hxxp://b1[.]download[.]windowsupdate[.]com/mscomtest/cedtest/r20[.]gif

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2023, 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://b1.download.windowsupdate.com/mscomtest/cedtest/r20.gif

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
380	msedge.exe
380	msedge.exe
4508	identity_helper.exe
4508	identity_helper.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 380 wrote to memory of 4384	380	msedge.exe	50
PID 380 wrote to memory of 4384	380	msedge.exe	50
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2172	380	msedge.exe	87
PID 380 wrote to memory of 2828	380	msedge.exe	88
PID 380 wrote to memory of 2828	380	msedge.exe	88
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89
PID 380 wrote to memory of 3092	380	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://b1.download.windowsupdate.com/mscomtest/cedtest/r20.gif
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d89046f8,0x7ff9d8904708,0x7ff9d8904718
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2420 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,17600765413662436413,16777970345124924730,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
56bcc6ef8a9cc03fc9f115c902cd1236

SHA1
47a78444901e7c241422d3af3c75e63f7c8b0d7f

SHA256
d9a9fca9a3eb44bc491a54da464382157bffece07d7e20bbbaa3e44de56065e3

SHA512
6cd7b8b64b97ae6c9a81af742d5647b40fb5c39078c547ae1b13f89b7b83232c50b3deef2a091cad0da1990ef64a88ede66c39e3014fd121ce55feb55a71987b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
227e7a72f846b011cb2b50dc06492c0c

SHA1
baf7599ea77adafdbf2a863c6807c7d7c136b816

SHA256
d0be2d9dba81b6e2e2da2b7e930a5d568d0c6986fe3bb8d1ff54ac8c9a18c0cc

SHA512
6672338f1723857a7eec17d9631e687cabc3af89084bc4353f670ace1cd48519091cbc3208951f453e258b92b5f8e0e3464436bf4272c14de8f8e3f3a7bd41bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c2665d93ced5a19b23cda7da8f64cbb1

SHA1
c4a3fb9a734da2152cf2dbb6dc61e27cba1abc89

SHA256
71eeebf5227f26553473e5d27ee4609c934d44402c0fd866ca3b2ae44fd7636d

SHA512
5d5779ed7da48660772ab39dd612e402252752d18a2e25546612003f4ba35629429de3a5b159b0c2049ff10711cde442a8f5830c233f871fa55dadfdca4327d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ff036afcb96fe69f7e863e76a4e5101

SHA1
0943469bc5857bd6c840ffb9f853dad6f81b3d46

SHA256
7d657b83e7e720673f1db1c5bef78ab8ea4ce860aaa08f538fdc3096ccc4fe25

SHA512
3d90e41cf947e61dff13e551be2d7d2e3299dc73769a59e1295d278a12b6d7effadf339a22c70371ca3d28df7645b405089810fa7edf053e3fa6587814fff5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a2256e0124066239e38e79e537d98f61

SHA1
06336edbbe7ec089c6c6d8a89cb0e746cd56fb84

SHA256
6811fd28a760e43878e9513a390c02ba83f8863c495428776fd547e55e4b4bc3

SHA512
2a7e6b4441dcf97a8431bce4b62794a2abddc9fb823c0f0fce3eb24c705f0ae218f7e5f9ca0d9d24adef3440532e34ee2b355ea78f0461b960dc73bf7e0277c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc48a843d1b4f0aff9938d41169485e3

SHA1
ea132ae8b97527965a1ddc195b1b7959ac1b7a21

SHA256
468d3942485ec8a75b0aeac87ec5de7e14c037578958d04a23e89b493b48a07b

SHA512
b6369206856f6b6b69019ea1ba2171a90355a1b5f9deff8a03577a8d45f3a88287eddda1f29756f09c0cff59d0767b8ead4ea9c3c5675e6928158862562a6efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
932a9474722cf90341ff3eca60975a9f

SHA1
fde3a6c4305fddc61e6ee983248b46262d69b5a9

SHA256
efabd57c88407bb6c9ec8c4273c48877ec2c79914d5b1c7b58b28ab8945e387e

SHA512
738142958dd15f08760eeb0a43865758a588f3c257058130fab682209d7599d6482cc8758906ca1fdbac3449520c6fb3d4bbb757bfff47347cee53caebff24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0bb9097358fdf40f1c99314c6de1ddc

SHA1
4df181513504bacc5fb0472d63dbfd73267eb2c3

SHA256
3a32bc323d1347b6c0b95e4673578ddc63e3ebbea681c735a8b8f82384f41fad

SHA512
e05ad6df822582d59116db91fb5f99a8de9841cdf05b8df14ffe4b265e43c7080a5b154baeaef1e5d1cbf712d65286ce850aef36248b2e7635b51d5b90d6db14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
baa4794aaf322fe4ebd8c8136b8f1b58

SHA1
ac09012be3b5c069c7f12d961c994a0d596b8fb8

SHA256
6d7d88f6d0797a0b42a473625af27056b01d226756a753f90f12f843d0b116f6

SHA512
9acb2e2166842c47eae75349f68aef1b567d39e8d07b9270371bc10694edcc77e5de824276dc130e2d8afab41df03d69f1ffd3ffa0ecfabc297e7ae17174f492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590891.TMP

Filesize
538B

MD5
01bbf55cb2d56a8bce05a12df74fd9b1

SHA1
876789f6c21d3b99b7a4c09250fc5b5abc0e24ea

SHA256
1cf3bc63ad664d0c7a3b65e1e83644b19c0ba92925a24924ce7675832d6765a6

SHA512
f278c90158e4be7f0bd23769e449d1c502bd3b48d2e1fd27a153b7ba0d2b37945d967f50752711164f8c651bedb2ff9d4f2ffd606c3eb525d2fb61e565c68277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
23f046ce6e20b25881f3338c2cd59c05

SHA1
0875ecb12a5ea1211603cbdbdcacb05f8876b490

SHA256
a17443236b2e82838fd4c509a22a629b5b5368e2e21d77cc68674cd4dc21a0a4

SHA512
5ba9ef4f96daf53f013888c71d56e1b2e400c49732cbda48919551d25dc290f9e0ffd6ded2cdea5eeabc955698d962301a62d430bb6c941f7eae292b709913bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5d1a3957c370748aaa2183c613a21692

SHA1
17dd3fb7be4814524a8a507439ae891a6fa354d2

SHA256
7ed51f200a3830fc12e3564d35b637863d363531e85cee1c2fa964cd5128c1ec

SHA512
70a856e4426d5f295070a21055a36525985fc4508829320bff3ab31899b7a2087d8f302bfa1db09406f9d9ca647f25d18b8f6187095ef4523a4d898f1e0a6db5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4a96c55b53ddb8d73eb46e9ec1c04e06

SHA1
5e4eaaf9bbaf0701e3134baafedf4f830e70f0c2

SHA256
0a7eefca55f0514b90f41ce7eabc81de4d93761ae4810119579e79ed287ad478

SHA512
1858935ab7a78e5bc5509a51bfccd1142efe51616831d5ad4ae96c29853f57537a88b82b240ed1e787438caa625a8e2761c185766263ce92d68ab5b7be3ed954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7b7223a46672340a901306f18c7f360d

SHA1
7f660b83b7a8269981cbcd1cdd379592009f583a

SHA256
7fb4cba194c90ed1fff24e85b9ee94ef7866f58fefa0bfc073e474ac4e93f3d7

SHA512
f6bd5812fd199fb7cb7e30ee83e828844b78c06813c3d796f34523fa12d99a41a33f3c3597a1698e96388535795e24b31ebb69e2b1c5371e9979ccc51d6bc853

Download Submit