hxxp://unobligated-lcm-79e6d07015b3[.]herokuapp[.]com/+?y=49ii4eh26oqj4dhm69hjioj570o30cpg61gj6e9i70p3ec12[.]

Analysis

max time kernel
154s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 12:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://unobligated-lcm-79e6d07015b3.herokuapp.com/+?y=49ii4eh26oqj4dhm69hjioj570o30cpg61gj6e9i70p3ec12.

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
2836	msedge.exe
2836	msedge.exe
2052	identity_helper.exe
2052	identity_helper.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 1712	2836	msedge.exe	86
PID 2836 wrote to memory of 1712	2836	msedge.exe	86
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2568	2836	msedge.exe	88
PID 2836 wrote to memory of 2308	2836	msedge.exe	87
PID 2836 wrote to memory of 2308	2836	msedge.exe	87
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89
PID 2836 wrote to memory of 2556	2836	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://unobligated-lcm-79e6d07015b3.herokuapp.com/+?y=49ii4eh26oqj4dhm69hjioj570o30cpg61gj6e9i70p3ec12.
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec2ef46f8,0x7ffec2ef4708,0x7ffec2ef4718
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,4380422639540631142,15230802783414782461,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5680 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f95638730ec51abd55794c140ca826c9

SHA1
77c415e2599fbdfe16530c2ab533fd6b193e82ef

SHA256
106137874d86d602d1f4af7dac605f3470ec7a5d69b644b99d502bb38925bbd3

SHA512
0eb01b446d876886066783242381d214a01e2d282729a69b890ae2b6d74d0e1325a6bd4671738ebe3b6ecadc22ceb00f42348bad18d2352896ed3344cc29f78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
308B

MD5
81827855a3b037ac0e180e0f2ac32a41

SHA1
a4b0e19e89715bb3663cec6407286d5ab0c1b914

SHA256
1fcf90ad6667935cc220cff6437f3928de02964fcf9342a50e88ec0c72b7959f

SHA512
cd8434929cb90b3bade13577326bbf0f49c840b280524ecc6a90fdbfb279a426a55f919866178e126321acedb3c485a026ba039a6c9768e56820ed88abde3017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
388B

MD5
757f2d640935a3f96a6c321dc0c5aff6

SHA1
27d7a6a83c3b3629e52a380b0560520f08cd3374

SHA256
649d7c5737b73ef2e0ca080fcd2cf240861c00fff543af27e65c9f85870bf3ce

SHA512
883926c94e6e6727fd40ff24891d4332a35d9a125944034a5230d6500388375428e942ced5d9846a1d149fb6880bef2bf7d5eb89d5133298e67ed336aaa77d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8a7549eba50934d48b0917bf913a1804

SHA1
9baa05537d99051aa609ae448b6c61c6e51fee14

SHA256
6c089a4fbf7217d8b10816fc0a71ba899c2f8549a8e903f0092b04d71230cde2

SHA512
64720f4cde0e2539a8bd9f50a0f76246f80ca165c43c283eb15cefa22530294a6c149c9ebc7f14735e525bd2a4630f85b4409fb0a3bcc1a63008a98938e2abc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5a22a57ffae93f0e7bda3d5274158b8f

SHA1
cbb10b5b77a6e78ae0ef4cf3f107013d842058b1

SHA256
3232d7cb4636af069700e2b78dd31e5a4e3a15e275d966c06344e17aa141783a

SHA512
3cbb02d4459370ebf0bb6530c0b8bd9fb8d06a81083f70c613912bb7d383a95ae934b6630f5462287c7968a3b945898cf3d44ac99aa13a297cda12ce629af93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b4fd9fa3454a4f41ba0598f25d3f164

SHA1
6616a9af0041c51ee6232f8eba256440aa0d5bf2

SHA256
f9458dd55934d1e95074e106f5f4ff8ad09419dbec4402b4d51af5f582f2eb57

SHA512
9579d5de05710999c125c299487b40342732ac85b4b229c15836eb500e98042388575fcb8d6c442e860198f8d7347b6973fb114ee843bfe2ea379824befad1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
33c05632285fedfb0a4a11c71543fe31

SHA1
2d819bfd8e179e791ab6943833582f8a06b0e1ca

SHA256
814ee41510152b4fd195e503bc37ac055c411b319c87dc21cae968f6296a1681

SHA512
bb56745697cf3d174a0e8a1357f8cc8e1fdfa7bcac4d80d2cc0fc42891e29d6a56abd08597d161f44f071822f10ee07c7a96049a4fdde1576c0ca4aa1082ff57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
77b818e545a3de2600c042e717e7c20d

SHA1
a5b3a039dfef33338125467ce82157fac576a2ce

SHA256
a2534e17b645ce1248e437edb2eba8b07addf2c61f8f906ddacec2eda7fb7fb4

SHA512
7057a24ed6a838e45e7d812f9151cba141acc6d19514eaa114e1606edf8f8b64274642e4f0ad25adef747c8555e6a04030c6c29b16b06bddfb43b5839df11cf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6a3bb3d62b395e8e41c8b92aef871c83

SHA1
88c3e0de125c202b239d43a2a0d8f7bb003585a6

SHA256
bc08f08909886e98cb422659a747bbcd231c89a264327f7b60f4816d98396563

SHA512
f3bf2c539d1cd9e341e95f6613af54a2462b5e9e5ae7517ee9d7b12c358e5ae4c4cffb0db46d465138abef480568e251e9aea21ffe07c553aef0b5b364f250a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
320ea87ca357caa4a267c6dbce4ce8f9

SHA1
a32d35c4a4b188df94d412c7f19bff4486cdce00

SHA256
9a3027dc92dd8966962a71a86d19c35fb6eb1afb3c99aedc6182bd185f76dbf8

SHA512
25f38640607525ee6b8c4ca8f9082f07024b79dd543fc0b5702a9f4dab83fbb15b32138191f0a1334ceeea19dcb073d1742a26f8a7608c4ee71e531ba6a6f4aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4a078fb8a7c67594a6c2aa724e2ac684

SHA1
92bc5b49985c8588c60f6f85c50a516fae0332f4

SHA256
c225fb924400745c1cd7b56fffaee71dce06613c91fbbb9aa247401ccb49e1ee

SHA512
188270df5243186d00ca8cc457f8ab7f7b2cd6368d987c3673f9c8944a4be6687b30daf8715429bd1b335391118d0ce840e3cb919ff4138c6273b286fb57b2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
de2ad51872800fe7fa548251bbef55b0

SHA1
a1d782a979f69368fe908c7f00a478cfb8e73b20

SHA256
17236cb082922d496f1fae52796346948ddca355e8a5649de42deb56c941a761

SHA512
0e6797e103fbdee26ebfc328e3c60e213466a06d2535a6436f842bf4cb34528e028fbcebc2bae0316d822184f686e10309b10602200a408c9cace26497f053c1

Download Submit