145ded05bfdf62d8e61087bd7df710af7f14120378bf56f039edcd7987965722

Analysis

max time kernel
218s
max time network
205s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
16/05/2024, 16:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ATT76067.htm
Size

299B
MD5

eaf207bfa776d2afac3c9bb1a79dd862
SHA1

eddc471c3d77aa2b2f5c52ea2e7e631642fa83ab
SHA256

145ded05bfdf62d8e61087bd7df710af7f14120378bf56f039edcd7987965722
SHA512

9d0df19d3fdcee664372cd30f0b786e3073a8ea3cc5fea8c8b481ab90ff10ff725ce3f76f0e7f6c457455c34cb78da1a104a7062db7fe9f79256401287709d29

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
3216	msedge.exe
3216	msedge.exe
852	identity_helper.exe
852	identity_helper.exe
1956	msedge.exe
1956	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 3012	3216	msedge.exe	79
PID 3216 wrote to memory of 3012	3216	msedge.exe	79
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 3100	3216	msedge.exe	80
PID 3216 wrote to memory of 4032	3216	msedge.exe	81
PID 3216 wrote to memory of 4032	3216	msedge.exe	81
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82
PID 3216 wrote to memory of 3476	3216	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ATT76067.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8b5903cb8,0x7ff8b5903cc8,0x7ff8b5903cd8
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,910534590074940118,13184646317973561132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
a8b1ebbdd036359ab94b74134150862b

SHA1
dc8ff9bc6c9fa9f72a07ddd3b0b413bf69530ab0

SHA256
d07a8c4fbdfd0a93e68fa49565455d64eeafb4c0e18ae2e2e84539ef3cab1db2

SHA512
39c23aeea4106a2cbd72a6081879998dd773823c5d77bdcd6773ca89f25c6369853fb438bb66c55397d3c9f385e24a4726071ff7c0d8ff94e684ad0d3efae1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
90db897dc5dd9debe6f0014ef145e22b

SHA1
3e6896f30a7859da312498f1e6535b263e9d0589

SHA256
7a0ffd8df28e30012c4822956b68db78dcb1f8be5e958e52a457a03dea004410

SHA512
9a868295c78e3fee7994b4884f9ece83e6b2e89ad48f7a22e3c7ef16082ea2a4cf8f3aabc4872b4b8bfecb8c4a6dba1a553f9ccc6a3ab889fbcce8dd83e84e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5df4ac5705cc841a65da98eea9c3f5b5

SHA1
f6362b4e4abcc818a5c4b46a50f36134c7cc215d

SHA256
41c6902905c40e43672721ad386e4600435bc184b05243770f2b0f46b0cf76d8

SHA512
c8d94dc30413c2ec04dba22b21d67113047c9c56e62974a640a0105c88b2f112ab25e3a90f6e7e11a0f3a00a013d474f34c35b5bb70d5fa82db61e02317f48d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7c6744c856746b4a1c58f0ac935282e

SHA1
0d730925b3bf3d48b1a8a4532bd5a0b4b2ee38be

SHA256
824ca046605eea2d545ffbede662d52b8316351486d1fcd51c9b6a62144a7563

SHA512
55eb571e0a17c12d9cfa33739c7c004fac3f0a089aa17e606a59c7abfc0be071bee0cbcba12e67c96c9a929f93e8f759c0c988eb75b64ff961a8b53bc9228c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e820ffb31768c09d90bc07d3ed7e86f0

SHA1
ea8a446316811f739d9a0d2720235b1f0ea466dc

SHA256
632dccdf53378be77f8c0cf6fcf97295ec00ccd298c948fb0d4607c9116a3012

SHA512
7c85e5544019396eaf6d3c9bc7ff4b83a3f8ee7e9808b87a8ae8e1fa421f2f6236004cd965bfebd005c9d7820bd91bdf4d90fdd490f2156a53347e9d5ef2f245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ba250aa48f830b335ad25c481a6d3d66

SHA1
e44a9c648c18f38111e6f3f8b3430106a9341673

SHA256
812cfd24d77afb562d747a9966bf56c8e26f6ef1235c97980e3348ee23bcb05e

SHA512
a3012f66e5aa9f8aa7f39085dac3a673fb0a1703223991237191639dc1b9ea1107d09623133cf94da37c44903f80f49c9289ff58f208e7166d001a3e62dcb39e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8a431424cb66341812bb1540849f3573

SHA1
2eab11fc48bfb781a22e5ba5e1ad33c6ef7520b8

SHA256
6192e60475028de8870ef57a3d9fbe65c3d6c21dc26490afe6dc00e80c9c642a

SHA512
96715c923211ae56cf2810a7c5a609f004898d0cc3af6fd8b1225550e11cb6106ac81faa45da9fb8598bcb371c3827624237f15f1003c50bb893768bf317ad5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fff451319f4e4e09ab00c30bfada217e

SHA1
eca8571238cd44abb247a7a218e25b952198e797

SHA256
e44f36f204026b9b77b4796c2ca803d71d7372bee0e9fb14c242c3ecfe6a55d1

SHA512
4c8e0727c1b5d74b34ccfdd404233c7e5c69f06ecc838ab008cda26b4a7836579adcb89885c8ddc4b5a29b98a74f8fa942627524d13283d55f741bf579c78b90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
377b72d7dc431d95d1f1045759ecf9c4

SHA1
2f31ad4a5941a9b5ecfe6361be0488595255a654

SHA256
415a31d98e13505fc2a50341ae0f3e2d71a36844c1f05bfdb8aefc67c4031028

SHA512
1d91b1baff6fa6ed11664535555bcf37ab616cc8510642e1a657148b4fc1d3c0e253380649fae6fd02f9c5cce88ccd13dc4c17cecf76cafc3eb093faa7617804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e3598ae3db5120a8a791649337e3ce43

SHA1
0d643bea675ed0d7a5d4cf9eb5e9b1ffe6dcf4ee

SHA256
ad1e0c6bad9d62a71e6e79a281bca312bc851a25512dc7576c0932ca6936ed57

SHA512
a87f4124f0624bcc7708b87f94c758b1b62a6b8bdb324b662073818eb8709f2b3dfde377b22ce5cbcbedaa6bc3904632c05c1be273189033a54580a3fcf574cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37d0a6ea83ed7e1f6199a4235fe7e871

SHA1
52be39f5af965da99cbacf23560ee4b60e82c8ad

SHA256
cbd9f5d691aadd5daa9fff385ad053e5a30ec3d362933fe89385a65389c1c611

SHA512
a2bc7feac54d4ee88ee0420af737314c88bd43ae9ad0ce70b51820eacca01b6daf92c6d7fd721bf53a517b6866ae316f5e82d1657d5537d5534bfe63ab4724a2

Download Submit