hxxps://bafkreicejwg2k6b3inuxx4je7r7dzl2wla3usoh5o5wazc6pytom3ogzjq[.]ipfs[.]dweb[.]link/#john[.]cena@hobbit[.]com

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2023, 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bafkreicejwg2k6b3inuxx4je7r7dzl2wla3usoh5o5wazc6pytom3ogzjq.ipfs.dweb.link/#[email protected]

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2564	msedge.exe
2564	msedge.exe
3196	msedge.exe
3196	msedge.exe
1416	identity_helper.exe
1416	identity_helper.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2568	2564	msedge.exe	81
PID 2564 wrote to memory of 2568	2564	msedge.exe	81
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 2524	2564	msedge.exe	83
PID 2564 wrote to memory of 3196	2564	msedge.exe	84
PID 2564 wrote to memory of 3196	2564	msedge.exe	84
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85
PID 2564 wrote to memory of 2132	2564	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bafkreicejwg2k6b3inuxx4je7r7dzl2wla3usoh5o5wazc6pytom3ogzjq.ipfs.dweb.link/#[email protected]
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0b2c46f8,0x7fff0b2c4708,0x7fff0b2c4718
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13316721546007940854,6340134193237500715,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
a5624a2566e77aa481189b6355f278fa

SHA1
cb95dfdeb8a9a6bd0158fbb622f4794d9300cb88

SHA256
8c1d4e791d50f8732ba57e08b34286f4b4f2161870786db1b9c0b11a83b84c8c

SHA512
672e3e63ece58917cdcca8956bd964d62d8e3318d8ebabe9b17195001dc2a99fa652228061d9b815eb0e103199333cce11be0d55f87fc1a4633e9fb5c31c548f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
856B

MD5
4e650737ad1c461d0ad034806b9e68de

SHA1
6837546757a3181f9086e0bc091185e99b7e9a7d

SHA256
cf5994dbac1a3c8e217e0c69e4e13197e52f97299d589bc7776968dae25d4897

SHA512
24121d235a7dd208c0d1ae5fc4cafb113d6f395936f2cf2472ca4e9f417ba661ac0eeadcf686b2b1a7c2047623b3cf0f1b22ca09dd77db555c131b9e61a2f865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bae817b364e93a78bb80aa0664bf1d4a

SHA1
474fa9ff7425480bbe114c3baf1712e9771a0284

SHA256
7966e44f624d832b425812361b6b0fcb57e81f847b11a22db7f47ef685070bf1

SHA512
82e3f102a94a5351490d65d06d21df8f997309c438f75c05fc60cf29fb593febe56411fbe7b140d579532cd8d26c42c63c128c4db6a8e22ade0ff13d92d434fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a381464fe3c7f6bb7e4484c62f099336

SHA1
f36ffee67d2394084e4007da6c7e5bf676480e9b

SHA256
ead95080372e0ba6ea4c860a52c0a64216ec79fbb2163b40133530887c55679c

SHA512
df3f44195a0234e1054358918e5b4ae957d81f12ba4d7fa458e6c2e04cc08e45e7b6cf13bfcf6508a9db8004c9e700531e1000333f326a8429bdb0303bdd63cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9275d319406a2068abcdb9ca5eb9904a

SHA1
3a9b30464694abd611ef68e71c18b947790e5c60

SHA256
60c333b1f6e822d4017183d462f60243826eb4261b997a753915b042c373dbbb

SHA512
b2e1f8ff79c272f73424761b6d369c04250b648f04b1dacacdab4b9107553e273b5da46db31bf13522976a5026f5b3e26fa24094c607dc827ce4a777dedf8a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a93399afa7619f006dab70414fc9adae

SHA1
6148d9038dfc6ffd30ee7a498d6e03b2d12a8ffc

SHA256
53688eba266aefcdd24ef7e8bda1a52fb9b1a21a7885b0597d826a800ac3c4cf

SHA512
bef19cc7ea325090a354efe14a47a803ec8834a46296ccd58fbf419895df72e6183a514ac6bfda14380c585ff12fc151e40d900786c5c59b9883b98469fbe99b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1f07645ace5a51348b0617e04147b31b

SHA1
8947424036e7fabab12b445acafbbc61568ddb4e

SHA256
28e1a5ee8d9b33fdeb1fbf40f37848d12fbf54017ff72ed0501dbfe041f3458a

SHA512
d60e757cdd5d7ce40aca5a77bad3f2c545cd5fa6bb7ffa1c36fd44853599aaec565554117fee0170ba29fea3e357c605ee850de53f8bc8c9e80b8063699808ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4d767a2ec5a117bc820a0661a599550f

SHA1
3ea00295ba5c7ea90af19132d8886e6e47ffb950

SHA256
6982dade5ad917d9149674c80dd8725945503d03247a7a07af8fa491019afa9f

SHA512
b488633173fffddb592cbbb171f80d4a28295572741c889bd74e26ea7ef3fa1a6cf32aac1d5eb99616a112e68ceaf6ed8e981f32de356c2d1b0ff019acd1d23f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
29213338df67d29d6454ee5d61ad3970

SHA1
8c69ca76a2e639060d5ce835a9600e6ea3764a83

SHA256
d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51

SHA512
14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
57feadb04915173eca9dc0d7039fabcf

SHA1
6468e37bab41d6b9371bc300942a958c9d6bbffe

SHA256
b387c904380d134f40fb11407af4ae41074da19a73a6a0b435cd0bc3908acdfa

SHA512
ac68bf038885d2f52e1a760837742447341fd58a2b75a80b57d1597759fb118c84f2ccba15fc8e871aefab3375157406c5a66bc1d25da7ae08036169cb593ef2

Download Submit