hxxps://www[.]google[.]co[.]uk/amp/s/titan-wind-energy-europe[.]notion[.]site/Titan-Wind-Energy-Europe-A-S-57df175765274c4f879fb1822e457204?pvs=4

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2023 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.co.uk/amp/s/titan-wind-energy-europe.notion.site/Titan-Wind-Energy-Europe-A-S-57df175765274c4f879fb1822e457204?pvs=4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
4764	msedge.exe
4764	msedge.exe
4964	identity_helper.exe
4964	identity_helper.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 216	4764	msedge.exe	49
PID 4764 wrote to memory of 216	4764	msedge.exe	49
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 4300	4764	msedge.exe	87
PID 4764 wrote to memory of 1220	4764	msedge.exe	86
PID 4764 wrote to memory of 1220	4764	msedge.exe	86
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88
PID 4764 wrote to memory of 408	4764	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.co.uk/amp/s/titan-wind-energy-europe.notion.site/Titan-Wind-Energy-Europe-A-S-57df175765274c4f879fb1822e457204?pvs=4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a48a46f8,0x7ff8a48a4708,0x7ff8a48a4718
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14125054196172328246,11423297882417696762,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4132

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
696B

MD5
30e4a80e662263cf35d0a7f4ae17c7a6

SHA1
bb2cc42fe00d383a4d0b29f6ab527ec4eaa512dc

SHA256
1d2e02ecefb812f1d1c0dc57bb221d44a413db7a1b6f19bc133dfa4ca231324a

SHA512
f849d8987476e33aacb5ee5f4d685b1a1e9b7441dde340e49a83d58c4745255d665d80ca19bd318bcf576db5efcd05712f3c1eb36b5ef344d1d3e4c3e1bda00a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
f4fc4021ddde59e73ab7b6bab8de4e38

SHA1
4225bf84ae7b1637244de0add049c26553de3d1d

SHA256
b8d0ef47d8a8e16076678475e225f4c327ba940899f13010828247823489330c

SHA512
6470348309e6efc43889a6c79ed041f98ff9034a92be2084ff2bd1f0f8ecd8da0f2e411f5a2c92fb026509ab5ff436dbadf7e411c1f6e36e496bab5ae2a7df0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b0ecaed02fb4675036ce21a25ff7f564

SHA1
ad16d1663956559c230de67bc55f5c4bc016f9f7

SHA256
a527d2083e355d41727be116f07a44ba399167bd7020e36f2ec6b255a449261c

SHA512
cc0917038f259c903f012e95cdadc475a88a4b96eceee94f7834849fb7cafb1ec5b2dec8e8536c82ca047617dd8011edd3fa82d9b4dc59ad47c342f5817fb6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7e11320d2908904c5fbbc8d00d69bb5f

SHA1
09fda799a42c2f6e53619329aa22255a546cce2c

SHA256
d6effec813032b2b6d1a363dd53d560981c197f9fa829446440fa1bd1d5b3f8f

SHA512
717e3b346e9fd290c6a135ecfdc2a836e608c392e8c6e232f5020fc1335c1c4a15a4a732713823f0aa889c64ad7f39848c143f908edc3d2e4e751a713a47b13d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
09c6735ee631d266d177dd77d2fbe011

SHA1
0d8da363c184bfd92fb7447a8ad2a24642f3654e

SHA256
d8754e27eabea40ea2454433048ef44c6c328314031a6fde897db9f55316de40

SHA512
978b48e84212442bf7cb1f6b81e2a58e7565e8ef1cf248761d01841a21ae42357f6e22e941f2118c4cfdcc425ac8740ca4589c20db5d45057004375d5b7afb7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
89ea69219d2b67e6c7a11578be02fe10

SHA1
2ce13ad34ea59790a6f09210dba481b39a3ddd71

SHA256
9c5c720d0fec4d37d198e7f1671bbe56c0ab9a32c0336a22e907ddf63e9588dd

SHA512
d9ffea42325fbbe1fc22534191d6efe76a67bebf1430f11ae2f2cc51537291a78b096b45f901e2cb1801592f84cbf4218d1d2c3325a3dd98e232c13fdf3b5819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d76b0a3c3f45a71cdefd1ad4c4d82725

SHA1
542a492c55bfa4d2cd50c0c70cb7f7e8b3a76242

SHA256
9d913df6f3e4a1a42567ce7af46e7cd4dbeaef6834930f7ff3d3d7efdc194eb9

SHA512
0ae7e3f150a864cc36ed9bca1821c9e6a0563a2dfc5dcebc8bb794b6b79acdae3b8402d1b05ef3559670142969f8ead1667f3a3cab2a2efca3823725578e26a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f04f0d9fd1bc5a48a44bdf16c7620c98

SHA1
de3f57edf69ea363d4ecb3350e9248ac5de8ad9a

SHA256
db4ce7ecc4e3b8ae878a8b7010a039230223711f7d169a6c0e7ebccfa702bbb1

SHA512
d987d2b33c658da62783cee39be190d64f2ecaef8071bf60fa16be0caafac996969ccf9698f398ae536004dc665746f0eedfc34cc553247a93be7a306b699447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f6e77d79d5fb453d4ce5c0ffbd554373

SHA1
e952eb1c58499f4344ac9bd275a95c5d2f07b6a1

SHA256
5877296f5c2df9e3507fc3792e726e03a98d27a4ffdbc3c8962b720b3420d375

SHA512
1f8ff854e6f0e602249b6e4e52c8299a9773997d96b6a87de546c2e37430a2b504f12f2f254ca9886c2832569ee8ce18e5ef21f47d008ca4de7832f6504b7a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
771d9a38cb592cb94772880daead3384

SHA1
4a2617ff117448efea49bf04c734d2331dac1293

SHA256
1d685e51b763a69731c0e9fea05e50d9dbf430fdb74edec9b0e3957b4677314d

SHA512
3f10b3704d8bf13cd82e141dbf24025e9065d9fe2e8e4aa645f5a8a7f630a59ba86a1799255c6d5f17b314fc8749b84f48593e4232f629e0ec7c949a4875126f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee9cee87ec38c81a2c6a9e3cc46f9c04

SHA1
a27880b45cf3f3b91edd7d85b18b082648e9bf61

SHA256
794fc12e3ec0fa77b0664fe3e981d197c54398c7441e5d2a258af9c8660dc439

SHA512
54d5a473a3a86fbd571e2656bbadd7fd8a7d4e3de88f4292602851ad9349e452b96397fc4b8b9df3d0bcf57b7d36f21f5a200e5614cb4c5678138c66163f9944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4d17edab6460cb0df8749c8fb056ca45

SHA1
23726baaa18fd70c75d21d4fe92df44305676a9f

SHA256
633bb296e692b9de4f9ae3441e45bac983300e89664bc59ef385899c37a46099

SHA512
f210c5d7f2aed0b0997844bd5e23e514a60eb32fa23b5c9c16ab88ed308ec218750f3083b8e1b1d62adf83fa4d8ea6573756c137886c6881eb7dc8442efecdd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c285.TMP

Filesize
1KB

MD5
030d467f75a25e297b8edf18f9db1a29

SHA1
0db9c225e4c796074c5b215171dc4fca8cfaf427

SHA256
de36ade0b5887af4226a848d47ad72293f935db79b6b53ff7793cdd6ba9c4441

SHA512
d287edea516ad5600c95de16c91a2ca4f0ddf2eb6eb2bebf51069747ce6c8956308ca7905135a5c4a1382840084c011e5abd8643e4f99f796e12e68515de6348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
70d13c2290108dfb97ed3dc948b62519

SHA1
e2f1ee89d489b3d9cd9cee4fdda9ed967bd34b8a

SHA256
ce56d635345960212fb18940fafc65b17ed00d62b78af957215785907833e4c2

SHA512
958c9312d8d03576ee00d88085e94eae6e2279a535f56cb1f5c88f31d8f27f2878e9a0e564a59e1661f10b36fb50366bcb845525142941e5d8ed3dfa3475c93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8afea5c9f5ff2b906ed07bdae9db8b33

SHA1
d92f94dda63d8a902834d5388d3a5cf7f1481e7c

SHA256
6f5046ee7c1db43bd8c7b4fb764e8b4d12fee39a919ac2efe030a6a506fd196b

SHA512
b3718a82533d89e0b4f5fc6b706687f449b5908e68f61a7fea24dc9ab33372b310f5426649b2321773571b7e15d01fd86cc6014b413aa17d8b248629bb9756a0

Download Submit