hxxp://expocitydubai[.]ae

Analysis

max time kernel
146s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://expocitydubai.ae

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
4764	msedge.exe
4764	msedge.exe
4640	identity_helper.exe
4640	identity_helper.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 1640	4764	msedge.exe	55
PID 4764 wrote to memory of 1640	4764	msedge.exe	55
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 2532	4764	msedge.exe	85
PID 4764 wrote to memory of 1804	4764	msedge.exe	84
PID 4764 wrote to memory of 1804	4764	msedge.exe	84
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86
PID 4764 wrote to memory of 3308	4764	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://expocitydubai.ae
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffb9cbb46f8,0x7ffb9cbb4708,0x7ffb9cbb4718
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6500 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,1691896540417398306,12947931303990032733,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
1024KB

MD5
6b92baae84592514ae6daceafadbf409

SHA1
dd348888f4d125c879504d6140d5c9a5aa85311b

SHA256
49c4b0894d33728a63017332fd8037e68ead0b95dbac1c0082a2d3e5d36b254e

SHA512
b6298ed8efaf9ae2f4654e444d30a446ee7e6ef9488c7def5c66cfc016a1e2b6538296cf357e1c4d0ccefa167fadb916c38ba809a92e138ac2450028117f65ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
1024KB

MD5
c25847a63627e41f889c3f682cbcb15b

SHA1
9b9377a7a5d318982b1e991df2a71fe356b8d82f

SHA256
0657b5ee37ef3db1f529740707b6db064e1c75dfde10d6f1dffd3d1b86476401

SHA512
36817de4b770c80707610b8e3f234c3fa0b4bbb7fe77a81add46da3feb9faf7c5fdd48923a784e26ab3fda406014f5a6e89460547b3a1aa8ffe4eb519c406ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1b2aa873926175ddd6c33665d015e1cd

SHA1
82e04e89e30f4707ad5efe92242f8c58cd672bdd

SHA256
f53c28d487826be8e27a611655b7413190c589d3f21a9d170873093810d08a2b

SHA512
e1006a9e12df342c6046a6dc1d30d96ddcd1fcbda2d9413be23a29be2e9d571810b93242147b7d289e57a9b390f9fad61797ddac4472ff270799654e688ba291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2258b397fd469d0a16cfffc24b7011f3

SHA1
e5f52aab4121ec22c53c75f4bf752bbbea3ca46f

SHA256
04d91dc98b588b1f5cdd0aa7dc6c173193c222e1beacbdf45effeef35b0e8269

SHA512
a6d33501df7175273d5dacd52667da34d130e430ea22446cdd977b562eb1f8087fe6e42918caaeb6b11e6d907b10ac1f5a54002895a60c7da83a5c5324ada3a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dcea99ff694e3df81d791e855ab6e124

SHA1
39f6b4f82d04f45bd9eafdd55d539eb757a11bcf

SHA256
db46809c7fc57d1ec68d962e4049cb9a0742083c61d0299c00383199be3c448d

SHA512
6c4232039f23e4404cfbd16dd7ffa50ac0221807c50448fa83d099b59ae95abe1cae95f2901aeb891bb0e32bac5ac30b0a6fb3681191a2797c4c0b96c9265d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dbe857b92389f393db577656416973c3

SHA1
2a6b9c8feaf5a9738d012e13c542fcd370bdb9b3

SHA256
d0997f8780854bb8d7546e0e617828208425a4c56717308308f07dfb4a16c83b

SHA512
257be4a90dd6c7127e3fc7d919d3a3771d0e2e186c6023dd14ba2cec3a8b010e4442dd000379b949d6782c3b59719ef3f9f1696fe43ae3e416ec5484c39b349b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bbbbb39c0ab969e07111e2b8d5863a0c

SHA1
9415cc5e92650116cbcf51bf274877a7c60af02e

SHA256
614662fdb95130ecd8aadf591a1cd6d5aa6f1b50570bd4de6918a72ccdc61a0e

SHA512
00790876dfdee529bfdbdcb45c33a56576888fb90111c62979c835e2d0f4999f7eaaa9369559354b90995bf919c7317c9b71cf1c46cf5d54af46490df8344863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
47892464bd9f3d4a0f4ca54223da383a

SHA1
0884e583ee383a35e92a2f49b0501d9daada6500

SHA256
12d49a074e52b315bf5c0f87c460c0694c812c6673c81ea5f66d638e890f1d47

SHA512
4d434bff28e8b7e584bb7a7da6e86f0fe32d20760c81c0ad4046837f0bb6867062bec12dc0cbe1ab70d337c9eaab0c4e512f5015dbedf9ed3ed8955a953df6e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a2bccc237c7fed83bfa4a62af2d26517

SHA1
9ab2543796b252eea06ce81fbafed3deb4888042

SHA256
2e13bdf1260c369d85219523a7fac535bfc11591f8bc40d9dca2e465e73135a4

SHA512
72d64be2c5fd11b5b1129c31eecaf0d30804cfddbe961e13caa3601200e02fbaadcabeb87460cbaf5b215ce09508e9d563b22a26c0fd3e2b1ff88ea4b34a5f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f1881400134252667af6731236741098

SHA1
6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458

SHA256
d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75

SHA512
18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
289b3e72b5153da85233f2e9b0caef6a

SHA1
47b7a4d2769dca533ed9f4d69911c290e3eca67f

SHA256
2dd30d4ffb2037978b2a6ad056e9e1e63095ee7de9e090999a55ad59d98d82f6

SHA512
a434b0840e3a6b0ebc5798f306e639d4851b879221132a3df6fcf9d40358cf4ab48c596d5d783cf038c558b38897f75c33197400baf8db6ebbe11dd9fce47626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589016.TMP

Filesize
1KB

MD5
d628f59d2c1712b7da0f6e90027c976e

SHA1
e09be0433ffd6456a5ed00a6b936b4bccd167844

SHA256
13fcf6eca41f585ad05bd0b45f65a277f17701537f53545caf1751e6c865f212

SHA512
ef7aad6c826d319ece66fa8b387507d9d715fdf7a5b670b4fb753100e473502113f47e9177cbbb93da4f94b12a4cdfc3597796d9b9b35a1a9782a30bde938046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
22082971f322c4dd4aaddda0cbe8d5e5

SHA1
28f96f084ade8f8365afba2b3b5d71ac5e08b5db

SHA256
f53438cad164fe552602346cd295c646031907c45d8b7fc95551cde1a3d4e9cc

SHA512
e9e8249f957227561e050c89bffde86cb3d057f832ff75ad9f9a010776b4cff113423d09b1f3179b00419b97049ae26978d67a75803e3a0057eb018323cedda3

Download Submit