e9719eb1786e950909769e1c0e6db7d8151dd0ed33906826fe3010981d03d889

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6BTeBJ69pQuVL2rirqlhJP.html
Size

107KB
MD5

fbf2700ec11d3ddd7844d9baa74d1f17
SHA1

d010c2d1c40fab31518588e1ef32c5180e520c9f
SHA256

e9719eb1786e950909769e1c0e6db7d8151dd0ed33906826fe3010981d03d889
SHA512

e8b982135a8a316ac480abb95f0e85697e3a25b06726e23db59771bac2946254b3c7ab3ad8c9b408aec86aaa87a47fe513ce9f0934c8b5ba4e6e95fee1066d01
SSDEEP

1536:F0SQimNVDLnXjHoIlK0x6WfMwHNr0XzIS/2S8:FUVDLnXZ6WfMwHNr0MS/2S8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
3484	msedge.exe
3484	msedge.exe
2200	msedge.exe
1964	identity_helper.exe
1964	identity_helper.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3484 wrote to memory of 752	3484	msedge.exe	83
PID 3484 wrote to memory of 752	3484	msedge.exe	83
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 2244	3484	msedge.exe	84
PID 3484 wrote to memory of 1484	3484	msedge.exe	85
PID 3484 wrote to memory of 1484	3484	msedge.exe	85
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86
PID 3484 wrote to memory of 1936	3484	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6BTeBJ69pQuVL2rirqlhJP.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad3f846f8,0x7ffad3f84708,0x7ffad3f84718
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,15169832582892653988,6155142952741229450,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,15169832582892653988,6155142952741229450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,15169832582892653988,6155142952741229450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15169832582892653988,6155142952741229450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15169832582892653988,6155142952741229450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2036,15169832582892653988,6155142952741229450,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,15169832582892653988,6155142952741229450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,15169832582892653988,6155142952741229450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15169832582892653988,6155142952741229450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15169832582892653988,6155142952741229450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15169832582892653988,6155142952741229450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15169832582892653988,6155142952741229450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,15169832582892653988,6155142952741229450,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
272d1c7857508722399f8f58c7512b73

SHA1
a3edcc9b765d91ae22be1abb8d844ea2063f70f8

SHA256
2018be8e71e4ab7e09c5bae1bb66c45d03c3711983fffb3572839a3f4f4e7b25

SHA512
57aaca72dee7c11bbac75d3d8d2f2bb8945c07733a1bd0ef71ebbfe2b0d7778f2d63e959b5e8fd2d01014cd1d08cd54d3d8f614f0c528de4a54d812add47c21d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1b0c2465-0ff1-4c37-8111-d7350c118492.tmp

Filesize
11KB

MD5
ea450d74e928405a1a260d8ed90882e2

SHA1
3ec7e6b71e89a2256741627142b35c82cedcb6a3

SHA256
4b2c5f12d0b0d179864919a9d267a59fd82907f18f79eaa5d59705c3f13a702a

SHA512
86aba898f7c62d1e704e7c9ad290e5e1048a88d4995ca1e0a00b0bfa3071ac9273da535e059c558c4076dcb32b15a1cfa9b3c443b712e77e8379a4fdda146df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c6e12d6063970789d8e175bc7befea93

SHA1
71e5cec49ec0c14f53e490407a3b3e3f488b058f

SHA256
8e106b39b2213493c1ea6061855f28fe9806286f9940807de0afd8822ac9f85a

SHA512
411a0618086ee0d8d71f88caeb493d48e63f6c84bddbaa4bfa97048a40d488d8c342df1c1d1306cf4af814cbb94d54a26828e90ab07f0e55de0c205c98b2dfa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a2b63f3e85e7eb6bb62038540e0649d

SHA1
a25387db8b15d538351c55cb4dfa21f7ce52e067

SHA256
b8fa574a447772d94ff34e055910cb7dcca584b4a4a7cb76136cb9847af50bc3

SHA512
46fce00b3253344cc6593af777c15c084af82133ef36dfcfdbfe2e5147875e5412e65f6348003a9958a95f3acb980c2a062066487f500f2c7b11f41a639db19f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1e6d5b0a2dafb437c8b864f9001161d

SHA1
f3e5241815b0109c996b16a1b2012809fcf70e61

SHA256
d0f84610002201adcd68c29a4305de71df47229ed9ef6685bb3f24c0e696e55c

SHA512
e7ab038e38510bb7c6893ed020eaec52dea9e876b5753d9cb11c905f85c52b71a867b77b4447f2ef00a2baff64e5c71c8c8139a20b7d074434de8e541c851f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit