hxxp://hbbsh[.]com

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2024 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://hbbsh.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
1348	msedge.exe
1348	msedge.exe
3452	identity_helper.exe
3452	identity_helper.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 4944	1348	msedge.exe	83
PID 1348 wrote to memory of 4944	1348	msedge.exe	83
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3696	1348	msedge.exe	84
PID 1348 wrote to memory of 3216	1348	msedge.exe	85
PID 1348 wrote to memory of 3216	1348	msedge.exe	85
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86
PID 1348 wrote to memory of 348	1348	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://hbbsh.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb596c46f8,0x7ffb596c4708,0x7ffb596c4718
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10586208015462021893,11865517702731754194,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10586208015462021893,11865517702731754194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10586208015462021893,11865517702731754194,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2304 /prefetch:8
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10586208015462021893,11865517702731754194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10586208015462021893,11865517702731754194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10586208015462021893,11865517702731754194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10586208015462021893,11865517702731754194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10586208015462021893,11865517702731754194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10586208015462021893,11865517702731754194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10586208015462021893,11865517702731754194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10586208015462021893,11865517702731754194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10586208015462021893,11865517702731754194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10586208015462021893,11865517702731754194,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
26KB

MD5
3694d961c3b4a420105cf9563c4cafe7

SHA1
f75e4b2319d4bc0ea3af5ad3b8cf2e0679575767

SHA256
3e5b269624b5703cb234c5217a66e9e77b5ffe6f70e2dd0425f3a8951dcba27c

SHA512
8e8b0a9fd90cd1aec756b2704575ceca0c8970bcb5f9031693e07626b1dfeacff74b78d5679ea8ed22a1213c935b79fd28e83e31251df3b9b7e3e2d8706719d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
159KB

MD5
f426960ee6dc6527dc735ac5d5584763

SHA1
dd1fb6f211bd0fae2d467ea5749a9c5a9e571a10

SHA256
54a34db48e459d78eb164ca5a3180e01dcfbab8d1791bb3f812ef197e7ce04cc

SHA512
56e00ff9869d90ac8ba9282cfd68538d6870dc18352bc661cf95fd3c815d47069cc2b1a0eff2e76424e9d58aa16c58811d68a186a3dca2a413cc548d61b30d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
125KB

MD5
39afd702e9ff492c399b835266424c1b

SHA1
e41fc7494d690c44822ccf7e07ffb8c5fec993d0

SHA256
99a5a7f11aaf0f4b99ebbcdd52387a6964f5896e7a8ee25c8da4e8350ca8fa75

SHA512
7ccb8b3621fb64a4854d04523139aa67ac5607eedc55ba97674b553c0982930adb1895fa425fe486da313e85cfd01cdbe74413d3a5dbed872ce406fa9c6c27fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
179KB

MD5
d00c6b6e7058e26b388d5ad9f358d9d4

SHA1
2b2fbd12b36bf48e75e7924a71fcc918b5c5ed5b

SHA256
26e743aeb5219457048660a8634d6abb4c98e0826a72560043530b40fc191332

SHA512
008b140d3da1842c2a7c14b8b2e5cb38cdae0a4c02393cb39936692fcbb2f26b2d15a81cd846500fd9ad1a2a12d7332194b2382bb7359261d824232a76bf6d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
00d4cbca66c25c0788e609c5577340d2

SHA1
a5b3c29f6bfe29b9105df09e31ad52bdbe7f9d07

SHA256
919140bb43aa06400660c723e71c2b0a8e018f9cec31289060ed8545d169a411

SHA512
18e17eb1da9c4e1dba36e83bb951a24fe9954bcdcb61c918bbf43fd5978143d30cbd6e22c83257193beb8e5de248103d572404b66098fcf4f7b9e4bef09a38ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
4126cf931b3a357dd1220f5b48418f7f

SHA1
e2f13e818b166096e76e53c3cf8f7e0483d72d68

SHA256
b64f9b7ca7a3e74b775ac268fd24fe48b564b6211448c0e22be50281c304ad9e

SHA512
f74e116015911d0a9cd4412e8404b2790b82b66d11ba9073626e3b6c6b536aa4c707c194212175e415b34bb27aef322da911c862497afb4480fafc123f55b373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
177B

MD5
a54c384ca2ee587b7c351cc0bf59e23e

SHA1
618c2a6aa91b88bf9eb3fbad21bc975e79cc4001

SHA256
6e933fd4d50cf8906b0b32f215378cff86a2517bd11efd76379425fbd679b78d

SHA512
5efde662ad8dabffcdb2f9d1257fb224faa2f4142fb1307f8caae0fa8f83cb61d1963c223aa79f292812b2485bd8aad2967040745e7cf08c8fb0964605759b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4368ea978af28b0a10f9aa8c3dbfd802

SHA1
5505a0aea691504b17cac88773f7acb610e6dae1

SHA256
09caa667f6781e2dd68209f359ebc9a6c577ece2396e4abde1ef46aaa3a49594

SHA512
7d4448e657becd4bebd9e3e318e8ab0794bb7c12ac228e6b441b2783c8f4f7a4965baacf049d6482f38ccbf231f0d764aa70635595890d8544bd10d76928f9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2faf1fa0340a1bebc677903c94bfdf52

SHA1
72b42b5b0fe03df713eeb921dfc50e236f22b1ac

SHA256
09cfea47c9e5bc4de99239f3face3a61ce2dc19c8f7b14c300b8f2e2317d59ef

SHA512
ec990a745c7db65e165356bedb08df5ce19776011282953a0f80871e821aae1abfdde2fc34b2d33ebf2cdf2ce52ea8dbd90927b05038994f2e9fa67619369c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1216081b856f26e6af1d2016798b0f2

SHA1
3573c625dda7656262a5f618e5cbc4152ee6bb5b

SHA256
c0f2a2300e9cff5a6fff3d1e7b408bef36f6cb7e77dd9d7550526b0d9fd9ed00

SHA512
a0fbc9673aa2755ae0c45bf90dfcdab5ed8bf9038981ac1bd1d543208bee78df346059b26093ad603467bfdc3fec1a36ab70541a3c431bf3a7ce9334385df30e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
0529ac1d9e1f0659e5bef131d0a7c1f6

SHA1
0a9f1f548ff7bc89a9012a06880cdbf4050fa1e5

SHA256
488d5613995989a9bc2fd973ee0b4d69ddc0029cd49b1775a844b9898d3e5888

SHA512
4357ae1084c206e49c78a4cafeeb41795819e6b9db1a9ef339a133fc8f240757dfb48150f839974f84c63e911cb89f263e89dfc3328f58a4e75f007d5600d4cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
faa29f0ccaababc0f97b25ae2aa2762b

SHA1
4ce4d2f75641cf548cdd57a71a820ee41f06801c

SHA256
20510c436f9c66b2492cce29b83651e9088fea2e5bb2807a226f05f7a86141d6

SHA512
60b2482bb86b3e2d23df8840b97802c5f62faed68c2a9b74ba848caedd21a405b1a85f217270ca5637f9f7c5916689c6960455fbac009baafaf5264ba4d7eb3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
c966dcf6cb2ac0478641d452377650e6

SHA1
dc2678eb76cc8e25afcb415e03b7ea738989f68a

SHA256
d14d89dc769ac0c3d360b3e32f88f708a7b50e8709bb4dc1dab8988b543a5d74

SHA512
fbc442d3a3110a25fb2927b40111c79c84dc449a601ab96f96b0e241e93558652cdca1f338fa470811861570ce78472cec75e66c7f489108df17f77ea521c378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
f77e2a5d237c5c2abfc556773dae92fe

SHA1
8efa8ad6aabf0a7ae62e619df53c614a0047e909

SHA256
e462cc6610d6f8d3f8c6f2ccef656bca4dcda17a4538a6e95128adfc4f6f5a11

SHA512
4f73f857edc28474f1adb471a2b07b58af9a308fb6e8c696b6d45fbfafe02abeee1c73230171eff5a1a8b5aa73b607a9c83f7c6e2495d9673e9c70712f43aeb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580cdc.TMP

Filesize
204B

MD5
19234360617f6b9ac8562476510da1cb

SHA1
33e7048bc7fda7ab7152ff7ccacf28c9f7e7051b

SHA256
3abebe1aff9ebdeba97067ad8a2b1b7a4bf2f7ff5c5aa3b14d4a2461bd5b8e6b

SHA512
c885f70bcea7069c0fdd37ac63bc67917fd88eac07a8e4bf922f8e53a066bad55360b9daaf37728d7fe4e39d937fd07ee3a361a3ef68bb1dffa1f96eb1ce08f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
08d131ca39f9fa1c549d8001ea792458

SHA1
98008305b7137a83bc215ffbe39f8e3a483d155f

SHA256
11bcbec48de22f3127b397e452b1093688de924e11a2d012318c98ba78aa45a9

SHA512
917005e69e51d98cf48ba4a00aba13faad596984c992f913477e38a1cd156a945ef7f63ebe40148c2453b070c62a61f5c8ad8a69c4321e8408f88f6286f743cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit