hxxps://mail[.]surenotifyapi[.]com/v1/t/c?s=0&x=20240531212321-1-3199cb06-4a3b-464a-960f-d2bf0b72ec1f

Analysis

max time kernel
721s
max time network
727s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mail.surenotifyapi.com/v1/t/c?s=0&x=20240531212321-1-3199cb06-4a3b-464a-960f-d2bf0b72ec1f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4788	msedge.exe
4788	msedge.exe
3440	identity_helper.exe
3440	identity_helper.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 5036	4788	msedge.exe	82
PID 4788 wrote to memory of 5036	4788	msedge.exe	82
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 3536	4788	msedge.exe	83
PID 4788 wrote to memory of 4976	4788	msedge.exe	84
PID 4788 wrote to memory of 4976	4788	msedge.exe	84
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85
PID 4788 wrote to memory of 440	4788	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mail.surenotifyapi.com/v1/t/c?s=0&x=20240531212321-1-3199cb06-4a3b-464a-960f-d2bf0b72ec1f
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba6a246f8,0x7ffba6a24708,0x7ffba6a24718
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9237724866790698745,3383437097424399461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f056e1f73ac942084d400a8866697e7e

SHA1
9737ed011d293fcdc61bbaefd2a65b890ded4325

SHA256
82436a47d77c8b662a1713c2fe03589bbabb20ca4a3d03c5af2feb12fc21b1a7

SHA512
c78583b6e8b24413022edc076ba4bc91f1edb39d205cdabaf57898cfa3b7789e833071fb35e3671acef88e5e2cfa1e6bd166a783b153872c8f91ac2b6a326e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
990131bdff1afc4b60b2574294f5805e

SHA1
252cfed9500f1e1f84ce7849e18447d0882f2aa3

SHA256
2b0dd048672146dce7a31b09be1fbc2781b6ec786446aba3f3df398a44f1ce22

SHA512
df1d6c2b969e19fd427ee7a5248912dc9fb6f93c8ab01850231eb105a80d8c462e7fe8d757154874afaef31e1cfec83b90aa5102d34b20e837214acaa7a204b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2ee741f2e61adc8a04aaf6e5086202cd

SHA1
cc56b6640fff7292438b34812ee6c3119df2c1b6

SHA256
6c8e46bf9e261f30ea0337f100602cbafb8941bd7b35abcd536aade0f1d77f2b

SHA512
a8e55e0a8b2c734f51bc5dcd66b3e47b341fbc812142537136d8bea99a1c287bf4be9128ccc3fb64b49b995e1779ec0e6bf8d327174782f5f40935b80b212c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dfc63ab7f70e85b60c0b0ae0e4022216

SHA1
598e22c228397f675c2022096e95edd0b1d91f49

SHA256
fa2279f3e4b739cb353110825ac1f1d15f4bc530db68eaa79cf561893a7b5ef5

SHA512
6f23c08a3a31de14b49515f6e35f3b13d939aea902aeb1735c10830a14fc3d1c79a1ae27b008041cf6170406a7954e7e7a700929a98f805afe7a18d5e55484b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
37b658398aa9f50bd247e417ae8292ed

SHA1
2e12d5453e47985fc8f285a6fbc1caf4df6ad07a

SHA256
edb242958c82dbc3ba3365c63da4231030c560ebbf7622c02d2be9658595571c

SHA512
475cbef6228da724facb4fa0beda81e987601d696b46b1dc0fd63d87cb5b1d63b83fc662af63730d06564a61c9c03a473064bdfe48104de6029269050e76a73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
201677dabcfebb6dc4ab6e3b1de5abc4

SHA1
d9e5d57df23f84a7a028cedc74ddd0eafcee2e7c

SHA256
d836a800256e6b544ad044515a43c1fe41b4ea8e1e9468b2fe2f949072adc3c2

SHA512
fe6512519870762b60261ef882de6fdbd3f4b88fd05c5913374c966076461fb5655dc3996075f5c6a562fee8e63815354d58cf565eedcb1b2bcf79545a19f665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3931e36cdfb4801b65e5103facd4bab0

SHA1
db5bf917824155f826966d8c50a2082f8cdbfc1c

SHA256
b9e7cc7b36e316effa558285ed8f2fe7e96baf223a9839546f5e0e42bd87c9bf

SHA512
6d7c06a52b1cd0bbda16f77467b931b9c479c1f66298c0d10002bff48156e83ceeecc610a7766a28f23ed12dd4008d9c6862d26481081e948359b0fcb281ac22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df602e0da8750be8d45531810ac535be

SHA1
d6f4aea2770af4b28291e7caf7a3762e5f5b3041

SHA256
bbb81c691c9718058a065fbf1e747991f0ee9e4b7acab7de058c98c9d80c372e

SHA512
4eb4478689db8844adc602d6e18772da44b268127a5c7f9bacddfdb18a7e56ed93a41d01f2b66a6ca57a5ab367a9c78bc4edf8200251bbef53eaf53228d9f100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7e4fc71e18fa105a921c74e38e4408e

SHA1
1c6ee86e10d5c83aa26c2b5d795520f935abdbda

SHA256
376ac91c3740b9870ba648c792ebcdf291120c561471eef2ab3da9f114a59a8f

SHA512
ef12180166281a2c1e277a457f0d783837bc6e5db73cd892e444cedc51bb365914f02cf4a297cd57eaa8b6fd8b3a33a4235baa78186de20d4da0355b8ffe39a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92565dc961512960ae033bb3b18ecf6d

SHA1
f97a58d189d1e5e446df48107a78be07f7a1e402

SHA256
d424b47c6514012b8f3705e616b972ce61146713657063a02ee5042ab9519d24

SHA512
306a621c5e7ada95c99fac9d80b48782d78517bed7823c798f19572cc2e31b9f4a20724be2e74dfcf2762befe0349f93ef22b4b1f2a10d2c49384c383ed49189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe60fafe.TMP

Filesize
537B

MD5
976a5f7a4864cbd7706a1ebb974d996b

SHA1
278ee085c7c3993dcc45e4740b162f3f511bdf8a

SHA256
3f9a9f4f3b3e1d0dcb4013a10717c3a5f14dcdeb1bbfecf253124ff25886ed3a

SHA512
2eceeaab3b8b9564d6cf294528caa954df5c3f7154c553affdfe4d4aa0a5aa460024e0b173f364f9893f19a07041a037b7ecf74c1d02632d7da2abee94013299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a5336ed18ed0bf18273e5d38cf640f6a

SHA1
05df159845a68843bc3241924e1cd682f2e320df

SHA256
70e0ed6a6a0e2acfb817f1636194db091c4a47d526b1e1f403a2295dbe34b8ab

SHA512
3e573c4e7d7089ebe15072e9a00898a8811f866434deffafb0f7d05a76c4e62852565d83e5dba8b59a13db3c097da776466237d2bd424504d2ff9bd49c610f9b

Download Submit