hxxp://Google[.]com

Resubmissions

22/11/2024, 19:51

241122-yk2z2sxnat 3

22/11/2024, 19:48

241122-yjehcstkfj 10

Analysis

max time kernel
960s
max time network
1044s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
22/11/2024, 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
3900	msedge.exe
3900	msedge.exe
4508	identity_helper.exe
4508	identity_helper.exe
3944	msedge.exe
3944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 2852	3900	msedge.exe	79
PID 3900 wrote to memory of 2852	3900	msedge.exe	79
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 2912	3900	msedge.exe	80
PID 3900 wrote to memory of 4428	3900	msedge.exe	81
PID 3900 wrote to memory of 4428	3900	msedge.exe	81
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82
PID 3900 wrote to memory of 2972	3900	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc20b3cb8,0x7ffdc20b3cc8,0x7ffdc20b3cd8
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2420 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,7285914523384111847,11545325437270405564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3188 /prefetch:2
  2⤵
  PID:3436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
397dab99d8752d44294f8d0a372b8563

SHA1
56935ba1868538f188a4140c87b2a255fa55a993

SHA256
d5a6bdee79c8fa0b97d5d8a498037d83464d8fd8c79117be3a9afccadfb55111

SHA512
29ace057edc1a7a40a52a65e0886281f435460244369890e5ace947fa375a18f0b1907fdd52acd4308804be06b37fbfade320b189a3632fe4e7258dc996484f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
593c1de907c085a64df40dc476004338

SHA1
bdae0b9aabc8c8c647b54652508f7d365f571bc7

SHA256
133abed8441e41bc8ef823cdf53c6fa1f753b6969f2ab33bb9c596594180aca5

SHA512
9f6b5ea650a4a973478d5e9b5930d57bab9119ec3b934dc1ceacaef6c723d77786effdc80e9bef49392b53482caadf6f97316e1ce7bbb563803e38ad8e696bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
338a5b530eb14eab0e6717161048d42f

SHA1
c547cab784c098c24942e5fe0ec1dba089b9d5ad

SHA256
b7c0501e94b1a77d3adc91202853698df7d87634150fa786d716b279b99e9b1f

SHA512
917635deeadc4e01d85046cf62df55f6207f11bfd9ad9ff001927453be16dbb9bd2902b6e1782f5f2527ca5a9a679c9ab646d24c8b16fc7e50ca66732e084d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4180fb56f1aa254eb18e6d033e5c12b7

SHA1
89ab6960ae507996664c77359322c1779c991789

SHA256
b93f20018b9379f4db10525d6bfbcf603e16c014877ef9768d7b44b80d4163f8

SHA512
1116b62385447c8903484595007e0eb1d5b8aec1406aaeccc0ecb67826e4eaffb363a2f5af568fa200df7fe5d73735ea1e445323a6f2491ee3fd6d41c3b8569e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d9dfb7d0b3141d7130fb9571808fb74

SHA1
3a46ec17da53f8be23843635aaf23b0faadc32cb

SHA256
d1ad45e0af2f842339f34e64c93f034dae2e125490be1a22d9fe73ce85d8c8cd

SHA512
2f813fdeeee812b38e8ce9972ed474f64cfb304e3fc17de15493d17949e299e926c244440880e745dbef8c1ff975626dbec44c3194ff53fbf6bd56fea1b13b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f93e7634099314649ba56275e99d66f6

SHA1
a0fa39ac4ced4c332f83919f4cdc8b6312330fe4

SHA256
339001f562d7f360503f23002d3d53e1e595690874c6a2189817ad607ee81323

SHA512
f22569f3078beb619351fad366f6e2f99cec19ab297c5e728742b3a44fe904728dde91d319052a44ec9a0f3d523ac446840c2fd148979524118fab8bb95103b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
68452fbe09998a8e4c4f608ef19a0a54

SHA1
bb2a039965ba506789d06676946a5d446195ccc4

SHA256
5fe3df6f4391254b47145021e5e489c208ad1fc9378f8c2d0cbd27e5d5dc40b2

SHA512
d028fb636fb63b8dd9c6f42d013a614d789360db8393a39857af6d46abc3db6857658b6deb17f0377f1c491a42cfae1a0081e191293958eeae5b3566376b2340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dfe0.TMP

Filesize
204B

MD5
5df2c21abd078c1e1af336d294e431c4

SHA1
1e8361825cf0fd39f2986b6aee0232a2d9a7175e

SHA256
064c11ec2c2aa76c7e4687a7777e726def0f71be0de2b087170110f131afa6de

SHA512
ce418d4158efc8692d2124ca6c19867c16c47ff665c4458be71d8204186bb03368067473415cb0d03a6ff1c92d92219f50d6af429741f8b79664caea8a174775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e4adc2d306d5785bb5b35a36c7b0433

SHA1
f5e7f83d8bcf7d67ccb93b5695618dc62a444a5d

SHA256
027b58dd2621afe4f94caf17f02cea479ffdd0042ba4cd198f776bf7137f6957

SHA512
153963fc03ac78c8dc003fee0fe7e43d05127f7599dbabe3e645a50457d8be34e04d2624c2cb21ffd89b6fb3c4d2fcded8724fbc72d4b97912293be83db16f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5d0db57e775f76618362b8470b2c0577

SHA1
7128c5a1972221127a26b4931bef4a0e26c6672b

SHA256
1d4b838b338f405c6c7c4c41ba993e8ffd6ed5b6c402701fbcd8949dafae225b

SHA512
debc98ea91a4f38d69908fecadc3f834510e6e6842586d24417a81a53dd89e42931eb2e75cc1455cdddbe426fea57ffeff6f8a834991eafbab75b7db4dab2c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a2f651f1e962e24004113ea21b3076ab

SHA1
c4877062d8b50deedf54375d040be5da34f15ed9

SHA256
540c6809844af5ba733ec78abb741aef46b32bd3186fdd6b73d8976b966cede8

SHA512
cd3cac9a70f6310a42677b93ff285d267cd5257b19a82d4f02acf8ec9a59018faeb8a1e7e7c0a1a33c59806e565a1443974dc8077ccf78f5e6f15aa54df64257

Download Submit