hxxp://my[.]rtmark[.]net

Analysis

max time kernel
300s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
13-11-2023 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://my.rtmark.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
4652	msedge.exe
4652	msedge.exe
2960	identity_helper.exe
2960	identity_helper.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 4976	4652	msedge.exe	25
PID 4652 wrote to memory of 4976	4652	msedge.exe	25
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 1432	4652	msedge.exe	87
PID 4652 wrote to memory of 4080	4652	msedge.exe	88
PID 4652 wrote to memory of 4080	4652	msedge.exe	88
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89
PID 4652 wrote to memory of 2612	4652	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://my.rtmark.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcacd946f8,0x7ffcacd94708,0x7ffcacd94718
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5288 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7162837297930853479,723231051509430416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\44910165-8e4b-4274-8155-4d6a0fe5c15d.tmp

Filesize
6KB

MD5
3ec5f4cf903e6444523400fcc5f8270d

SHA1
e98169f2aa7335855b3b89d3416edc998171464e

SHA256
e4a9b5ceb7dec31e762161f7c48a27ed2259393ddd9ef156e8db9d047ce008de

SHA512
1260c3a5dce206ea11ab6082a45b1f053b9f0874e3a29e8fa3cb39d7623129d913fffe20717e11946a2b37d50fff64fb6ce87d237064e10e082c56ffacab5479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
41a2963ea54ce1904b1418d8ab2092cd

SHA1
3a561b9d14ab4754a5e840697611b197ea012034

SHA256
914681cf7b2755831dc88fee0a9761e5adbb405c3e65158a9e20cf06292cefeb

SHA512
3e5240d4753602af3240645a91db30118fbab61121096e00f2afaca4b4521cd2ada542120c846b2aaa33fccfdf7ba3d85979b3833382147e5b09389ad9570157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
181B

MD5
30f245817a32398e1aa30c422a6b1664

SHA1
db76f596c151a775be1a93ad3e761f6c8a5354a2

SHA256
0e291c3e167a87963bf5d68923cd46f89948773958da17a1060defd4855d1e3a

SHA512
d895008655081733ee5af40844164bb70863d34c4a38cafedc8d6a5f68b4a16c6968c13e088675c6e857d6600b38025b32d86686064e51b0c31ce6aec60f096f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
731B

MD5
b70e439c44699a5a11d68e6be7a55b3f

SHA1
e3ec38951b5f8db89ca25c4499c037f3c620ddfc

SHA256
7f7e543a3b1fdb5a52f03e3d0d7f87e0a474d4cd558620358ff712e9f14f6e05

SHA512
820cee00c13308774f4f5d20c1636b80ceef930a192ff7f9d33a9c1415b0f917bbe3ca1bd4e9a9f4ba8b5b3c945c831e28e01099e64be6d90210b2ad212163c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f5bcda7ea4fd2418195e94329d960ad

SHA1
1dd7600537fef8bdd75234cae37e722227db5220

SHA256
b09145ffbf047b0ed8632faff6586eec6f749abfd20168a5486963b5b35ffda5

SHA512
e859ac511d8543c22f35307e2e6d4cbfee1476c380c2c36379d526c07210ed64b8940e62c48c16aaeada1dee073d913b7ab654efb89c233a4e899e58df26a7b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9339a3a78845385fb626a4c1d46ef729

SHA1
e2c5a6a00274d623a8bb70bf7467151c6b8f9244

SHA256
0daa2b24488580003a0784d486422739087ebca0201bd35096c569c0e3c5a0f5

SHA512
209959fe73e7843a03f65b09dadd84d75ed653a576e907d363e4196c6c9a5dc4b53118fbcf1df8bf2e82bf10832b6881509817db905b6331be5abe7ad6a3d23b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a82bde0b5636ea85befa06a42913091

SHA1
56f75a5e2eb912b50fadc910f30ab339c2c0b6c7

SHA256
2645a8001bb22222cb835e6aaad2873f107afcc4bf56f8448dba9cc8a3b50bf3

SHA512
539ea1f0480ae53b60cb012b7a6a40d4fc55e9f5707ef076edd24d9a532d905b8c22938d73280f0faf149c8162979ae556855dc3bfd179975aadb9a9f86d3057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
5bc7e32ca6ab684575343be23def9054

SHA1
e94a59cafc3719ec4afb7c02b996d0d8d431dc74

SHA256
303dcaa58a6900c7d9f10c83d8f22780132a1a910d7159694dd6118a3ccfb55c

SHA512
c908e8c81e35b34df5bfd3dfd9b02400da3cd75df9d816b4ea1e38dc48a20046ef2042e29b211e6c5db632d5524fa53ae12d5094ace445888d5c7d7401a562f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5952c9.TMP

Filesize
204B

MD5
229c45ec5140105cf218e54749b11bb7

SHA1
98923880cd81057d34d7d8871ad156679f7c5d64

SHA256
6ed6c4b7c3684d788bd806f94c46a471df72131a172a15b8bf33f45a1c8d2580

SHA512
57e9244637f083ca008542c2889d12190f6a798787eb0f97bc06aaa46dee41b05c9856b6c8ff28e0b9e8daec1e979c658d48a6a258a74b238f70ee8ee22f7192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
95849f07a98fde1dec9276db412d7cb4

SHA1
df5fce83312a911737e8ac5c9a6d1c6244296c1f

SHA256
ba357c7b95ee1851bed687fb19fc4639ac4e7a4c0180aeb30ffd2a4033993564

SHA512
ceb78e7fd10cff3f492fd22f7e5a3743a3728e6394b96e566593c02d9f46028fece1ebb0800ef894138707f47370c9ea63616a470cd6f82623a7c26c7853fd9e

Download Submit