hxxps://www[.]bamsoftware[.]com/hacks/zipbomb/zbxl[.]zip

Resubmissions

07/05/2024, 02:59

240507-dgq36aab43 1

07/05/2024, 02:57

240507-dfx53saa99 10

Analysis

max time kernel
1800s
max time network
1684s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bamsoftware.com/hacks/zipbomb/zbxl.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2600	msedge.exe
2600	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 940	2232	msedge.exe	83
PID 2232 wrote to memory of 940	2232	msedge.exe	83
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 1784	2232	msedge.exe	85
PID 2232 wrote to memory of 2600	2232	msedge.exe	86
PID 2232 wrote to memory of 2600	2232	msedge.exe	86
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87
PID 2232 wrote to memory of 3600	2232	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bamsoftware.com/hacks/zipbomb/zbxl.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd92c546f8,0x7ffd92c54708,0x7ffd92c54718
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1721878845515818744,4928775450177964436,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5112 /prefetch:2
  2⤵
  PID:1556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
547B

MD5
e7e8d41ce8120250d1bf6dd8deb8c3fa

SHA1
45a0750f89b8a76995d65d5164bd64ee4dd672d2

SHA256
b89646198196d8d6cf9e899a3832a1d0ac3e11f630c2bcb78f16c208c54c8b98

SHA512
e4e2832a08ee5c9b0825572265219d0bfd63cebf6abcaf5bc189e5ee9ba2e9de869effc3f4ba8524f7d7dc0eb56a494f8fdf3587a7a1f0a13807d99459706229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8c62ee2949aab5e3fadea7126972fb0

SHA1
bcf5cb2e01c6390e20514135633d6a1a81eeb461

SHA256
52958dd13603064216cfdbcc6e890cc3b2eae970af15dff914480569c008cf98

SHA512
366310ed299dc2a4cf510dc9a88b4cadba3043b85bcff44bc80c4b99fb1fbfa54a3db80e8d93ec95b5886852a8e2cf0ae25fa71bbd09ff889ca2ab4d64d11c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e6b2ee5ad804b110fc50e01be7fdd2d

SHA1
25b349124f0aa948bd26dad82333a9e1c9c851ff

SHA256
9a91a65fb55af397516fc556d8698fb9d1a5bfd19913e52b877e4e95baf65f13

SHA512
9a2d19ce7d48bbe13de47f7702e066870f95c5b085598168f4df45d8790513dd1e972a98c877db6f58805795af030bcaa3ae8f655f7f0ad82dbce40f25552ee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c39563c39084a0cd2016325e2fcedd33

SHA1
ed840bf19c5cb4cbaadc4d5b91144af20842ebd0

SHA256
f3b2507a1e79c1f5169a940c418067c60c8ef0f604bbb8e46291e70175bd3cb3

SHA512
d5349983a43df41e303e16569545b082a4d89da35f9b08d292ea774afb27f570f18a50acec71be511fe4d2d75df5886369983414a6e5f2fd47cca6e5b5686274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54f01820108e1007dcd5ba2919c908bd

SHA1
df4a3d599e034316db1d31ec578820d6320bc69e

SHA256
ded7921847777a74ca8b50562aef9a0545ca141eddd63fde036ea9815cf7b76c

SHA512
2f6b262b95013755d52d2b6278cb9d516304f763a6b4e60cf1dc05e5c7ee5e1a72ee30f88d0c1aac5b2c4328f5c22a4d3adc73cbe7f2c8effa5b8a698d0ac0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93a2c1c6ea66f3582cd571d6a3c8b696

SHA1
f44e221ba13110bc4ce8bb8e17dcc5bab16c5254

SHA256
9092cc9d1c222141d0c851143ed241153f65b3b1a2249374a08fec73131112b2

SHA512
9b47d8b57739f350b57ab1c2c565428a738c88558af2b01974b45a9ea1ef604df03624f6cad3a881a00555c4f2e9947596f4f8abd66f5a35bc4c6d75702a48a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86f491a9aff935dfa4e39cada350abd0

SHA1
d0a95b367556a039f51c1be1b49946403ddbf39b

SHA256
bdf55e8b1af8467725c33fb1d9a9b11bebf57b033c723c380a0f69fb3acca87e

SHA512
c78796d0eebb5a633425030281d6c3cb4532b8945e32168fab79f59168003ce91fe7d2c54331772cd328a5eefd7139402e631d52428805b55b3b7974a5b56f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
3cf11e0c97157bb9962bb8b0ae661b1e

SHA1
85dfe83174a5165459410f4f6fc74b4044aee85f

SHA256
72c56bd6d1eb494ea0bd95fb965f24135dfce6d5cafdef469657fdd8628a2b85

SHA512
47dc3f873b72dacdda974f53dff8fcf3e8c6a06f3c7f4143d78bb5b7eed8ac8138c1f83608e91b5997bd316a112f0d43fbe654113d043ec0ffdf396576481c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
5dcabaa43757c713ab9d730d5ecb2f50

SHA1
09f37098eaa5109a1350c18f22bbb250dbb9f340

SHA256
9f39de5b1ef7936770257caf8e851678c56b6d91e0930d99f13f90ec7264000b

SHA512
13ac127b6aee4ff29a763ab1eeda2be7fd296c911dee9c97c37f2526461e27930886882a6cb752d3607fe7442c3177e51a071e61ffc88f33d30332dabcf374b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
3b11261a90ac7216e65b5b78a85d779b

SHA1
effc5d754ab0de54a1d85fe48224048b611fba1b

SHA256
3207afa0627caa0942ba0d742ebee01350b98fa56de1c902906999e75d1ebb7e

SHA512
af33109d4988cbb6453c1bc21a7d447b30f9c9f2d8a811f6b181140d27be4b303536a1b0ff7444ec6aa2bab1c6886c159671cbbdc8cb4d6e681a7f510e8a4fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
270f012e4d7d2aa7ebce3c97e2a63a0e

SHA1
18df5f366b9ff17cfa8b036d4912f267a3b56352

SHA256
bae184f949c217fd255f63f99d8e41640aa133c4fbef10e892c74a3d4397664f

SHA512
fb3aeee873b871ceae84ab94b760b132294dac223f7a899600d22ab3a71d9be952fd3ed8e83b17c5da3a65d2cdf563e7cebc3e35044dbf06d94b398243810606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
b7e0548fd8f30b4a2165580cd4f32156

SHA1
6d905041c2ed54c0aadf545328f81f4b42a0f8ee

SHA256
fa7a29e8de50f836e643f63a2e6f80193986c5a4b98cb797d6f2253a7f180306

SHA512
870cde854e305bb15497cb899ab5c1a9a05e33bac0c7a24a47e91c468c26815037e72a238971730810254a421332fd41f727dabe221e60c579849f9a5f99dbff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2bc08b3bf09055e6d93a0464312c2129

SHA1
d8dd50c6209718a23c717869c1a2131030a1f89e

SHA256
66d0a206cfbed48f8e2438ae251cda9411aea9733d4d2bc3dd7ab0b2fd4dafb0

SHA512
23f77dfbca1c64a8f25ceece2025be51c1ceb6fb8db1c277ce38d193a0f7522a3cf550af1a79b7c4516cc5eb5da62f5ebd3396b59b1e959ccc8efab39abb39c5

Download Submit