hxxps://www[.]loom[.]com/share/98848e3b1f9c4b6eaddccd0b7a3b673f

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.loom.com/share/98848e3b1f9c4b6eaddccd0b7a3b673f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4024	msedge.exe
4024	msedge.exe
3036	msedge.exe
3036	msedge.exe
1096	identity_helper.exe
1096	identity_helper.exe
5680	msedge.exe
5680	msedge.exe
5680	msedge.exe
5680	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1396	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1396	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 3040	3036	msedge.exe	85
PID 3036 wrote to memory of 3040	3036	msedge.exe	85
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 2460	3036	msedge.exe	87
PID 3036 wrote to memory of 4024	3036	msedge.exe	86
PID 3036 wrote to memory of 4024	3036	msedge.exe	86
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88
PID 3036 wrote to memory of 4080	3036	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.loom.com/share/98848e3b1f9c4b6eaddccd0b7a3b673f
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa21b746f8,0x7ffa21b74708,0x7ffa21b74718
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3010025737439266062,12158092192554088349,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:624

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x450 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1396

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
0f54fda0e0883dbfe6920705e2291823

SHA1
f6f40e71a055048e7a6fd16bc60ca05485d374ee

SHA256
f67122e0850e7863fc164ea81fd200ff384f80337fd3e32a6ac26085b338c4ce

SHA512
40fe60749758b45cbc78c6f8af52121a54311245c6c69373bc324bd14eaf04e053995612fd55dbd1eccc7d5fc354d91f76b3dba45c6ce0e3f2ef6de99098132a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
633ac1590c540e4592e4b09bc43b410b

SHA1
3e3a4155329d2fb4850492e407fc1971d3dd48c8

SHA256
8c01e3cb179e592afb2d98209eda09256a452bb87b035a4e4bf48a94c97133af

SHA512
943eb81ae60b635647d54542e25538a506522003cc6f189fcd2bacdba7d7cf36c6f3e91bbe6f7e9e72aef273954a4a7705dcbdb6a614443df467036700daed89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b005640d014e089aa813f5b1657177bf

SHA1
5ac8add77d88b3cf90b944237b2bbdeee8b27dd5

SHA256
a1d72da658f90a1f5ff8f98e2ee18cd3617521ed060a8b41c72e5c9e22624103

SHA512
8249b9fb9c26d77b769a261afe4db6329fe5e088e112ebc7ff5900ac98017f0d8b235e941ff132217dc593db2f48b6e1195161a0d19cbe3fb426e8c3b797cfa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3dcf6f95f77c6d07fc2bc5ffe82ba712

SHA1
5da877b7359ff5bf80ad483355c6eeabecc98b2f

SHA256
c53806abf25fc8d135f15d852b6b5d2ef630ef21b16ce96a48a558a92a0b6092

SHA512
f8ff008e5f98a438ed045bd133272f76a40c2b2e11f27504d9d1da42010e53fe60aec6352e2463d246e0fab4622aea7f5909a89959e9aaffd9c25c1e37a8e993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0cdb5d871f9666e6ef25bdf8d57e943

SHA1
f6e0c87e0c39e582f39c95a3e3092aa0f3b56d78

SHA256
07376cace8045bae9762e146231457fde7a5fe46fc97faafee84dcb95b7cd8c7

SHA512
1fb53db28cb946a44eac88ce12fde6fd6f942c56c5d47938e2c4ba835881b71378ce4e82496740a732b564a82ecf6133ec42ec094fa5f5d4a4a1dec0ea9ac0dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
09ae95f707079f1e46e2cd3afc1ec028

SHA1
69c10545c3a0e85745c262e3b3b10c682773da74

SHA256
cf006b0551fcf5c32dfce1a85c1cf2471939892a69f7fb9c2840b57e0caaf424

SHA512
e3e6a9ebf767f40989da4dcdd0186de506351e00f2fd145b6edf9b628c9bc10c94f6fb58298c618e24ad504afdc44b6047d7468c335d530a1a0d9f8d45dfac5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9fd9ce96e964a7514eebd3926b92e857

SHA1
d18a23128dd165f585a5d3e72bd1cb3260e95f4c

SHA256
bb3733a8cf887642bd7a6fd62180b98d05464e2da7154fdcc65185939cc9d089

SHA512
c1b0cac8c2bd79efac8d82877910374e6eac9b2733d938da7340937f22caea8fe7cb929b8adb4560e3eedd3dd7b6cd698165a47b2074aa8df4810c89b01f1dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40fc74bc215748a977ec7104f4c4f800

SHA1
e4468c35a3a28a49b93a58e535fd99df53f55211

SHA256
6eb39a8b9c51e26c1cd930c0fa39637a14635864288ef153029b4057356e48e8

SHA512
35c51289fa660b848871bc6d62bcd5b12aa25429d5ed3938e6ec51d3144e62b09116fc9dc8109cf097fd9c8dee7fdf72d7153ac2e0e7194a6db2439e85aa57dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
73dc82bfac9084d163ce436358afad38

SHA1
40c24fdeeb2551d61e04d916408784c830111bc3

SHA256
61f164ea792a0d9132b74eef09ba728febc64456bdcddbc46e50e53f924360fa

SHA512
a05cc34c93b04526b3c53a704ff075d00d8e8b6a0d654bca1195da81512388a2111932ee2bd3a0157e7482a449c7d417a7b299b4f83701b27b2bbf8d34aebb18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
61765b0c1ec71f859baf47ca1dd079cf

SHA1
0c2c7537f8474338abb47d72891c445b521a19a6

SHA256
c8e6aa70710ffe2abf3c7430dc133359e6d3bbfd019be5e99808312a746dc7c0

SHA512
a695cadc9c89ec14f511c114b44c5f4095891afcd4228b5a52cd4eb9e090f9bf9a2d6b7bf08ee7b181ac68510fc6c2d50e9234e6175abb627bc8aab6885ff8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8b4218fbabb9fe3e94e6544ef70d7005

SHA1
3025eb0fdf5d4d9585a730d3b8702943ff9fd3cf

SHA256
d0dcfc74a5aa751fd2c49e3a779122fe6b9384aa67aabac067173ebf0df81e52

SHA512
05565ac7bda00c8d186b323c3ac1a0c65e2f9b0d56500d347c89ed90459531a24832c61872c55a0d6cfbaba65d6ef052689be7582c6116d319be2f33538e8f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
28b7adb25a01f339ec2a3a4a4f264fc2

SHA1
6b746ba5cea74807f73d12d9b221da5c0b06db89

SHA256
d97de38af1b9fb2bde84b55d45204a30a0693ce9b3a692feb1b5e5ebb8ba0d70

SHA512
7cb2371b89de08adaf3d5a16a453fb17e90e2cb208a20c1e0b295aaa2ddfb52ed1061fd398c5e903cf24ae57ab2331d95ad8aeb02fb90665f0fd428cd2e1f37c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5862ad.TMP

Filesize
1KB

MD5
beacf51daf33805ace5683b5f598eb5d

SHA1
4cfc7f28352e111a4e252b211f2ee42abe6e7afa

SHA256
6fa1b9941e38905b50a9abc490e8449915a0dd3df5962d4a857d88887d89f086

SHA512
936210a5deefa7d65b754ea5f31d7d7e12583c86470fe294f64021c01dc4dcd0c85d5c7266b7c6ca87e62820a2ae199b92fa2f901445d06eb95c7a2499f5157b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c107378afd009d1e80b361fa1c402d98

SHA1
5fdac2dc9cd55d0f6434adf47e47a44769966a3c

SHA256
5c645dd8a83ff4120941ccc91fff6b99616c72e6a6230edd16d62b868a109966

SHA512
ae6b4fc1431125711ee12a53ed09f997fba829e4a1982de550cb0de70e886003791741d08e9ab4fdbea1f332eaef2bcf9e04cb4d374bc2d2ffbf3be4babfd692

Download Submit