlbB4Ao3GarrFlzi_UUOqbWgJK-rtxYk23VfHj4DBNZY8rPogcclIyJ3g&lang=en
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffcdea146f8,0x7ffcdea14708,0x7ffcdea14718
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,17670848885834774021,3496939741684002296,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,17670848885834774021,3496939741684002296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,17670848885834774021,3496939741684002296,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,17670848885834774021,3496939741684002296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,17670848885834774021,3496939741684002296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,17670848885834774021,3496939741684002296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,17670848885834774021,3496939741684002296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,17670848885834774021,3496939741684002296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,17670848885834774021,3496939741684002296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,17670848885834774021,3496939741684002296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,17670848885834774021,3496939741684002296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,17670848885834774021,3496939741684002296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,17670848885834774021,3496939741684002296,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\06ed2e2a-3a3c-4ee0-986a-f01507d8f4ca.tmp

Filesize
6KB

MD5
ad03e05d546a6f2016640248ce62e096

SHA1
05ba6f1b9db0398fd3b299e8a8f3e0988afc9fd3

SHA256
dc5eee071684c83c53ad36caabd1940caa036207c4e3d095c9350a6cc9949abb

SHA512
509415e836a66b538162ac60836faf6c6d32b85466c4fbf4ac0e52f876363f6d136e420d30f568fb30c3ee43d4cd899e58b77822bfa4a170cdec13ac1ce368f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
192B

MD5
5a56adff1fc4f790e44fd9c6224a9eb6

SHA1
bd3abeef9da2bca5f2e8d8510fac818745cb58f3

SHA256
a6af926b09673b5421f696ee061bfd8349826316f11b4d7e0d2a6f509deba2ed

SHA512
cd07d659b1ad09be0a706e253d372c6d6de0777fbf5e34d6b69c428a443a8b22a381e72feed1310de3529c9d94e37169598587318b55543b09bf8d27579e178e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
895B

MD5
5f6df84715e4289710759acc0a41cb9b

SHA1
66abadbfa023bbd8e7aa966dac83db464199e50c

SHA256
0dacd4f9710119895ca7f0fbcf4e11bf9cb7d7282061dca2654b38c4de497319

SHA512
8b1cb6b7c13b565b7cc81bbf2a13ff61e024426a0e8ee5ba807f0ef7f91a092645816fbde8f6abdd39400d15465ba330d073135dafeaca20a0f616f7b772d107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d35a5df5729b779b894be29ea4e9587a

SHA1
392c4f14618f94649db98e291080f217329c6f0b

SHA256
d906eac1af25cd4decb85a2417c912ddc5e82f4a8f2a43cfcda11e1af564d6ed

SHA512
99986d0e657629e6cdc8926c88b0155d21c03d87b82a6b9f3e0a0a1391520674df537e3f78e454297e7d72c603139ee5434f5975fd160c10bd4aab3dfc30933c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b88856c707bc277b9551b5910cc43add

SHA1
a4e1a677146966edb99be3cdbb1defb6beeb97ca

SHA256
1f8262158887f5d9bfc61b57221c257f6e413293f98db643a8e1fd817ef729db

SHA512
e35906f6803e34a92bdda663d1024dc29af9967a97bf6287fa172cf1dddf1447b7652a00fc6454da2220c35b7f82819e18735b598d2358b7e0fb30c47d112ec5

Download Submit