385f9ac853fcc9d165c8e9d6af751f2b9897da992e239d2f5be0177bafc0dcf8

Analysis

max time kernel
141s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2023 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bloxstrap-v2.3.0-x64.exe
Size

6.6MB
MD5

77e2e8d436cc140543b0c127b853737c
SHA1

0016079fd0145ffb1368f5ec9747c5848c397a12
SHA256

385f9ac853fcc9d165c8e9d6af751f2b9897da992e239d2f5be0177bafc0dcf8
SHA512

3f65e142bed586783a5075c49714396cb033f360c3a78d4a516eeec66c3220a34cf6facb4b3748512fb82b7efc1da5306d360169686259d4739f8df9f17cde65
SSDEEP

98304:did5DeAd5DaTsed5DfzEkmiLEiOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTlb:dhseObAbN0I

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 836736.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
3296	identity_helper.exe
3296	identity_helper.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2432	2524	Bloxstrap-v2.3.0-x64.exe	94
PID 2524 wrote to memory of 2432	2524	Bloxstrap-v2.3.0-x64.exe	94
PID 2432 wrote to memory of 1416	2432	msedge.exe	95
PID 2432 wrote to memory of 1416	2432	msedge.exe	95
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 808	2432	msedge.exe	96
PID 2432 wrote to memory of 2676	2432	msedge.exe	97
PID 2432 wrote to memory of 2676	2432	msedge.exe	97
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98
PID 2432 wrote to memory of 4532	2432	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.3.0-x64.exe
"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.3.0-x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.16&gui=true
  2⤵
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8478246f8,0x7ff847824708,0x7ff847824718
    3⤵
    PID:1416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
    3⤵
    PID:4532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
    3⤵
    PID:2860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:4152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
    3⤵
    PID:4956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5248 /prefetch:8
    3⤵
    PID:3964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
    3⤵
    PID:4920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
    3⤵
    PID:4512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6048 /prefetch:8
    3⤵
    PID:3568
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
    3⤵
    PID:4380
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
    3⤵
    PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
    3⤵
    PID:2748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
    3⤵
    PID:468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
    3⤵
    PID:1196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,14730016070542768793,5306304772561473949,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:372

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70e2e6954b953053c0c4f3b6e6ad9330

SHA1
cb61ba67b3bffa1d833bb85cc9547669ec46f62f

SHA256
f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4

SHA512
eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
a4f96d62c64cb1a172813c25bb577bf2

SHA1
1213c0ff11237f8ee5cc3b8c0ec303ff2c903699

SHA256
b7d215975c412e207586d4a1782f7bf1e4a7344ecf03564fa4f4dfe51f4bd9d3

SHA512
66beccd273a5b20babed69eb5be7b0b6d3da1432775c2ef7d2efa204118d4f11ae83e024d81c567e8661c34560578b2fae79b29fb0ababb5c5ac52a51657f435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
daf59d26102987ac099884986fcbbfa5

SHA1
4d434cf2d93d26be0e22255145176c09bca492d8

SHA256
e9c257016d68728379f6951b0b728dade6c0f9b2ef3b5eb41fee010a8db9fda9

SHA512
b882c98db50daf03b0f277013f7394290163f04cf9e42dcabe8819df2d694d5b6d4679b0260fec660da4dea0fd5692a5fbffdb278ea2b583baa18deca2b835ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d4a17f2c08053a71ee948bf3951919d

SHA1
82207a202e9bf6829152b91a9f1fc7b336f456e8

SHA256
28b3e6cc36a0413d36b2c531abfd56b97d0b9074b154fdbf2d3b39982dd6878b

SHA512
1ba6afdfd13b02c764c6fa84e646c98283e06aac36d764e381655f9407fd0b803ddda1945bd1b80994b31495785673963fe710d85937792f9ea7f84e8f154f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2089871d386673ba567e2e814457d44e

SHA1
74403f10663fba53b7ff14c0401feeb87f36fcd9

SHA256
068617cdae3ba7a8598a2790c2481203ab6e312b722aa7717811876614a14bc8

SHA512
13ddcec5c5ffbecb63cc271376b0566a065d632dbb87eb940265e669d7a21b953032783a16077af34581871a27af9add01c8a0a5ed0a46281458bf92db51cde5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d25f075611ffd3bceae466c1e693152

SHA1
83f95e1c7ffaa4f27087e1088b26b2a25dfb72c4

SHA256
f3f3b0dea629050e7782903cddee1ea69ca8d98937ffd9863b59f7ea9f4daa14

SHA512
3589d0a397790db587ae070d5dba09be8258b2a043fa480aa2ede583ee97dd3e72d92a93e48f967744355c9993f5b717c76dca84c8cb2931a2e01cd54a377199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5a478f1e08816969e8214f982850b754

SHA1
1cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c

SHA256
665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489

SHA512
7e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
55a90063e858e9d1d142f3b92f809f34

SHA1
b9695fb7d3953a3f3605ed5cccd92142402d5f5b

SHA256
eba746d3557382a48e3a6aa5abacb9691bc10c5c493b1dd5741d51a6c3b8b165

SHA512
2a6602953c1925dc5a728c71f1888892572adc9ed90a3f9bf40e045ca7ebe2ffca2de208e1df4dbcbfd0794e88172cf90b55efaf88b81ade9974d3711f2ec8bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
00a37532bceb76c70a8dd1619533b305

SHA1
426181ed3a22db4a984dc18bdb09795977e9a618

SHA256
5bb2e03b47298c0c1fedacfcbcf32a44d096cc440eae478f2cd82b712a9e6331

SHA512
607b12e6c9f3ce868cd9185c5f71e62ffa1fcd23ebdaf79ffec940da9a55ca78bd5656479c70e7ccbec5b73075032c66acd834a7e625849ef2c9dcf9fc11f00d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
a723a82d68ea57d61fc658dd7d5e4963

SHA1
b3760ec2de41a7850d9c26779bffe33a01837caf

SHA256
bb82bd662380baebaf934be4c8cf5764f9035a1ef3005de1bec5c610786ed6c1

SHA512
66deaedda3ae54ef4394dc56957a0d83b2e51728dd3ed8e3d6485f9fb54ac9ff270309604f1ed441de7a5784af886f31db1df2b98d774d2808d77583e0cf3e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
9cd5e9575ef846f52b78c101af667234

SHA1
edb4e1cb103c91cf1ab550eec4fd4318e234f5d0

SHA256
d6ef5bcfc8af8f6672f3849d9a7dce60d14458ae851f5c4bdaff995d634f9a64

SHA512
8ac3514d3f1fde56c3121820828a3abb0dccdb6619364e89217f2bfa42c5d91975c53451bdce96e26227273f4c10180898e9974f5aaea7c6b9e9b0c4b7be5062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58298c.TMP

Filesize
539B

MD5
9eba98142305646dadd8ed93d8b0859a

SHA1
b74e2954202edd75b9c97c4e60bd2733770651f7

SHA256
13fdbb12d5654a2ad37da1c8981f223469bc67fef3ed74a565b56b9aa0715202

SHA512
d7466f662ef1f131c3c074f6f2531c617b547d06014a6b2801c63c74301b23a5d8e0d9190301bc69e7e30917a8fc5393dfbd431bed0186c926b2258a11b5279c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ed8297c93b015695172d8f8ba7f451c2

SHA1
ad5b95460f1ff02e9a1d1465c55c3fce5e5c9a51

SHA256
c69e878be09c978cda7d922fe6271599ffd58778f2a5ce85f25074282ac0421f

SHA512
cd23d59ff94e97c444a3e1f09e8741e765e1cc022707e36d6e363cd995fa9ccab962950eec43b60b22687624d94907ab96ebd97a285735400e584d6d994e4372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9b120776a68734879b648d1e151c3f58

SHA1
bbbede65758bc1359b6dc8c4e2b485c4438a2b7f

SHA256
9a7e2728a58fbef596379d9363ee51629b5210010554099b52e2577c1c870482

SHA512
6fb00e9b32cfaf9c99a3433f4b47f43f941507997b18992a3a768cca798f4d23a9f5a6ee53bba01671a02a1d31cf74b230c03ca6873068511481ba4a435031ca

Download Submit