hxxps://cdn[.]connectad[.]io/connectmyusers[.]php?gdpr_consent=cpuctr6puctr6akaxaendfcsap_aah_aaawijbtx_h__bw9r8f5_aft0ey1p9_j77uqzdhfnk-4f3l_w_jwx52e7nf36tq4kmr4eu3lbiunlhnhutvmwaokvryhsak2cptnkj6bekhmro2dygf5umxtjeqky5_p_d3fx2d-t_dv-39z3z81xn3dzf-_0-pcdu5_9dfn9frfb-9il9_78v8v8_9_rk2_ex_3_79_7_h9-f_84jcaemgrcqbdiuobnogeucieyvharqkaccggfogiafbwu7iwcfwesafakaiwigq4aoyibaaabaeheaegryiaaabaiaaqaibeiacbgefabycaqaagogyohqacbiqjereqpgqeqjbas2vccuf0hphafwwafaijykabeaairaaebyoayikbkxyieminogagafakjuk1bj6aabyymaaaa[.]yaaaaaaaaaaa&cb=hxxps://csync[.]smilewanted[.]com/set_partner_userid_get/connectad/

Analysis

max time kernel
86s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17/07/2023, 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.connectad.io/connectmyusers.php?gdpr_consent=cpuctr6puctr6akaxaendfcsap_aah_aaawijbtx_h__bw9r8f5_aft0ey1p9_j77uqzdhfnk-4f3l_w_jwx52e7nf36tq4kmr4eu3lbiunlhnhutvmwaokvryhsak2cptnkj6bekhmro2dygf5umxtjeqky5_p_d3fx2d-t_dv-39z3z81xn3dzf-_0-pcdu5_9dfn9frfb-9il9_78v8v8_9_rk2_ex_3_79_7_h9-f_84jcaemgrcqbdiuobnogeucieyvharqkaccggfogiafbwu7iwcfwesafakaiwigq4aoyibaaabaeheaegryiaaabaiaaqaibeiacbgefabycaqaagogyohqacbiqjereqpgqeqjbas2vccuf0hphafwwafaijykabeaairaaebyoayikbkxyieminogagafakjuk1bj6aabyymaaaa.yaaaaaaaaaaa&cb=https://csync.smilewanted.com/set_partner_userid_get/connectad/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4528	msedge.exe
4528	msedge.exe
1388	msedge.exe
1388	msedge.exe
1012	identity_helper.exe
1012	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 4320	1388	msedge.exe	80
PID 1388 wrote to memory of 4320	1388	msedge.exe	80
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 2880	1388	msedge.exe	86
PID 1388 wrote to memory of 4528	1388	msedge.exe	85
PID 1388 wrote to memory of 4528	1388	msedge.exe	85
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87
PID 1388 wrote to memory of 4768	1388	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.connectad.io/connectmyusers.php?gdpr_consent=cpuctr6puctr6akaxaendfcsap_aah_aaawijbtx_h__bw9r8f5_aft0ey1p9_j77uqzdhfnk-4f3l_w_jwx52e7nf36tq4kmr4eu3lbiunlhnhutvmwaokvryhsak2cptnkj6bekhmro2dygf5umxtjeqky5_p_d3fx2d-t_dv-39z3z81xn3dzf-_0-pcdu5_9dfn9frfb-9il9_78v8v8_9_rk2_ex_3_79_7_h9-f_84jcaemgrcqbdiuobnogeucieyvharqkaccggfogiafbwu7iwcfwesafakaiwigq4aoyibaaabaeheaegryiaaabaiaaqaibeiacbgefabycaqaagogyohqacbiqjereqpgqeqjbas2vccuf0hphafwwafaijykabeaairaaebyoayikbkxyieminogagafakjuk1bj6aabyymaaaa.yaaaaaaaaaaa&cb=https://csync.smilewanted.com/set_partner_userid_get/connectad/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0fda46f8,0x7ffb0fda4708,0x7ffb0fda4718
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6667717514267322254,15798436445242247311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4264

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
264B

MD5
e1eed2a1a3321a7d6682bd42534eca01

SHA1
0e88f4c449006545165450a2e3493da149b2aae4

SHA256
ba4e5b6d4df8850dd2bfd0fb281b1b15c2394e6c3e79ff55890ba0ff31043fc0

SHA512
bf5d8caf63dcf6c4773d8ea4af1129b1b5bf3448911521355d28fd1bfcd73fe1bc1bbfff740bcb2d21c0e60a4b0bfbef1cc0e764ce909a0bb8c80361862faa93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
04d169acac7f4b7f70a348818db87430

SHA1
326ec2b6b06ce0021d7658801fe04a12a192d674

SHA256
77bb97da609ed48b1d54c4042cbf4b788ae406e85deb9792b2565553b8503cc8

SHA512
b5c2615788e5239051bc2d7d85664b8e79d7547c487c334e9a89b61ef9da8cc75b5a22bbc7450a62f31726a3a419655ef8eed1aea89ef9e6215c5f63eea7c1e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
245982f85d860ad655a70a00657cbdfc

SHA1
0d30ebddebe961d4eec192ec21dc44a1c5db494e

SHA256
a07d6b01335a1e7188de28b4f07981e32a4f6afe73ef6cadca7b9b46e729b223

SHA512
534dddeb974813e8f89fdd92aac58e07ab758c6423511d914f84f429acaa73ec4325c789475a6dc97413cccbca74a9e55ae96e0b388b967ad9da73ab3c304b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
04ec01f5f1b01046c7d5d2d3d939845f

SHA1
4b686a601f2fce60ac82e68d5846b2d5d718e354

SHA256
2ae7efbb1a70039a6ee044c6876872bfe2187578f463c47d034043bfbe71186c

SHA512
e154e4d9993b80beb9c8b76c9e873d206501451826b39b70c867a2a3782bd86d542d5fb5477ab42569c71429bdcb31b06b005c2f3ee770fa8bb24371aa936820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d82759b7d0def6af6343fba77068dca8

SHA1
40063beee61675d90548b1aa86040e432e9ecba9

SHA256
0c7e20c5f0cd9f8d2ce7f501c298398e4ba61bd7611730065ab2981406e8eb32

SHA512
0a718d81f6efd806db25998ec59591fddb13a1812ccf9b5dfd2029ea0511eaf32efcde4848017aefe299571679da1e66d361445c012adef13442e939cc50622f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
539ccae0924bdd4f51a65b80382e1701

SHA1
4317496593001e8ea12028626835c280b5897de6

SHA256
943b7f4e69809569fd2f0dffc6b251b22cfa0ef8d86dadc14d8123fe1727dad2

SHA512
3b56ad55b4da23479ffc3b1c78dab2e534146920aa224aaff59ecce4cdec4e6a3eb5cf4a920606ef239162c51ffa77a8f72bb8889551798b64ab2c4436702d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f3ce6a91da4ef5a66a8010660ea16ab6

SHA1
d32a06aec7bdf930d20e17ec26f61d6367602b56

SHA256
61c0dc3f73126fecb425015235565b43263e07ff2b93c9fe8377a78d7d076d1b

SHA512
f4465fad056693124f5cb0a79ae59b6f5dc9e2e61cca951e4efc6a37bb78ff4af90480e80dfedb43438b97b5a5d8024b00ed93aad732c164db679043356515c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
308af9b9db866d24b3ad2754967eebf8

SHA1
b5b74ef8a3329f193f9412876a684468e1838808

SHA256
4c6b7a2f1d0d90ec8d0907b9b8aa19eb361cce6842d3c65071a2285309b4ffea

SHA512
98c54cd53c4661aee53f4dae2ea53f2ce386d0a22330047ca599f83dd32be58297ad054521cd5a788a1cea18e6a101543ce8c6e10237bbf571717e3e52ab9714

Download Submit