e594138784abf1f134d592920819545325d237af0f1320455a431c99ac38de2a

Analysis

max time kernel
112s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2025 16:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e594138784abf1f134d592920819545325d237af0f1320455a431c99ac38de2aN.html
Size

127KB
MD5

21e71a591d6075cd1774f789dc4770d0
SHA1

69fd32bd9891fc180fc3266d59513f460b06a298
SHA256

e594138784abf1f134d592920819545325d237af0f1320455a431c99ac38de2a
SHA512

40d9412222e396a375bb8645e30e28c4c9e30ead741a326f7be057ac9fbce8cff3915c895d4025ed49e8efddae8750b4173686b15be3985a50866d9932e2d942
SSDEEP

768:1pHl1Cnj/kx+Bw24Tp7pQ3gTnEmjnO6oa0/OPrSeRnwim8Qx8bWfMaYNTdVwXC5Z:1rM3gTnEmK6oJ/eR5ZWXC5DDmcDOxmVh

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
99	408	Process not Found

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5056	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
1840	msedge.exe
1840	msedge.exe
4592	identity_helper.exe
4592	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 3092	1840	msedge.exe	87
PID 1840 wrote to memory of 3092	1840	msedge.exe	87
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 2204	1840	msedge.exe	88
PID 1840 wrote to memory of 4012	1840	msedge.exe	89
PID 1840 wrote to memory of 4012	1840	msedge.exe	89
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90
PID 1840 wrote to memory of 3820	1840	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e594138784abf1f134d592920819545325d237af0f1320455a431c99ac38de2aN.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd6db46f8,0x7ffdd6db4708,0x7ffdd6db4718
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17527297471547713249,3803945206331760929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,17527297471547713249,3803945206331760929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,17527297471547713249,3803945206331760929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17527297471547713249,3803945206331760929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17527297471547713249,3803945206331760929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17527297471547713249,3803945206331760929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17527297471547713249,3803945206331760929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17527297471547713249,3803945206331760929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17527297471547713249,3803945206331760929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17527297471547713249,3803945206331760929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17527297471547713249,3803945206331760929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17527297471547713249,3803945206331760929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17527297471547713249,3803945206331760929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkE2NzQ0NjctQTQ0NS00QkNFLUFENUEtNTVEMURGMUFCQTlCfSIgdXNlcmlkPSJ7MkI3NEVGRUEtRkU3Ny00QUU5LThCRTgtQzIyQTRCRkE5NDM2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7ODcxNEUzMjEtQ0VGOC00MDJGLTk0RjQtMkVBRjA0RTlGNDc1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODM0MTAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NTUzNjg2NzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MzI0MzM0NDAxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23a49f216451ee947be8a68aa735c7cf

SHA1
9c273791aaeaf682a444e087e06b207db1e0104a

SHA256
bdaa3f4222f885174b06030a224ad994d65c44d73b6464283319b06d40333cc7

SHA512
e019599c303d05dde8559eb740f8b27d59d3d77f14260340d5e35d280fbbf4b5f4b6963fe82e8f5bdc0f3a9497225b8c5daee48f21636c17529a33416227005a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
561866be5585c8e4a77c49ed36812ee7

SHA1
cce7dd4e95d684667bf44c7c3a6e3ab9d7f12c54

SHA256
43d92db66dd74e7101be562f8c7f3fb796f8e340cfd51b7d1a3137e6b2127bbc

SHA512
c1dbb1eeec0523b9046418e27718617681168f9246d5ce2d21d543a638f4b9d9e9d4d3e479b6e72e38b71e355ef13fe3a410b9c7900ce47930b44301e65ee3a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ba2ebd82db18ba73d4f40cf1f2d501e1

SHA1
e35fab02f9469a8e779078a3cb7c8af3bd25db25

SHA256
412cd1f4c48f5576e24082f4a2c871ac818562a719b7b9a6f00ea173c4328791

SHA512
e30861ed74844cbd6c2f7085f26e04a1a2b1a820ce85ac25e056273e3e734920dd1b51c70605d75b2267634786e13ec2dc56fd381340c6c1d1ed30c51b26b5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9061f5b2625723e1c2a1ec2246331a20

SHA1
8f58916175f4710481daf3f59f567d971d67f608

SHA256
77a9c6e000015a7412403981f4c41ba3a1c0a9f56d341a70a74d253a0147f9e6

SHA512
7192d8fb4926be2219ac1728ad6c5e7c3d2147a0d7d58f2e3d4f0fa9a2438200921653e40dcce74bb6adce7461990b36d4d6c6ea122e22c15a7d57400578de88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11b5639aed7a5d2701965810a96997d2

SHA1
9d755bfc6543ca25b24fef541d33304c1acdc6e6

SHA256
9359e013aad66135439119cff3feb418659662fb7bba5415f6a6f106dac73816

SHA512
c2d19b03336fd1d07cd9eff729e1dc88ea67a830c6076509115793b1767747481133ea86584522868f22c6ad520cb05044e66d09cd1effbc9382f3dadefe7c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d7895476ab533d3e1ea740bd0a8f2f0

SHA1
e535dc560fc242a53890835da369f838d0e6170e

SHA256
4c8c23c95761e8ae54adb3d927caf603fe3b724e51d7130ffe84f10d805defc9

SHA512
064147346c0815c7564616a1eadade22c1052a16c0965c0df4996cfcdb65e1e78eb2b860e0607855c031129ea215fea907d059839e5939c6a0508c04f80bc4f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a77b192deb305058e8c618792573aa1d

SHA1
08fe91cd262d5e78cc5a6b6fc28fff3a668aedb9

SHA256
73a06b12f43297067b9bb2073b405fb884209ae5f925527dbe85d84fc09239ac

SHA512
ac247c799e49984aef157d02b57270d7260bbf4a9d1c0ae163a7d81f7b311bac6a9ab8fd3f9b3a87fcc200776feeab9077e67a96716991ecbb34e53b462f0b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a91d62a87eb8d70ffc5a2ae7d61a43e0

SHA1
44d19e87ddfba672868e9ccf6594f469c5e3be8d

SHA256
23a6ca3dbe2a9ca15f82de19d18dbe58b857fe8a1977423bb6a8262b88ffde64

SHA512
0198fe6cfcdbab7a396f494045254d8018b86eee5092f60d06357a38422867400635bc3247e5156662434e08b6fca840c29960e01651a151d77437263ff10d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ca40201fefaf7c57f6b8c1d3accfbf15

SHA1
623b21e7717e87709173a4faa246412fb4657b3e

SHA256
46c7db1e5537d46e8b6e40a857c12d59080bc9a4d4f70b948083c220f30ce41c

SHA512
0fb0eb69c58339ad2f4112ef9eac28faa66fb5f525b7f004015443f0d925615c1cd5e1835e7d5edb7476bcdeb6d655f571c767daab5277921a7f56e5b9c5f607

Download Submit