hxxps://www[.]surveymonkey[.]com/tr/v1/te/akU_2BQc2vAhAsa_2B264x1g6_2FpF_2Fhy3EhxbpxJDHYpYZT3PErDK_2Bf6OjNYOPsqZdKwgSo_2BLqr_2BrK2RNVOJO7JESzc5K8loCYnrwMTq1HkDYZwMVBpTCoRX2FxhzJFamQKMOGx_2BtNhkCXIcWLZ7bEAfyylutQwUibFaXo_2FMPMFju6QLb47E4Fo9yfx1qypUKLJssCIoDiMRl_2FpJ0AbOcs2BT_2BvymNDYKBLAPykRKY_2FIZSTbZBV7mSlnX8EnHJnetG3rAXA8HSLxWlH_2BbSQoHTvVFKnbv9cfOlf1yQV9DZCL9NK8H_2F3zmUra19TACcOTR6IrCCek_2BSAT14fDNxDICYkufMJYjYeCcBIundaoSHfyB7XkIWxkjVl86J9_2FHRLylKvtO8Pc_2FwsXgT_2BIkXhbnStd1YTuHXGXfX_2BDztGbTlO4JLpPXAsDSnr_2BNA2TbLFoSu5vaJDv0D7TM3vg9VsoTi7qejvCKazPm4989llbYfUYqSrDA1TMf_2BYFxuRm4EDBhTfm_2FxXCLwbMNfrUnrDgyTAkXaN7m5FT05wpDwcflbmxZishs3xnuYqFMfN4LYC76Kvgh_2Bqj9O0JQS6GJ_2BvYirb_2B_2B7loN6Iu_2BHmkjTnI4QpeV9dw_3D

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 11:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.surveymonkey.com/tr/v1/te/akU_2BQc2vAhAsa_2B264x1g6_2FpF_2Fhy3EhxbpxJDHYpYZT3PErDK_2Bf6OjNYOPsqZdKwgSo_2BLqr_2BrK2RNVOJO7JESzc5K8loCYnrwMTq1HkDYZwMVBpTCoRX2FxhzJFamQKMOGx_2BtNhkCXIcWLZ7bEAfyylutQwUibFaXo_2FMPMFju6QLb47E4Fo9yfx1qypUKLJssCIoDiMRl_2FpJ0AbOcs2BT_2BvymNDYKBLAPykRKY_2FIZSTbZBV7mSlnX8EnHJnetG3rAXA8HSLxWlH_2BbSQoHTvVFKnbv9cfOlf1yQV9DZCL9NK8H_2F3zmUra19TACcOTR6IrCCek_2BSAT14fDNxDICYkufMJYjYeCcBIundaoSHfyB7XkIWxkjVl86J9_2FHRLylKvtO8Pc_2FwsXgT_2BIkXhbnStd1YTuHXGXfX_2BDztGbTlO4JLpPXAsDSnr_2BNA2TbLFoSu5vaJDv0D7TM3vg9VsoTi7qejvCKazPm4989llbYfUYqSrDA1TMf_2BYFxuRm4EDBhTfm_2FxXCLwbMNfrUnrDgyTAkXaN7m5FT05wpDwcflbmxZishs3xnuYqFMfN4LYC76Kvgh_2Bqj9O0JQS6GJ_2BvYirb_2B_2B7loN6Iu_2BHmkjTnI4QpeV9dw_3D

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
3268	msedge.exe
3268	msedge.exe
4328	identity_helper.exe
4328	identity_helper.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3268 wrote to memory of 3688	3268	msedge.exe	83
PID 3268 wrote to memory of 3688	3268	msedge.exe	83
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 1592	3268	msedge.exe	85
PID 3268 wrote to memory of 2420	3268	msedge.exe	86
PID 3268 wrote to memory of 2420	3268	msedge.exe	86
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87
PID 3268 wrote to memory of 3552	3268	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.surveymonkey.com/tr/v1/te/akU_2BQc2vAhAsa_2B264x1g6_2FpF_2Fhy3EhxbpxJDHYpYZT3PErDK_2Bf6OjNYOPsqZdKwgSo_2BLqr_2BrK2RNVOJO7JESzc5K8loCYnrwMTq1HkDYZwMVBpTCoRX2FxhzJFamQKMOGx_2BtNhkCXIcWLZ7bEAfyylutQwUibFaXo_2FMPMFju6QLb47E4Fo9yfx1qypUKLJssCIoDiMRl_2FpJ0AbOcs2BT_2BvymNDYKBLAPykRKY_2FIZSTbZBV7mSlnX8EnHJnetG3rAXA8HSLxWlH_2BbSQoHTvVFKnbv9cfOlf1yQV9DZCL9NK8H_2F3zmUra19TACcOTR6IrCCek_2BSAT14fDNxDICYkufMJYjYeCcBIundaoSHfyB7XkIWxkjVl86J9_2FHRLylKvtO8Pc_2FwsXgT_2BIkXhbnStd1YTuHXGXfX_2BDztGbTlO4JLpPXAsDSnr_2BNA2TbLFoSu5vaJDv0D7TM3vg9VsoTi7qejvCKazPm4989llbYfUYqSrDA1TMf_2BYFxuRm4EDBhTfm_2FxXCLwbMNfrUnrDgyTAkXaN7m5FT05wpDwcflbmxZishs3xnuYqFMfN4LYC76Kvgh_2Bqj9O0JQS6GJ_2BvYirb_2B_2B7loN6Iu_2BHmkjTnI4QpeV9dw_3D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8b7646f8,0x7ffa8b764708,0x7ffa8b764718
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,1560431560861876101,11009861531396689794,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,1560431560861876101,11009861531396689794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,1560431560861876101,11009861531396689794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1560431560861876101,11009861531396689794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1560431560861876101,11009861531396689794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,1560431560861876101,11009861531396689794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,1560431560861876101,11009861531396689794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1560431560861876101,11009861531396689794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1560431560861876101,11009861531396689794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1560431560861876101,11009861531396689794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1560431560861876101,11009861531396689794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,1560431560861876101,11009861531396689794,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
1a0da2bba6280b233696055ca0302ed7

SHA1
9e176a5ac7326d68d577c292064b8a39446fcc30

SHA256
eded10daaf0beb76503fe044a8adaf7a278523280cbb733e3f550c2c4c315dc0

SHA512
74a625f892cfc39e142a215a1f13f67aa21d1aadb3d7c9f3ad8233b314dcb23ed84e4efd29edb5915c3130e1d77eaf669018126e3b140f2d5ba96bcfa1b8e654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
703B

MD5
1551f6f84eec39ff402107bc970040c9

SHA1
4bd1e383a82069a804a45eac4e325cc014fcf4ea

SHA256
fbe9ef984707e36b73474f4cebc87084b9ba31fb379cd1cda01a1227c7494ba1

SHA512
c0d3c37f8cf1bf4b17a1b7b816303e6d03443080a631e4c6bd602ff0c5b832a8c97908c34f681b3bbf37bf92bbf3407e99189f032716809ac314d09ba7f816a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67cbd7770a2490af250d436d20b76cfb

SHA1
6c8f4f49230cd6da3f7604d1b06dc1a1f8715c48

SHA256
ed9ffa1ed44fe16bd708ac5322c20ac985eeb7fb207c3716e34ac0d31eb2ac91

SHA512
767cd1b6971f9c8a82b5e94100faac6b7e1578c96e95d7d21f3205949c205cc3a93e258b815a824ff95aac5d1557660bb0cbf8b6520a00edd6f324be9e4d5609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08991c1ed79372c7a88930d312c44dbb

SHA1
f0c335658b7f3ac85f25edfba371cca2b664df91

SHA256
67ddf6f4821313f277aef3383df183abc86d483d8f07926e81831fc1c081c4fc

SHA512
8d03cedd7d71b7fb14462d4f161ba70a97c973f52e31f29ca3ddbae3a68af5dc629931e4242be6d20784945258e55575ffb1189aa5044fe6998f7479cac91b96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
889793f4370344955bc6a81fd5ce70db

SHA1
292f6e0854182db7d5c9764b1ab29923671d5753

SHA256
0c2110598eeda0b1f819394c4552eed8bcceedec5d5686010b69e6a7dbddf272

SHA512
6c819acead76ad98772ba5bcc273e6841b4470a47605038e7da1811cbb9d67558bf57270437ee9d69f8947fec6ed7ea33a133f107733cc4eb9469b2b2d198f23

Download Submit