hxxps://www[.]cloudflare[.]com/en-gb/lp/pg-all-plans-dns/

Analysis

max time kernel
601s
max time network
694s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07/10/2023, 12:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.cloudflare.com/en-gb/lp/pg-all-plans-dns/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
5256	identity_helper.exe
5256	identity_helper.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3804	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3804	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 4884	2116	msedge.exe	66
PID 2116 wrote to memory of 4884	2116	msedge.exe	66
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 2928	2116	msedge.exe	85
PID 2116 wrote to memory of 744	2116	msedge.exe	86
PID 2116 wrote to memory of 744	2116	msedge.exe	86
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87
PID 2116 wrote to memory of 2864	2116	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cloudflare.com/en-gb/lp/pg-all-plans-dns/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9916946f8,0x7ff991694708,0x7ff991694718
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14961570417378242406,5458077458537623934,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8 0x490
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bf009481892dd0d1c49db97428428ede

SHA1
aee4e7e213f6332c1629a701b42335eb1a035c66

SHA256
18236c88bc4fe576f82223cca595133aa3b4e5fd24ebac9fd515b70e6f403ab4

SHA512
d05515ff319b0b82030bc9d4a27f0432b613488f945d1dae8b8dfe73c64e651eb39f4141a5d2e157e2afb43dd1dd95b6611c1003ac4e2e80511e6c5cd7cfdf11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
100KB

MD5
f134fda98a277b1c8f20ab8fbe2fbd58

SHA1
a922796190a1f5bbb3c410c6ec591502050df04e

SHA256
27bce9e85eaf3567a4695ba2b612e32615394d80d0a3a2dcb07b1fbfdfababc7

SHA512
2b2e8338afb9b0ca9b5fa3d452dfd80368b5d17566120ae6351b6d03572e5a69cedb97f165fbc31ffb3addcc00506a3fc0761cf2404a5d9826a8448a7c4d9f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
54KB

MD5
97f93c0311d3eae6476508ececb83f39

SHA1
be7de37d9b9821940da5ee3505b8beae800bf7b4

SHA256
b9516f616076204e0fa6c7acc9020780768ba4debbd9872cdcfc3f653c58b2bd

SHA512
71bed9cf1dc9730a3593ba29aa8a9bc00dbcdeb29104fe6ba43b022f230c0c5d7c33e5d4c08a2587103ef46b4a6ae827980f07d29ae6280fed3874f02a14b8ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
34KB

MD5
1b263a78dd2a9197a7e37ada5aa8c2e3

SHA1
a5ebaecc9348fd58002f3b77a3c4987330d24432

SHA256
ba2bda1ec87fff21b58e14e5a0fe646c1c20ad6716fc6778cf75abffe55ebfbe

SHA512
23b80ec138ef877a69ba2c05d905e3c51607cc5930627b2a65996f3d0314c613b32a99f1ec0120910680278e53bf7175dd75cc56767c9fb0315ce4f43d625bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3aa99a2a6f74e47cefa7f51ede2f84f4

SHA1
b3b302d7eb43ceb2c04e11e596d69fef01333bd8

SHA256
c71765506befcbca629314e0d2f2da2cb10803615df3294466e6d24adf95a6d2

SHA512
1ca4b684d6aee5298f31e3e5425d51ea253bd3bb98ad22aa58c2bd3b83e557e6f01cb46ac4fa71e75b034f925cde091dee273c4d5cdf460d765b4df5c07332ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fdd59c4846f5d4cb1cf8fe783d97b681

SHA1
a231d5c3f276cb8c2cb4e9f52aeb9f857b4010e2

SHA256
7942e93437b1a9915f3448edc26a3b1c49beb79346c11d5525a3f5d22606427f

SHA512
7a4a75f505e7fd8d48f1a0e25c74f0f2615c35576b65f0226ea21f46a08c13abaa285837ab6960a4daa976143c0f7edca4ca57977d755f01f05f3ebe8db99c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b21c95375adbd8cafa2734609a45d7d7

SHA1
6a14d539dde2a92bc89b97ee0772d11e11130c7d

SHA256
32138ca9a7a2064d3be6fc5dc7e4c07ea3c92aeb0a65c1c9012c1f783ab3f648

SHA512
a8a4980a53fc70480e3e76ea55c5a28e985ec2bf5c4a4e951bd6ab5c798b179593e4045a67bd5da61c25540ad270403259d35a5ef13b63160c513e3ddf3f996e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0c7ba00f078e2e8dd161b9868ca6372b

SHA1
865a666198309492274c3e59eeb8aa7af68d40fb

SHA256
1b68101ebfa0c4ddc1ab0f0e5a494a49cb8f53d18ccc065db8085db975d122b8

SHA512
414279bac3e2faf47e958b7e9dba709c9b6efa245631739b2bbcbe269da05b15452ad8a51745d5b163e10ec3c3cdce693965c8c69c22df8e1902a1d35ff6aaa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e7335bfb25b4c3df4768709c41ef3c4e

SHA1
ef7a44e2b2f4fb8e974fd0d34603f2dfb295fcb7

SHA256
91301d77e039107e306fcec7994f499062059087992f82b406dbbf256d2369aa

SHA512
4ec318b283d94491f3f854cee14ccd9db260253fd8ea091efb7ee179ac4b0e64879202563046d8a5123c12878bd67d8bbf4fdfd3053afa191b1ef1eba1d83805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
25ac77f8c7c7b76b93c8346e41b89a95

SHA1
5a8f769162bab0a75b1014fb8b94f9bb1fb7970a

SHA256
8ad26364375358eac8238a730ef826749677c62d709003d84e758f0e7478cc4b

SHA512
df64a3593882972f3b10c997b118087c97a7fa684cd722624d7f5fb41d645c605d59a89eccf7518570ff9e73b4310432c4bb5864ee58e78c0743c0c1606853a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f817be1f8b8c8768ef8c168cdc5a912

SHA1
fa93802fc7e5d42026d21b20ae594a6cc1dc2a1a

SHA256
78111e040d817b58750322cddd956a94b851ae543bc844da6ce0176191567d61

SHA512
c05ef414527d4b69283bce3a16f659a4bd660eac94bf6a82301ac56daf950e2c3444a02d15ef4619dd273f5c8f60015da5b4552533d297a64cbac8ae1f89ac7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e55f.TMP

Filesize
1KB

MD5
8b79169e672e1971524c3cb9dae796c2

SHA1
a63c8d31f83953ca4dc1da47cbf8f68467cc1f8a

SHA256
983beaf316bb09324522b3417a0a6427c6bb4b289411a6825b9a1a452f95fbff

SHA512
ae5162a2286a76be34c0985daf0d29e3158ab3b207f0192770f5c7c7c84d57a4b029ba9c84770c55a5e8f022906419d16564eb53792de7b319cc310dfcf9f3fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
496de2ec0999b7a6566b930bf3e90460

SHA1
6b074daf31958f2250d82dd5101dab34d1d030a9

SHA256
1fdb55b0b5be2333722a38fd2bf7d8cd377e53fe1d8fe6ae3a256d36c1603ed1

SHA512
759fbe5a8a0884b5ad1ca0846751541f7585b0667abaa93f5ba6f454727b20040b86cca0e493cdb806a33a5a1cea0983bfc9cc366e74f2caca4eb58bce425158

Download Submit