hxxps://app[.]corporatepages[.]proximus[.]com/e/es?s=4242207&e=44049&elqTrackId=1f0c8d69b0ab4ebe81f22d3677700683&elq=7824eb8924f0405284cd782f4b718206&elqaid=2868&elqat=1&elqcst=272&elqcsid=30&elqak=8AF57EB343A21429BC6C8AF48BF673712E7F10BC6BED6BB222256FDAC8775D4F3E4E

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.corporatepages.proximus.com/e/es?s=4242207&e=44049&elqTrackId=1f0c8d69b0ab4ebe81f22d3677700683&elq=7824eb8924f0405284cd782f4b718206&elqaid=2868&elqat=1&elqcst=272&elqcsid=30&elqak=8AF57EB343A21429BC6C8AF48BF673712E7F10BC6BED6BB222256FDAC8775D4F3E4E

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1880	msedge.exe
1880	msedge.exe
884	msedge.exe
884	msedge.exe
2844	identity_helper.exe
2844	identity_helper.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 2180	884	msedge.exe	84
PID 884 wrote to memory of 2180	884	msedge.exe	84
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 3248	884	msedge.exe	85
PID 884 wrote to memory of 1880	884	msedge.exe	86
PID 884 wrote to memory of 1880	884	msedge.exe	86
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87
PID 884 wrote to memory of 1624	884	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://app.corporatepages.proximus.com/e/es?s=4242207&e=44049&elqTrackId=1f0c8d69b0ab4ebe81f22d3677700683&elq=7824eb8924f0405284cd782f4b718206&elqaid=2868&elqat=1&elqcst=272&elqcsid=30&elqak=8AF57EB343A21429BC6C8AF48BF673712E7F10BC6BED6BB222256FDAC8775D4F3E4E
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa907c46f8,0x7ffa907c4708,0x7ffa907c4718
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12385031057175752833,11646221297920983511,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
debc3d736b7139264b9a83b1ae3b832a

SHA1
8e0226ce86d94ad4e243dff551613bb518e68a29

SHA256
10804ace8b65c16360d451bf40729487d55de16afc0f961f7650b8646035a7b6

SHA512
59bf6b3539b91a7ee0ac23c8bc5b677c12615cfefa9e9ea852c4fc299647f87f58833e1f66e2e65c45d1d0dcb2d521c5a6f2fe69de0c4ec747375935cbd5017a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
319B

MD5
8c89331884385b2ad483a0ac79d3b94f

SHA1
b65219f8b12606ea11cd4c7251e6081d30afc97d

SHA256
f1232f93d02a690e827bc1f4b6bc28441bf051ba817b7d9680f84c3d3d2cd575

SHA512
0e1f09917aea1cca05979168f5fed6ae3b80c4f85d0870e52e03872389728530cf59f5c57081f3ef2b35545a2769ee82aacd97c94f0cb031785a4e2b8ed9e2f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a1f528d76b99b1d1c6f176493c81bf10

SHA1
3b3dd49e0e972eba275c0950a41386f192ac7430

SHA256
53739ce3a85fe6144becfe59131350b83b8b6ae5ebb264a22eaab273ab759d87

SHA512
1ebade3249c9c5279c625cb9690f1ddf761ba3c9f4fa2a9f8f3eafd7974b41010d7819c09b0cbed9811c47a366b93b05a68e557602dcdf50c9c0cc60cb55d0ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d4c222797503d02e0892778f899add0a

SHA1
8cd3f9d27441eaae544ee7ae40092d23d614fd4b

SHA256
4de0f9164479ad968140b72c57370defe1b7558707e0857f97e9c36e78492da2

SHA512
99d7eab71c51488776e25cfdfa6ff26050c40a895ded530d85e7eb63fe74262870b31606e85f174cc7eee8857898727ec515737841dc289713f159c923805b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
abe46a3eb3014ecd9d7ede6652673e3f

SHA1
602690839d468a07bcb141d7b5c3e4735b63672d

SHA256
90df9ce5467f4eea25f03322fba6d0e26d5ffd3b01beccea67b97b7d9ff4520f

SHA512
21b76c50def193c14e5b149a7ce75f6ead0d50dd6388ff0ffa51818e561912c4077202c98a5603215edcb610019f5aa62dea87d1e86704771c29cd647673494a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d55ce0e352827830536b7fa282665591

SHA1
c46f2e2032ef225a12b311211897f4b5bb69c696

SHA256
45e04c38dc28956ad44c6c846b93b1488380e927e88f533f4deaa0a3b3c17ab5

SHA512
e788df45a324fcc073c87211fe7be02ee898b250c6a3c039513b1e24d8c5abc8586a30e5631598c2274105a835f681e1dff21fc81157deb6b52636113fc62e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
2a5e716e22f7703e24f4ade702c2653f

SHA1
5e88197289512900c4b4ce4b1e74a6f2af0514b1

SHA256
0ff900629f609725bd4bc04d5f4e7e094b7e7d0837f369e536158e4bc754ec74

SHA512
3e836a7c695fee83dbdaa90fc128ccf9bab2abefa38eb6e09073327adedb9eeb9e3894dd8895d35638b35e2a45c1c4e1da795cc3f6da31157e55d28b9421baa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583747.TMP

Filesize
203B

MD5
1b817f75c7e30debab6e9c6f85b5aa71

SHA1
05c3cec2eb6ab65c9fcdb8ded235bd56df543869

SHA256
3d0237d49a19d302f49f18d6ed24321dd940a81d2af42240e3d339811b587a37

SHA512
4aa8d5b737ae3ee911d15cdab3316685c656f373f0dd29f2a724323a04e9e68797dc5d2235e3d8a47363a068328d4481b0d8dc3cebec4f0a9103a33f65210d30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
65d3c1848ec6469d5c783b6d26920230

SHA1
9425dcd7fd1683e2022bc882ff2be3f43874e122

SHA256
8dad6265f51281e2aaee12a78e531585858fbdf22e59c799d0c9672fe7da3e28

SHA512
18853de827197f922dc3afc3052e8187573c77a67bbd70f489a8da7ada1be0d341804a118d8a6ae4dfa261ec975b586c8d57d86e39c5655f5cbe00b4c616f367

Download Submit