hxxps://arafund[.]com/machine/gun/qs06j6/dmFsLmxlZGRlbkB2b2x2by5jb20=

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24/10/2023, 10:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://arafund.com/machine/gun/qs06j6/dmFsLmxlZGRlbkB2b2x2by5jb20=

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2956	msedge.exe
2956	msedge.exe
4180	msedge.exe
4180	msedge.exe
3480	identity_helper.exe
3480	identity_helper.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 1508	4180	msedge.exe	62
PID 4180 wrote to memory of 1508	4180	msedge.exe	62
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 1808	4180	msedge.exe	83
PID 4180 wrote to memory of 2956	4180	msedge.exe	82
PID 4180 wrote to memory of 2956	4180	msedge.exe	82
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84
PID 4180 wrote to memory of 4696	4180	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://arafund.com/machine/gun/qs06j6/dmFsLmxlZGRlbkB2b2x2by5jb20=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd553146f8,0x7ffd55314708,0x7ffd55314718
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,3873095244935201663,3537775119112510830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f30b8232b170bdbc7d9c741c82c4a73

SHA1
9abfca17624e13728bd7fa6547e7e26e0695d411

SHA256
0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

SHA512
587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
17KB

MD5
7916a894ebde7d29c2cc29b267f1299f

SHA1
78345ca08f9e2c3c2cc9b318950791b349211296

SHA256
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

SHA512
2180abe47fbf76e2e0608ab3a4659c1b7ab027004298d81960dc575cc2e912ecca8c131c6413ebbf46d2aaa90e392eb00e37aed7a79cdc0ac71ba78d828a84c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
56b944805a3e333c955ef59c0bd1959a

SHA1
958a07f40bd80108732daac363bb0865cd9a5dd4

SHA256
616f2498fd52e878e70c17faf4dd0dfc3aa6553891890d082377ebd0aa0a9037

SHA512
ab320f49d145e285a0f6d78cc0b10752120941b8808071165eefa6cf7908c5f2f184add36b54395954f55c74b4cb2881f1894400296156743ac8ee563e5fefc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
eb8aefd1468baa89a801232964fa4bfd

SHA1
b524e7de325b88c0c4268cf524bf3444e41ca109

SHA256
be0cf4d87e79075de22d65a12f8c6b053513a229a6cbc13be87f9fb00fbe2fcb

SHA512
14be94cdc9bc6561589273fbfc4f01dfed4265bfe32855b173ee6034315275b5492445c8ab1768d2df1b61e982ed65186495700a4e5b18d9c63070c07f7e25b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3cefc2616c677f226992d26beecc38a4

SHA1
06865f28c9967affd7acf0c99b2695bc48ba06ed

SHA256
50ea55171f02cc3d269eca0eefbf25b0717ce2282f1a3ad8e492c2e9ed46c58c

SHA512
1e394ff6781198a39cb8bf4b7d55a436acc9434dc18bda3d6d8cd8c6024f2898a4e780a260092a632f31348eb7da56d4f6b4a14b5e88a1aa6b7c1baef2a4a279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84e638546ddfaf9bf72595be269ae078

SHA1
bfcee670696b4e6e9cd87ee10827415cd981ac62

SHA256
2ab50b53ea75459c1fb8dd47083f14b847c5b600dd96729e84371f93289fa626

SHA512
bf429d95f3b57e1aa0c7e7b1251cacb14ff2010f0acf5a7fd236a9e0b6e46d381cec48368124f13545b81a1e1bcd87e6c672607fc64b93881af7d545f8d7daec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bdac42638ee17569c9e8d0e4749e4266

SHA1
7fcd81ea5af3b5067649730c3bb6121e4180687d

SHA256
74d1d83d06b1c44bee566456d3684b496be226c16f7d7750228e76a37de9d554

SHA512
1b16e1056541d43d6a7c8849e2ec4c80fee419f11b6990df262b176458e3936ca728942851548f40a0da59eb1403c2406be110bd49bd93a642d3c370375c9674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e7ba7cc426bf59aef4be2eb86161ab6e

SHA1
d68cbe1766a79871457f32024a4969ca23844541

SHA256
a86e19e1279eeba6d9dca09e7ca9db92ede489e8acb67d43c986cf80adacc0ad

SHA512
cd44f83a2a6f483be4db1bc7739147f045c03a2209fb5e5c08dbfa4ef9512abf8878ea3d5171ca743d71f2fe741c3e3ef91f582b5a77d7619c2a545001e197d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3fce5636fde70e7137cd3f2d6be98ee

SHA1
e7d34b2511a0f331ede939e3957d97b00bde662a

SHA256
5b5134a3f7f39af5267d7853d11ea6a58186b99af2df06a4902a29dad522c869

SHA512
0be2d6daec45376c72a463e70c594072b7120e988033f5b9fab67e8e6186cd45f06eb1f1b0090a0feaf972f57805e25cd1754229a4df523c094ac7c71f2bbaca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b8abe9b2d273da395ec7c5c0f376f32

SHA1
d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec

SHA256
3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99

SHA512
3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
865B

MD5
bb7ae1b275a6934ece89f0941a0dab9a

SHA1
1bfb10333aafd8309d739bbf7765b198be457f72

SHA256
1d3d8c12cba66494cdb9759a2d05529aba4107711a4de98631240abdcd687ea4

SHA512
c0f71fe838881db4a931dbd66ba2b79d6861710e8ca26b926f41b0ce2cd86435473218879cc74b213cefeb5d1d621c39eed2ec3e8bc8c0f6651982c184737055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586f4f.TMP

Filesize
697B

MD5
133e9bf69f07bff9a38ccd48ae232a87

SHA1
9954871b059e78b2f21e17ce797a3ff2426a23c6

SHA256
a961dab85d3e66be48c428df44444496e909b609e245bee27889c6723c0bcfd1

SHA512
4a1ded6786d0ac8bc08ee33d28240b745fa5a1135bfa1d224d2fe78eca40545dbb7a2d06c6bc993993bb6e0c26ccb573c41899b29a421ffad4157f2f67f87d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5c01fcf7a68150d5e0d73f0c70c522ba

SHA1
234f0352659ec496b75f68fa9de59723bff207af

SHA256
f1e09ffc56fa542a58ad96bd9de7bea8674329b343224dc4ab5f4ad446ae39a2

SHA512
e3e8b83f91b253a3b27981cdf0efdaff67d95eb149c760a6e85dbada6f243d30ac6b6fa1ec1c6de98d10634d990cb1c18436ee0010affdd28bdd65a72942de54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fb6c77fffd82efb6dc790dd7d10e6657

SHA1
108a36950a793d1637b944b468b2d24351f9dfb5

SHA256
0ad6bdfa23598e76b87631eca8a94ed0147570e9e91c30c8356b7dcb1a234a1a

SHA512
51a7a64962b065104fe51af1a315bf2f3a12753a624cad3e6479d91556b4246761e065ab2aa33ff8e4b84b4d8f042b326a05a70f83a75d3029b128616543c1ea

Download Submit