hxxps://warriorplus[.]com/o2/a/llz96y/0

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2023 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://warriorplus.com/o2/a/llz96y/0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1644	msedge.exe
1644	msedge.exe
3112	msedge.exe
3112	msedge.exe
3740	identity_helper.exe
3740	identity_helper.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2480	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2480	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 2548	3112	msedge.exe	88
PID 3112 wrote to memory of 2548	3112	msedge.exe	88
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 2716	3112	msedge.exe	92
PID 3112 wrote to memory of 1644	3112	msedge.exe	90
PID 3112 wrote to memory of 1644	3112	msedge.exe	90
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91
PID 3112 wrote to memory of 1124	3112	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://warriorplus.com/o2/a/llz96y/0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9433446f8,0x7ff943344708,0x7ff943344718
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:8
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7565378225503443740,7281256229410873998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5644 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x468
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
70KB

MD5
cbee484a8505e9c927260f617508dc00

SHA1
53a8f405ae005bcf8214e22854f86dd4aa22edf6

SHA256
ad6e161bf61d6f57c594b4812c5be0204bfe117a38a80f0175e79d7229a88a05

SHA512
3c1d9a1ef920b46224becbc892f994bec43577f6bbf608cd778751783f8ff1490205c507babd56504d4ab2e51a1fa3d0419a73eb29d0e97861f327b323dc22a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

Filesize
70KB

MD5
cbdb4f38dd780660b34789d50df99b83

SHA1
289e3e66f9ffe8ce1c6869f1648623523e795493

SHA256
45d6203fa7a824492523eede56425ef6b2edf6ffa349110c95c2403d7de303cb

SHA512
e35b43970685706da15d2dcf35a983a9e9f716670d0066ea6dd7a169eea04f78d6ea05e1996cac56f9ae9a89910fb5d67bb2e799aaf3d77dce769d9e7196f72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000112

Filesize
34KB

MD5
dd8be92997b3e068d3604a132831af71

SHA1
37b737af254aaf8a55ccef4af8a06876840739f8

SHA256
51e5b85911523ed9ee4b7f89891ed3cf81c018e834379c9c7d54c87fb15445b6

SHA512
d3bc2ef4eff5d20d4b4189aee69e6cd90bf5cfec5c3ff7db92eb6adcddb79fed8ff59128d6ef0fdd7e37b96560f8435ec5203a18fcae5257bfd73a9653bc73ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000123

Filesize
34KB

MD5
b9b73b3d69b3dd43b06d878c92fcd69c

SHA1
31c7a3cfd3b2745bd2b837250d7ff5af43ec34f6

SHA256
44cae235aad8783ce4990e6422849ce4a7e7aa6d141bdefc0943f3584d7a0b1c

SHA512
2903d6b62b28f1007a737a4768789763f0f070ac9ba5945edbdd6942530952af2fc25b017c8a4669dc775fec66cdb2d864e20b72ef7f33da00e16c127dcab08e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bf78e13c004ac7f435948aa307482d5f

SHA1
2435a737b2e735d178e22b3196829f45faa29c34

SHA256
318466114d8b5c998891ee0b94f5bb0aaa7e4fde0c9c5b9278e81dab53bd9e3a

SHA512
8bdae113232304219064e106c6892a324810be7757aa43cd9e0188753c1a9eef4962a1056652654358d5da36fea76f7cc568c5b8b39d76e6fbc96b9e733caff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3bbeaa38311d3970c31ea1399b121208

SHA1
d4b639b80e47e2356003c6465360b33aa571a7ae

SHA256
6d726218b915c0ca207c9644abd1d320d6b5a282c7dba3437d564b72fd3645c9

SHA512
d6dea8c172ed83602bc9fe74729aff0d56f1cf5f39f8b1e8869b5239cf6726cb5cc08d6c58b9313c861c10e84e051b999f49e6343614f03fc7edc6b981ae8a67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2b308dfe4892ce46a2cf535031184629

SHA1
7eee79ac3eb65361a78502b6615b9e7a7b38e473

SHA256
be8a590ed4dcf53dd3d686ffe2794139c4b94fa5b1963ee15dd179a955ecf70e

SHA512
c8b10b7355d011701ba51f32fbb7afd2730e3b67a292bc393d0fb75c4798b7815c3e61650a19b2d5e34b92825969549c8c0852b97925a61d1f0e0a84942eb6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
524b457cb7f0f38c2f083e8bcf235cda

SHA1
9c4492c41a73b6ca5e448528e0be8b617a281a73

SHA256
e008727cd1b0833ebe1e05ebeffa159f4ec777caaf75d68475e0503a280c3e7f

SHA512
252afdd07681922bd92091d08ed9d298f0b9cf8f3e63d214aa8d7153b699089eb346f30c9eeb55d2b35f71f49bee2208a3928b013ecb60b1fab73b66caa3e688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
12a6e9c6fbefaf2c1630576b69a621e7

SHA1
292e7ab5d908c3e4f694ae6544dfc0c00c67237a

SHA256
29fc3d539b9ad749169ede19a0d212e3856d6ffc0d7131e3b5c2edb137cf426e

SHA512
a5de6786d4274cc29e404ba6a969d673a7641d71e3e0268cc56f492902007d3d09e14236094cd7d1a9167804258149620abb63426387abee4563de123439e265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3b3886dd330747f385119f07b8c9a156

SHA1
70a8a90fd3c14c4458cc20b7ef0c18187d7e05fc

SHA256
ad5405ac7c11e04639a3cbb4a0b96080a956f8085a179bdeaa6ce2ec63a64397

SHA512
547f0d7b285c0fe46f3df0810f8e4bfe9c5ac078fb166c2f5ae9e7a7295d916189f98349e4349cebb4a8b160eae75027c16fd85ac2fd9febec6c0b03462c3402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fd20981c7184673929dfcab50885629b

SHA1
14c2437aad662b119689008273844bac535f946c

SHA256
28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

SHA512
b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b28e9083864e987abe9f18a28e72c736

SHA1
796993bada6a1d293abf3ca7537ebff1667a5a55

SHA256
38734d267f12190bae0999414455e3d513298c2c25380234232f02016462fa7e

SHA512
54d53d4281b23fd2ddcf94c48745b70b5054659ee9e3260e634297fcdc5e49db07496467b910045b15396b765edea6902193cbf4d74ac889308d55c2afc89b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
19f077f5a0e8257d7c816d66e205a5de

SHA1
0be4b4bf0429362e3be3f83ebe26ee840422fea4

SHA256
cad0dbcc9059206a8f0eb4541a253530d98d867de7d77df61e271c1372de12e5

SHA512
fcd4ab379650ac1fe211599434b518a61f96e0b5a01e322de63eab2bf415abadd83373b420a30d8e0127607d1c3deaaf91e879b486662894ad210a3982a25dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c96a.TMP

Filesize
2KB

MD5
ac7b962572ea91034e8fcecdd75a970e

SHA1
cb9b97f21be7fea511d309b6cd755292d7eaf649

SHA256
c1b1f6f1d3c7adc2475bb5713631e99c1a2ba340bdee39cdef41f57ba7856bf2

SHA512
2970a77d42906ed232df2d99cd41e8580a33c3c80a2a5b59b4dd88c2fb6698f5bb17c65199b2f3eb795dd6aaae1b7d726b394bf050a385f51b32efc781fc7930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
173a2b7fb4ccdd425caaa659527c7a5b

SHA1
60b71ef9b3a2b56a62fa5263e090906f3d16515c

SHA256
fb0f46be0978859d14b11e43d93d0d957f7f453e664b3b69317f152a7fa3ec2e

SHA512
66c8e2e93693aade4b88e9dc907f5c9837eb7c373593476fac47b0b8fe3607f9f8ca02736e1975cb82cf095181d02f93c3efce0785a6c99f77984e81529d821a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d7cb59cf2f6e99b101fffa8a9f6b615c

SHA1
bc4f58e47df2a0e03f233c969c0636803aaf79d7

SHA256
00a9eb6e682bd689c181ad825c2944cb6d2cca2eb936e8e22000acb77b3ae9bb

SHA512
e867c684dc5c986f60c48846edc093186a214c5ea3db3eea025b3ca6a049959e7dec6e06021996d8086ab9db27eeb5e6616bc260894936f20a19c09797db3021

Download Submit