hxxps://app[.]buildingengines[.]com/geofire/r/tenant/wo/3023377966?pmoId=1877128480&_redirectTo=[//]t[.]bhmdevelopments[.]co[.]uk%2f26672616e6369732e74656f68406d656c69612e636f6d------%2f57619%2fPqcO%2fZnJhbmNpcy50ZW9oQG1lbGlhLmNvbQ==

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2023, 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.buildingengines.com/geofire/r/tenant/wo/3023377966?pmoId=1877128480&_redirectTo=//t.bhmdevelopments.co.uk%2f26672616e6369732e74656f68406d656c69612e636f6d------%2f57619%2fPqcO%2fZnJhbmNpcy50ZW9oQG1lbGlhLmNvbQ==

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{3E4E3704-23D7-4977-BF5F-87B9C92EFE93}.catalogItem	svchost.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
1920	msedge.exe
1920	msedge.exe
3752	identity_helper.exe
3752	identity_helper.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 5004	1920	msedge.exe	83
PID 1920 wrote to memory of 5004	1920	msedge.exe	83
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3892	1920	msedge.exe	85
PID 1920 wrote to memory of 3984	1920	msedge.exe	86
PID 1920 wrote to memory of 3984	1920	msedge.exe	86
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88
PID 1920 wrote to memory of 1888	1920	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.buildingengines.com/geofire/r/tenant/wo/3023377966?pmoId=1877128480&_redirectTo=//t.bhmdevelopments.co.uk%2f26672616e6369732e74656f68406d656c69612e636f6d------%2f57619%2fPqcO%2fZnJhbmNpcy50ZW9oQG1lbGlhLmNvbQ==
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c33f46f8,0x7ff9c33f4708,0x7ff9c33f4718
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4271743789861060848,15135606133458753382,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
PID:908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
29e414757ec5f96753331ee050189d4e

SHA1
1e77a6b0e6d4a9236ff7bf4d70cd5bc3552716dd

SHA256
ad7db569f6f5cd84623a76c82eb816e86b4cf01753f353a5746a4907fff326cf

SHA512
4be7a1fdf2440637d9230c389d475af184e6f5599f0bb5547fce31f3a23a1c439746d433402243574a83f25ad9b8e4e1152578a37bdfce80a840baf7a2d68ea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d94da381ac763d8daacc953c2df26f45

SHA1
4eec119472cbb985f30449decdd3addd579d01ba

SHA256
4f425f08098f61b826a3e960d6a5794d316fb26a206f0064629a0e1c89323794

SHA512
c4f73ab705a25d5d5a39f2efca836c26fe68fa2b0eaf85413c03f9aa98dbf49abec7b83b354da3005cc57c98c73f689fd6506555040d904b26ed0142212e3373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
785B

MD5
1003a567b29d6daad6f4d6f63359887e

SHA1
b2592e28778c69891dc1c9f46557d0531916a80f

SHA256
88adbd629b06464cc9e2c92aaf2b423e5d06be3d1f62628116c79146d5b7882a

SHA512
d4e61d767ff3428205cdf4a91c4f5cdcc4817f23f823668a0c6383a94f44f59bcdd68977b1d6911864ae7d66bc5993542f1f9380f15c10045599c3c6bce840d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f71afa20ed291a179e2699e6b4dec812

SHA1
468c9750a019e9d53da2de79ca9ac17a6d0af4b3

SHA256
8948cd5527d27380f51f4f3d4e3062fbb06999e645f7d306ad32d60224cbce59

SHA512
024d0a2fb9ab34ff0a007369f17d3fcd1f2d80897873826b97faf1a3b3967303a65877a95f33c163f1e4d272b18be30df1cac7d38a5eafbfc6b4a733221d573b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78bbf6aa879167c214e471678f198f44

SHA1
f05a3005d4091f5aaf0f67f7f564b18d2e29c715

SHA256
138fe8255e7a9841996db9c2a1286ee4d153160dc73e1ba7593b5397aca055bf

SHA512
6511bb2a6640bec88a5058df3b20a812844903ef31f2b23de7587307afe7fb518528c5e7cdc5f5b4b8f45edde3dde2a6fa268bd386217b80ec7869677caa9f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
43062664ec19c0b51b85145d0df5968a

SHA1
51a8415751c5103768f8302b0db9a6e563dfbf35

SHA256
096da77cb8fa554dae9cc74c6e391a48cbc4099da3c5b00a51b2d238b94b35d7

SHA512
86b899a78d0e0d57f80830fedb400b09655ace63ee931f0af70e95b796544f012465d12f0f659fc264280f68dca7525c6b634d794bed422df3be2d7a09763ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e49c2099b7e7a6a6f888bfbc8da48737

SHA1
63b6d9317bdec9d221df720a83a897f688a4c3f4

SHA256
073e1b6e7b87fa830390211cc24c13e57115b33f9df7b7add3152f560fa0c49b

SHA512
c7f345f3dfad8d39fc2c9bd81be4240c615d2773dbd53da934bcd8720c20b15a72d4322ebab84809aa26e1c9058848d1e237e3361f7a80ecb9b5142bda433680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bf0ab500507139e6744509704bbc9254

SHA1
717fdf2dcef91dd61cbcb705685b34c0f49e68a4

SHA256
c9172366d933474b00c60d9ff643e5de29f05513c560fee38c6a4d5ae2066c56

SHA512
2343426542e47d1257d10270acdd0daeedc524938ee519f0de7f8139fa93c464bd5482f3a5fe647ba58a41abde38bdba4fa648aa584aa13f81f56ab76081f340

Download Submit