52c2a5490cbfa4780940b18d6a288453e9115af91f8c10c4c99dbcf1eeda03e8

Resubmissions

26-11-2024 18:46

241126-xerrfstpbw 10

26-11-2024 18:25

26-11-2024 17:52

26-11-2024 17:10

26-11-2024 17:06

26-11-2024 16:26

26-11-2024 16:16

05-05-2024 07:02

Analysis

max time kernel
134s
max time network
131s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26-11-2024 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NAudio.dll
Size

502KB
MD5

3b87d1363a45ce9368e9baec32c69466
SHA1

70a9f4df01d17060ec17df9528fca7026cc42935
SHA256

81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451
SHA512

1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7
SSDEEP

6144:96/i10SZtfzWctj98vZcE0wmLlaIZs5eku2sX2hrjAzvgmXa6W9FwsT9idwktQZG:9yrSKMJR9aGs55T1X9Fwspi2tGpmS

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
4496	msedge.exe
4496	msedge.exe
2064	msedge.exe
2064	msedge.exe
928	identity_helper.exe
928	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3128 wrote to memory of 4884	3128	msedge.exe	83
PID 3128 wrote to memory of 4884	3128	msedge.exe	83
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 3260	3128	msedge.exe	84
PID 3128 wrote to memory of 4496	3128	msedge.exe	85
PID 3128 wrote to memory of 4496	3128	msedge.exe	85
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86
PID 3128 wrote to memory of 2948	3128	msedge.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NAudio.dll,#1
1⤵
PID:1212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb918a3cb8,0x7ffb918a3cc8,0x7ffb918a3cd8
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2956883728130737309,9634869274193976193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:4112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bbb56be50848c43b73138851e9fff3af

SHA1
27df5b69558b798e712591a00c990cd84c25def9

SHA256
8eddc03ea0ade192d35ad74161dbc1aaeda69f3d0b70b7860a01ef7cdb0ab92b

SHA512
9c120c085b93cbc3ce95f809d50bb27f9b03bef2f92106851cbe5385cfa43fb3792c9ba0d3f9d15d5441d01b4a1c3d01926d065b2e937ff94ca66dddd1e5f0c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c91bced470e86cb9a4ae31f29b20ed84

SHA1
690a0c9fb7420095a721ffb4bf1ef458b1067f09

SHA256
147059d698e7cba59b359f013c947b02b808ff54fdae03c5452c3eba679c8d39

SHA512
21ee572fcf04c751c3a1e337514af61dc979d546df3f926e9bcdd8f95e08b1afdd39ba6c6821bdcbd03183daca650959cefbfc3d8d960f4b05699eae53326f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed9e45103d6a075affd467207aa72f20

SHA1
ab4ca58dcb8159a9059c9a4c0bd4c8fc032e668e

SHA256
4d70fd0886bbca01134330dc17254bf7b6b9291559012608edcc940f89c6a68b

SHA512
45b1e854460a4d08f8c370d0f7fc0f3d6566f6db5d214706e2276e6a00d8fca419e8d44f6c920e0eeec025a2cb19465ee70c27409a5ed65933ed952fde303e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
99004284a77b37d978cff88e86a9813d

SHA1
72fc8341e34cc6b24e77a4196212d82316f659f0

SHA256
1363d98472cfcf3fbd86ad885c82e7f6bd61d972898c88b43cea4da82f1cde3b

SHA512
ada0c4139c6d0104b984773b59231f5fa7a131b1ebeb3e09407ce8bb6fa2c5087e2fa0a93c28917335639cdb4ec0b19322bd2ebe6c217feda05ead6d9442eecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
86d7d9f6f3830ff5b6dee56052deb412

SHA1
be0e26facaf24eaf8c30d1b88967d74c88cf397e

SHA256
2726e8fba6a593b4c6706522384e84c9b2761cfa303ce47a2a897df2da78a453

SHA512
f65a4ddbe4de139f588187f238e09e51ebc61b78e2a5ccfefa460969ab3727a62d87fb6cfd63d2426fe3f77de3824446928769a01d227f4ec13bae639a864b70

Download Submit