c7d2fda303d9928f804d3269d128b216844d9afcb2f533054c8d87e1c6fd4aeb

Analysis

max time kernel
481s
max time network
604s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250207-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250207-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
10-02-2025 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

data-Setup/data/cacert/LICENSE.url
Size

73B
MD5

d4eeff46fd41c739e4653431fe2511c1
SHA1

f0e013b1593394cf7bb0bc770a7cfc9b2ff95aba
SHA256

b9954f88a27e8457cefcebd076fa533d037711383f6b28ae489d063ef8c61f79
SHA512

c0d809e8e561f19a9629931cda0bd8be8c8b919d6926fd63b50512919637a9ee676369d546744f5d1d7aade58dac8f55d23e2421dd24f255ec033ca3f5b001a6

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
48	3524	Process not Found

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1032	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
3800	msedge.exe
3800	msedge.exe
1532	identity_helper.exe
1532	identity_helper.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 3800	2056	rundll32.exe	84
PID 2056 wrote to memory of 3800	2056	rundll32.exe	84
PID 3800 wrote to memory of 3792	3800	msedge.exe	86
PID 3800 wrote to memory of 3792	3800	msedge.exe	86
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 1948	3800	msedge.exe	87
PID 3800 wrote to memory of 4044	3800	msedge.exe	88
PID 3800 wrote to memory of 4044	3800	msedge.exe	88
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89
PID 3800 wrote to memory of 4016	3800	msedge.exe	89

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\data-Setup\data\cacert\LICENSE.url
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mozilla.org/media/MPL/2.0/index.txt
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffbebbe46f8,0x7ffbebbe4708,0x7ffbebbe4718
    3⤵
    PID:3792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14331434202840215219,14434638096873637493,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
    3⤵
    PID:1948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,14331434202840215219,14434638096873637493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,14331434202840215219,14434638096873637493,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 /prefetch:8
    3⤵
    PID:4016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14331434202840215219,14434638096873637493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
    3⤵
    PID:2256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14331434202840215219,14434638096873637493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:548
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14331434202840215219,14434638096873637493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
    3⤵
    PID:3164
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14331434202840215219,14434638096873637493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14331434202840215219,14434638096873637493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
    3⤵
    PID:2956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14331434202840215219,14434638096873637493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
    3⤵
    PID:2204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14331434202840215219,14434638096873637493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
    3⤵
    PID:1636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14331434202840215219,14434638096873637493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
    3⤵
    PID:3804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14331434202840215219,14434638096873637493,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3204

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDk0QkJFNzItNDdGMS00NjYxLThCQUMtQjk5RTQwQ0ZBNkYxfSIgdXNlcmlkPSJ7OTAxNjE2RjctNzY1NS00NkZCLUI3OEYtMUMxNDhDRUE3NUVGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MjE0OTVFQjYtRDVBMC00RjRCLThGQ0QtRTA1RDM0REU0REMwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzM4OTM1NjE1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM0MDc5NTE4NzcwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTMyNDkyNDYxNSIvPjwvYXBwPjwvcmVxdWVzdD4
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2c705b6d7d9ea56f8d9cfe0be9ef343

SHA1
79709e4028432a770f8e60c22773941301de3b8f

SHA256
932d86c67e057102e32187613ffca270753c5791fd450cc901d20bdf28489372

SHA512
3113b1dcefd3f54d14f07284f774b5d0d20c6e4d785c51403558e885ac89f9357a3a046f73880eb7637148dafe639c4ca6d21055bc06342a96597766c11aba81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
39273cccc0117e7c708884035e83f3c4

SHA1
d5ce9c4ac1cfb63d322ec7c2ac187968d52869a1

SHA256
4b864c6f28e556a4417cb86395433e9248f59f608e8f6742e57340471d58075e

SHA512
35ad9ea2f83e8d3d12aa2d19cbcec58f0497026378d22000b850133f47061ee3ed3748cef472fb08a4ae956143fbf605562ef43a22618b7dc2db6b38e62d7b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
690bdcd78ded0a99329a879268f8ec9b

SHA1
b51737337f28c1b97cd4d2642eca3a180a4804ef

SHA256
1380a1e521ac120f825fbc05565537e2e5a28875e847b92802326bfc557df7c0

SHA512
414735798410726a979c991da7dcfe823a7d3836828ecca1388125e796de33bcad277d61e1389c3b49acc7224648a65f0d3dc0ce4fd940d20ad8d639204d28d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f2235334de7e53b098b447ff4f55c95d

SHA1
7f3a4bb4f48dd50ebf0403b242ec992278b168c1

SHA256
4d9dc144d2852ea6650fd7c68a064a60b7901bbf899a6fd232909a5b84931fed

SHA512
f9ee8cb30a04f861005585bc595fd69d18943fb50bec7822469f95cd144801a9ad5fa6217ad665b8294df5e410250898ead52e35659900a784bfaa0bb7502e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a916371212aca2db35509de88e92dd3d

SHA1
a82a10205aae0f2269c41d9fd7903fa64a04afff

SHA256
f44b463c6650a086f993444e14daa733f772050b7175f217b201dc4430e3bb73

SHA512
dd52953099d27f9b0f58707d4fa1a1ef98a8896772efb1698a84a4ab5b147f313ee2927a64e544ad41ff0fe857a5edf1892981e2832d12a49f56bb8712aa3b70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d7fedcde9282a85f9baebc4435702b3a

SHA1
65f1c63f6377eae7cf7a290445661878a0aae6ba

SHA256
575d49aa259f43841ee75872665ba005b90f06c104ba1a97e623b8314a878aaf

SHA512
286672edbce3e5ee50be26bfc1ca6c197f65aa2e83a0c9432c46a288f017f8d193b9de683600740b16902fa46abf2cee9b15fa67803dc10ef1d0ac69f3b7a2c9

Download Submit