hxxps://blackfridaynitro[.]club/

Analysis

max time kernel
103s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2023 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://blackfridaynitro.club/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4756 msedge.exe
4756 msedge.exe
4616 msedge.exe
4616 msedge.exe
2036 identity_helper.exe
2036 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4616 msedge.exe
4616 msedge.exe
4616 msedge.exe
4616 msedge.exe
4616 msedge.exe
4616 msedge.exe
4616 msedge.exe

pid	process
4756	msedge.exe
4756	msedge.exe
4616	msedge.exe
4616	msedge.exe
2036	identity_helper.exe
2036	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4616 wrote to memory of 32	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 32	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4072	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4756	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 4756	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe
PID 4616 wrote to memory of 2264	4616	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://blackfridaynitro.club/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd634b46f8,0x7ffd634b4708,0x7ffd634b4718
2⤵
PID:32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
2⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
2⤵
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:4112

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
2⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
2⤵
PID:1276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
2⤵
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
2⤵
PID:1528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5236 /prefetch:8
2⤵
PID:3808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5340 /prefetch:8
2⤵
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
2⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2248,16978859949613695139,18323099134773313776,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6216 /prefetch:8
2⤵
PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:376

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
84df16093540d8d88a327b849dd35f8c

SHA1
c6207d32a8e44863142213697984de5e238ce644

SHA256
220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c

SHA512
3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
43KB

MD5
db2a509594a5a1893b68ab6751b4821b

SHA1
de248758ad71bb86150de155daa2fae0ef82186b

SHA256
7205ea02f7af5c57824a95597af310a9a7f1cddb053abb3b4b82af8f09fb6f51

SHA512
37a82855bfdcd0f93c097883437c22362b8cd79530885f981c6e03fd6f2f80a8177a979a005feec10b61aa2b84b49faf0a05e548d472655eb50ff4df5b159e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
55KB

MD5
e0c1b05929193d8c165e95b0c385aee6

SHA1
1b67dc31c07c45312d23a03c609240dbac9263a0

SHA256
b9966b736b1a90598dac1dd7e19576d1320fa4afb5e5afdb004435a555c764ff

SHA512
e504b892349122877d82fb2e34ccf338aae08de0502ea641baf08d926aac8d6fa6d8d210d3d2225dc0779957e5cbd46b3d18ae51587ddbf35c9f2801eb50ddec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
72a1b22165eef3e40d8451049d7f0197

SHA1
315aa027242265412b9ee5ccde31c767f38ebddb

SHA256
bb6cfddd058027b1619fbb8f0f4035529004031edafc39fc3159ce64f47438dc

SHA512
d7d58fa99c9b0654cd8246af18789c709d0ae1d856f9510fda9dde8d0ec4f28257dbd982fbcbf67157e3a77ef65a3569d0db0f0c40bacc9ed44debb0a39326c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
161f9c9d46aea9c6bad0673eaed08585

SHA1
be76015c7864c3ddd6fb4e3f428078b0b7671f99

SHA256
4dcde628a7b72c8508b97bc99c3669deaf3365b83863f6b7c7adb0ac215cfc87

SHA512
780ba01e365c1a5650df2659b9b26ee997f6d2b0e601fd3ff38ce1868a14e993b3f2bdd340e4209a961a7ae670d5b42eac593ccdbf867c8ce44de89cde1975d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
913B

MD5
ab371df080e6898d24c8a33d5871fc46

SHA1
6710d42bfc4fdb854594178a1c3c429bab2a7f9f

SHA256
1ed1501d150739af5290a7c66523d8a91048a666a8cb5011546c904babe80e0f

SHA512
75e71fe88ec392a34e7c3b6c378a1617d4e5736afaf6fd79a982ac452db272ba4b5f34b6fd370987329b0bb7160b6ae9134174f9ceb342911d7c4925d3837e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b390543a15800aed4deeb021f9006cdb

SHA1
dbb8d3dae4d0c25c6b8ec4015658ee30002156fb

SHA256
5ee269e0c5a0ea9f0f8d57bee4eb9041116403a514a927a8ed578e6d50bf18b9

SHA512
cca3e7ad7017cc2aac6effdd373d9df305bb176f7eb7f792a3546bc9afcc9aad9cddee793bf956007625c97904ddb08cabc7e76870f08fc06e2c34feffc327a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
32da5e365018775b8b5ee50bddd17f4d

SHA1
842df43a23b759b1968975fa515eed6f5fa13878

SHA256
5f46f804cd5a3d949751037696cef952bdfa71af89f3480f09679c872f2a5721

SHA512
a612ee519343666aebd466d7e69fa6fdd6b77d3f330cfa6eae07fb67f259de59cf30b0991b5558032a633cbfc60c5641c399bbc55c5523d5b4d729fd2ae3642e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2065c6e289e5aa81276b441d0358838c

SHA1
d2156e8179e16f8f7a174b60c1721cf8b8358e8f

SHA256
81250a7505fd53b329394152ab266c29df18297275820b4d0394df83eb032ff1

SHA512
c67fbaed826dc59522a3382d43a42065b927d9adac5a5bcbded6ec29a1a417464db658504ffe490aea2da241237882214b2eaab666f80514f7b3a5eef461e8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
3f3c9c78c890bc5d5c852d68e5a22103

SHA1
a308a19385bc66e8eee19553620d5c4cf7befb17

SHA256
f5fba01a834917432e47faf6a34a1bdb7330fdec0b95201cf09222e8f54c73d0

SHA512
32f3c5fce1f68a1f5c74f66a3cea4c65c4a631952027d347cb1d5cb929afd0455b50b14fa9c8a7c566eebd71f472b4c814c4946865d00daf1473a1ebfbc42538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
df465e428b2933714deda1688052ca62

SHA1
b58eac54c2aca64f42ba899e7b71ab3567fa226b

SHA256
1e815445895f81785e6b425f86b551c48f740f6dcf0ea48c937e8d5bc08deeb1

SHA512
fca5d381e5b413c11e9090875a6e66ac95ebc23a06065b656f15ad59767fc6cd6d2cb736d593a1e4b66b4f358945e89c1d37838f1ab1e0116d0bfc5578205460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7c7d297af3e3174ef74e547cc113c6f0

SHA1
ab44f702b6cf027f0579fcbe90a13bc06d67f7b9

SHA256
db9019b5a46701080c80091a7d96cb04452ebfb7b54649cfd39c65fc3ecc94af

SHA512
ed5133d6906e5cd946d9a6dab6d450d304f51d2e76757efc773fd147b6fbb7efdc980043f9d4c94e15f3bd026b8cf453a84fbbed1de45f935edc598101a3ffeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
918ecd7940dcab6b9f4b8bdd4d3772b2

SHA1
7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4

SHA256
3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175

SHA512
c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
ca09b4c26ecb144db8dc7cec5a4c99e8

SHA1
753f4ea077b409e1bdf452d7ab51063c9f8eaf70

SHA256
7b6249baf4eb6bdb69c741b84f55440c7911e07073f9c2f89f22bfe826c08c7c

SHA512
a0e927133264a6c3c5a05a8bf8f6f58c2d2c3a86e51a047a6e116ff4cf886258e176d7b497004dc957c781e00c1121b2218344c489da77fc8d962c7ed778f2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587be2.TMP
Filesize
370B

MD5
d068ea947efa67efd66976680fc97afc

SHA1
af6316b8c1bb78731cbfad73d075abe9f409ee2a

SHA256
f89b814d76e64f120b9d3aca2c4889fe02bd6be0101399ab46330ef34a288743

SHA512
7485c5781b5e010daeefebfc59265682d13151db855b5fb60aa6272cd8865a7bb5077376813f1800242c4c7dcea7cae50e7f81eff23f702be7fe72f9f1f4c26d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
e7b2b5b763612c230ac015732e421635

SHA1
2abeea3ffedd49378328a8cd052b1a7b30697ca6

SHA256
7bff75a7f9769ea775adb2774e0b4392d27cf848814ed598e4140ed72b146d71

SHA512
2c1080d440970bf147683e473f2aac8b5aa84f0a3410502dad6ba7287c4d37d92805161cf09bec11b8c14f770048df496c273e3996d52ee8693580a2e77a6bdf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_4616_ZAACPHLMAGWSMAHQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit