hxxps://www[.]google[.]com/?safe=active&ssui=on

Resubmissions

07/01/2025, 22:05

250107-1z1rms1kat 3

04/09/2024, 21:58

04/09/2024, 21:55

04/09/2024, 21:38

04/09/2024, 21:22

Analysis

max time kernel
139s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2025, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/?safe=active&ssui=on

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1420	msedge.exe
1420	msedge.exe
4524	msedge.exe
4524	msedge.exe
1016	identity_helper.exe
1016	identity_helper.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 3412	4524	msedge.exe	83
PID 4524 wrote to memory of 3412	4524	msedge.exe	83
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 616	4524	msedge.exe	84
PID 4524 wrote to memory of 1420	4524	msedge.exe	85
PID 4524 wrote to memory of 1420	4524	msedge.exe	85
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86
PID 4524 wrote to memory of 228	4524	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.google.com/?safe=active&ssui=on
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccb0146f8,0x7ffccb014708,0x7ffccb014718
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,11103198738039414185,9770885254636482215,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,11103198738039414185,9770885254636482215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,11103198738039414185,9770885254636482215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11103198738039414185,9770885254636482215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11103198738039414185,9770885254636482215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11103198738039414185,9770885254636482215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,11103198738039414185,9770885254636482215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,11103198738039414185,9770885254636482215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11103198738039414185,9770885254636482215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11103198738039414185,9770885254636482215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11103198738039414185,9770885254636482215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11103198738039414185,9770885254636482215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,11103198738039414185,9770885254636482215,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5192 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03e6e67e528b249f_0

Filesize
342KB

MD5
f639af9770e03049d61b32ad50663b34

SHA1
720f9d0d5370338876b653d458a0a348a68c4a4f

SHA256
55719c51a251739206fe2f6e34604c19bf04db8f00977b59db467957dd234a35

SHA512
b9bf994fed2f224937d93f24904af592f7f409c96bec45a4fedc610832419896b795d424bf1f5e0685d27c77e2541cd56a1e02051face7e7f005b019cd041ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f3ae0d23e488645b_0

Filesize
289B

MD5
59b78af34d781b92941e32dfff1791d7

SHA1
721c864686268de2569b56afb774fd96b786d6ff

SHA256
73b60cd4e123ee017decc398e369c3ac9ac60e3c03b196f4cfca207622ccd524

SHA512
ca9261582a63c6353275a28cd9ee28a04e80e51eee1409a1d62a7fc892b0dffbab45825bd8edcd16b19a3b928a7024ca8a4d0b0d4cbfa7d9e85b82d5e2a68be8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6097d3da4fddefa071bb6c6807c33847

SHA1
c33cf1ea41fdbac63c72064defa0969d9205d92e

SHA256
243544663fbc3cf63227af0134a3c8a00537c87acea69b71b448280683b23a36

SHA512
4a10487f0e4113e98fe9ab332f9d094fcabb46b3d3f2e671d2d41a081ab92bd50f5662fda4f079d237c26afd34991b90f6a19fd4f2e87e2e27ece4ea06a7c67c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
004385a2c6e3827305c53cc99bca05d2

SHA1
920105e55d4df3bf11d7dcc6bc6fd2ff1dfc4ad4

SHA256
371d0124969fe8fc9275de6599d417859b421894cb8f05fb10644a49ad7b0b45

SHA512
5f24d6449add3c39555c729f52125875df6725fbf1d05731a792eb64164c06e8725c8cb9ae506fa768a82df6d90b27e19a94b60b825b3f36dd617e913367b72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a0b54afd96cf6936750bd8c530ae7f29

SHA1
fa5f549e1e798ffee27d08086046e441084e754c

SHA256
20b74206ba94a57842cbff39d5f2e4fef635de512341a9abab103d46f83d823a

SHA512
23173cdd31a785f820480bcb857ffc4df83ea1578cea4b76b9e3a6f52e73c7d5e810daa6ce8bbd05118bafeb401897cd50162c8d0b094164203aefbe9fabec51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
1fbfed56106d58cc8f2297c892b755b7

SHA1
60a2db9e8b6306ccdc11434b78c1fbc8fc39f1aa

SHA256
ee8af282b18073ee35e279dfea35105ceb0a21cf12512468b72fee35fc93b0b8

SHA512
b1360fc85deaae2c8edcd718041a9668f5b87e9ef67257527fc57f67d0189776360e01c3e6c1623e3aa8e470877a013e666c9b0e74e63f19a6d8918f874f9509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
82010b8a63a16664a8c1461abac1e04a

SHA1
7d77e43a1fb50785724880dfc79ad1759057cdad

SHA256
b24fbbeee95626589fe290fa2d45cab9716987de4d017a02325d1a3cf66ac260

SHA512
0724b3351b614d6202c287c1012d27875fd2cc48fc4413ca29fdce37bea5d18c4ccc1c3dd516796d4fa309655fc89ded453c0045b07706962e0134b2b2324e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e877a5b529c853b4a1f8665a79b51a37

SHA1
e9998a044f859c48d2242d12c91f9fcc6b66a382

SHA256
7e5438cfc372fc23395024166ada2b74fca3b728008e1019d81f5769cb87aeed

SHA512
83edcf8d0d86c77363a7e2095a87ad42500fa785263603346bd852c39423d4c4dc09b50ee72171b6b809935a04afccf5db1a2c552bd46f0ced7669a81645b6ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6fc3a066dfd62e7dd416273651cbe62

SHA1
890b46fa58b88a0fb9c2fe3468d931bd8ca25791

SHA256
94430f8a359bea46aad10ea9418fb2779bde801694b2b0329ba26c8d65537ccf

SHA512
1566b761144b22ec09ee4f9abc1d27ab0254330702a2454f1cfdd4f2a0925ea092bce570caed2cdbaac731960579bab82cb7efc41663b9604ded8bcc1aea431d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
883f375fc0a6f3ef10be8731b6b6651e

SHA1
00d4980fc74e4edb4a3f783efffbdc43a0528f6d

SHA256
c88fd50aef3e47ff077c8a9b6cdc57f7a80658697de74f35090b7f48f146e69a

SHA512
32161d02c44d37b1e7dd36d152ccb1a277d31ccda890b1bd486ead4ff1d0ac3e6e4fbea03e36927d395072cd95e08011d3a3a6b8f701b7fa733fc0acc402c819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d75f0f7033f0bc6e6d1e5246c9e7692

SHA1
3a4caa2fb2a21fb476d044604834162136c0a97a

SHA256
113bd17334867a1a7d0755c494bf237b080cea52c4e8680ab7e65baaa9f9dc5d

SHA512
e73f619eb3712b5b5e87d24b3b63aa8f9debd25f9614881b186011d4150bd2e8cc8e16487628a908b911d31a9566e94afd093e36181e687fc84c81612ae06e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1fb376016b47ebca4dede57d860e4b28

SHA1
82934cde681aee730a024661bffaa976f078eb5c

SHA256
afb922b3661de96dc806868f0d94d673f3bddff60888631dbaa3090f63aabf0d

SHA512
7b0a69f2e165cf0480fc3ce920c5e37c012c6c479c771bddade2dd54d17051fc192a068031e865296efa891fe3f3dde99c170c9bc3c922d88a68c99f63e59d9d

Download Submit