e57592c0ea8621ef3e3a9cbdbd8aeff4a3675b6d77fa7b2d15dc8db75e861cd9

Analysis

max time kernel
481s
max time network
488s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19/11/2024, 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

514KB
MD5

2b9ddfa384be8c2ddd3766ef071ab62b
SHA1

609ce3bb6b89be64c7d67a5c1aee7479f9c02e5d
SHA256

e57592c0ea8621ef3e3a9cbdbd8aeff4a3675b6d77fa7b2d15dc8db75e861cd9
SHA512

9ce55e828de608369bc5e53289d2b61fd889ed010026167e4b7bffc3e4378a0d742912934741cf4f0b70b461e4518cb5750ad3100ccb250460026f604fcd93f4
SSDEEP

6144:eLek8Gf8GJ8Gc8GV8Gk8G48Gy8GL8Gf8GZihj:ed8+8u8j888L8j8v8C8Q8phj

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\45e5f19c-7791-4ff2-9298-faac4f67228a.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241119161407.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
4916	msedge.exe
4916	msedge.exe
2936	identity_helper.exe
2936	identity_helper.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 2664	4916	msedge.exe	82
PID 4916 wrote to memory of 2664	4916	msedge.exe	82
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 3264	4916	msedge.exe	84
PID 4916 wrote to memory of 1860	4916	msedge.exe	85
PID 4916 wrote to memory of 1860	4916	msedge.exe	85
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86
PID 4916 wrote to memory of 4464	4916	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fffa09546f8,0x7fffa0954708,0x7fffa0954718
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2275183582182738405,18354374966538740604,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2275183582182738405,18354374966538740604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2275183582182738405,18354374966538740604,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2275183582182738405,18354374966538740604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2275183582182738405,18354374966538740604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2275183582182738405,18354374966538740604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2275183582182738405,18354374966538740604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2092
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x7ff6d0c75460,0x7ff6d0c75470,0x7ff6d0c75480
    3⤵
    PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2275183582182738405,18354374966538740604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2275183582182738405,18354374966538740604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2275183582182738405,18354374966538740604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2275183582182738405,18354374966538740604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2275183582182738405,18354374966538740604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2275183582182738405,18354374966538740604,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5432 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9fc751d5fa08ca574eba851a781b900

SHA1
963c71087bd9360fa4aa1f12e84128cd26597af4

SHA256
360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb

SHA512
ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d9a93ee5221bd6f61ae818935430ccac

SHA1
f35db7fca9a0204cefc2aef07558802de13f9424

SHA256
a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968

SHA512
b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fb63152c1edeffb44b99eaa7fc5f8c9b

SHA1
af310badee19ee2221af415344a57f27ff4e2863

SHA256
9439b6a3f9d5c1f8dd749dc88499ff764600a0636d9a08d3b6f3c762b5da4b8b

SHA512
8983921b5ae769b9626f848660420b2dd743d70560d7deb97e6e1bd0975294afde0de032093f74dc3f57bc501a76b466f868cfc8afe4b3bf7bf7cc78e8f7d198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58c167.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
48a66265d5fc8f57616bd95ac6344431

SHA1
5f085e70509f11e1ac0bdc5aba1a0dca34422253

SHA256
1110cefc0975b8171485f1859ff88124565a66899850025bb2cb79d9ae38ba55

SHA512
8fab44ac0737280a9df59808958c21e5a6ede11ed6a7d230c4f7b1365fb08bb2709d31da9470bb090bd162514ef1de982f70444b301a68e7101b5da12aaf80b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
95cd2160d665d3b49108ee107b669eb1

SHA1
1dfb42e75403700fae7e74be6814975a838c812b

SHA256
659a50245a3109780aa7aca72de4ea0d255b6d4a9541141ce9311288cbd963fb

SHA512
ea9f3d516ab8b467b2486bbad1fcadfb4053e9dc5bd4b4f1f95e6e9d6eae59876f973620846803586f2027813b553d8f90119f2706fdc13a295425e0c9101e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
af4885a3ee3cb810bccfac04407d9a1b

SHA1
1ad730dd0895a46c05783e0f54659744ead3616c

SHA256
d24e3e7a5edbcee6a6c08bde611eb7a3b5f6efbfb98d9428df4df70e6ca60072

SHA512
6ce23b3ee299101460f4c283a68399afa4516e98fe922803facb45f411b065aaaab27e249014912b9d94698ccdcdb51a18ff4926bf9fbb21ece5c56d72883958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f9055ea0f42cb1609ff65d5be99750dc

SHA1
6f3a884d348e9f58271ddb0cdf4ee0e29becadd4

SHA256
1cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348

SHA512
b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d3412a01d4c3df1df43f94ecd14a889a

SHA1
2900a987c87791c4b64d80e9ce8c8bd26b679c2f

SHA256
dd1511db0f7bf3dc835c2588c1fdd1976b6977ad7babe06380c21c63540919be

SHA512
7d216a9db336322310d7a6191ebac7d80fd4fa084413d0474f42b6eff3feb1baf3e1fb24172ea8abcb67d577f4e3aea2bc68fdb112205fc7592a311a18952f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\ac66b4ce-d9e9-488d-a3e1-27bd6a3524a9\index-dir\the-real-index

Filesize
1KB

MD5
0d3dc3c36cfa2d80db2f6918a2664d75

SHA1
185c5c33ed9b131ac8ef35011805fbcd9d688e5e

SHA256
c3243176d177a43aa48d9e3a6bc4146852c4f874eeb3b37b935a09172bd01566

SHA512
2b3d898951338f510f65eeb9d1d0de0016602ecedecdde7e8cfd4d05278ad4c3547a981d96d744b8097acb04a8dfacf9642dd54667268be6c7fca8bb50dd9520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\ac66b4ce-d9e9-488d-a3e1-27bd6a3524a9\index-dir\the-real-index~RFe585c44.TMP

Filesize
48B

MD5
f9cb363b3a3d34cd9344bfd9a8365bf4

SHA1
172a57128cfb039e5f2414fb6b42d588ee3f4a00

SHA256
1b30d5d0b5813c287f208b1bcae7abedd91ed934bb6dc7a13133bf60497cb8d0

SHA512
1805f50dbc59cf970074407ffd47d7b2c47a8aa8337e86251453e22b36e0c566ff9b3f3e5507ea98e61a6cadf9e886fc9e0fa9e139677efcb8fcd0b78cd09ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
73B

MD5
bba616d611733433abbbf862f5011a0a

SHA1
e49d8895caa73ba7de91029afb1e6f73cf072900

SHA256
5c0a611bcaac38d28981e5b3fd2a4ef01635ae752efacb7221fb1d7b110d211f

SHA512
17d817d986a1491e4a5355e87af3897da04e71a57984b1efd3e51679a781deb3f4201b3a3912d38d836bd0baec1e9d12f67cab4763543b4ac6d2e0b94111b93b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
130B

MD5
19e12008c76f7cb23e588db60c6434bb

SHA1
24cceb272a11a5c94f1540c78038a81193a78700

SHA256
989c53bbadec74231faaec55f755965a5fa9dfefea675a41da1629a15195b014

SHA512
78200588a3783b8786176d08555aea885d3c697aa7f702ecda99c72018fec773cfd96247e2ce0712d8ee22ef25f4d7355015887a82141d46da361bbfcf841e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
66B

MD5
865797ba5e66c7f28b8cce36a0a9b67c

SHA1
539a7f77d583716ac530d27e882a92fc6e5fa411

SHA256
25f97686d3f08bdcf6c10a5f99d999f2d67120c7899123419aefdf521e3ccde1

SHA512
8b67a51b5da5f1f6f0d764ac3a07f8c1d588a05eda9d00fba2b033cbb55f64069b84497cc2e5d3c6923dc8528abdcaafb816f38334f7a8e63e243a7e2139c0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
68B

MD5
7d333bb3138ad73f1d8a0662fd4c1d9c

SHA1
13018c8134e74f2296a3a919e1be19ccc47d5dea

SHA256
3f726841acd2ddab028dc2e9e83a7cd0c3ffb844b17e11d277cf2f96c84f791c

SHA512
1f580a405b06c84b5417bf597d1363bf09fc5561dc5b7be612ac718bb451ec117dd0330e11706785b3977b7ba50b291531e6322caf408b72e40fb7d428b1c136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
23f23a2f9b77442c5fce03d84fb8b3b1

SHA1
36d7c62abd318df938ef556687908495abf667d3

SHA256
6356ed403c135d4883efe300cc7ed1c7ac749cbda2bf3621f09c67a90b4797c0

SHA512
0052fb042bae9f223cdc4f266da50b2a02188ef263c56d2252b091acf8197b0d972c79b5dfc6939fdddfb21eb64691c3fa68f8344c3061259b7ccc3f3bc32cf5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6ce913281ad6b28ac23c95dabd02d8d0

SHA1
7d948c2800712f7197ab3f78b627730189780c34

SHA256
91f0784d2e596e6260abcbcdbb8040404ec8f79f312d5f60eeb694b6295a4b70

SHA512
f497949f8efb09189bb9f5cccf7bbb7b7097dbe2cdb0c776a5e2ecd41cd568fadfa92af3de2512cdfc2bae9498f7850ed80c31cc3c847a6be22bf0f65a4446ea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
2379274376d4a7aefcd02c6a4ef52490

SHA1
57f72aaf416ef766f7ce2fcf224bc31d682f7fc7

SHA256
30f50100c56fd1870885f4a19ff9f715f40851a3cdd96d023c06e612b6dd907e

SHA512
3581b76d1665a51fb5ce5bc2ad0599bf04096917ad757dbbe082010a2112ff80aa38fe4a933a99af9eb0d89a4dbc3785e923ec3f23b91622342ebbb860053177

Download Submit