hxxp://bupa2024akl[.]com

Resubmissions

11/12/2023, 11:36

231211-nqmgfaddhm 1

11/12/2023, 11:21

231211-ngf83adbfr 1

11/12/2023, 11:16

231211-ndhmqadagp 1

Analysis

max time kernel
132s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
11/12/2023, 11:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bupa2024akl.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
1888	msedge.exe
1888	msedge.exe
4784	identity_helper.exe
4784	identity_helper.exe
5840	msedge.exe
5840	msedge.exe
5840	msedge.exe
5840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 1448	1888	msedge.exe	86
PID 1888 wrote to memory of 1448	1888	msedge.exe	86
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2348	1888	msedge.exe	88
PID 1888 wrote to memory of 2556	1888	msedge.exe	87
PID 1888 wrote to memory of 2556	1888	msedge.exe	87
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89
PID 1888 wrote to memory of 3616	1888	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bupa2024akl.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf46c46f8,0x7ffaf46c4708,0x7ffaf46c4718
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5487519619107211237,2247992174314217595,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e5c27b4a4d5a3c9c60ba18cb867266e3

SHA1
dea55f1d4cdc831f943f4e56f4f8e9a926777600

SHA256
860ed0acc83eb0096cc8911725e2c631ff879ad8c35854577651af502c4b69c9

SHA512
56eda28e9c61e8081dadc220d23e7bb3320a9ba557eb7511d17a3d2836aa61f301d1d714a3d611eedd7c4b91886c790af7366b01acdb3b637f3dc4fb024f3f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8f7fb353-8c10-4688-96c8-4aa01154d3d5.tmp

Filesize
873B

MD5
bfcdd77a9ea7aebb1611a31f393982b6

SHA1
b6ae254f269c31a2fc6f22b1fa90bac2c83d22d9

SHA256
fb0b584987d2a9350488932c04e1f61d8339145bbfd46e3bb727438c7e070005

SHA512
40d040b4736e11a76bdffcdf525ec3d2dae9d3790e9171fac8f6c8744adf6eaca050e8acd3d91efbcdcd8747e72a598fd8606357ba4ead1da5dcc6953ac1d47a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
39305cdb141453fa28b6b61234b9d5d8

SHA1
2648da83c366c2e0fbcf9b05f8365cecb00a01b4

SHA256
42ea6b1f4d178fe012fd059a614c8426f4e3e215767e35ee3a8c20a9784f880c

SHA512
dc6071f487591b56cec58e714c47afb6526aff187788b20997ab77d2ff2b44c1a3d23775ab41e4eebdd2f79dbe3ff3d057bcd4197a49c2b1d23013d998ae3fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
d56251ffd1643b89c8792dc08c4305a1

SHA1
130773f4529f992dee2a9a374af6f8e74c49010d

SHA256
6480e49b27f9554e560b7cc4555dbefdff25cadd08bb825548411dfed0d621d8

SHA512
5bfe9587b63864541a0bd2eefd452a00d0bd88eb016d4f45b0be7ad13f7cb9d5342e9fa61ec40dd5a834d1c0b6c9357201cbef12bdc62c9c28cc7d86a84dfe3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
71a85d2491006dfd19b149d601f6d3fd

SHA1
7bc09bf51d9673adb5792d5080bc1e1b36e62d25

SHA256
feb82e7c51d02bdb20334be664acfe61e48c82c03842a6188ae9b720afc0765e

SHA512
dc3abb8b9fade86920688dc6846a520f2c13d2a3c5ba123dde92cf8c5bd00a655019213c55c6a3c869d3f1c0e7f4074a1d5dd421e0ea4e48ee5c046bcec88455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4cc05449b7b81d4048ff435518560abe

SHA1
a7064cca395dcf0e8aa2ceea71b94167238f2782

SHA256
e975751927035ef67c2be75aab31347ba4dd4552c9034cfc1f717b803f1821d3

SHA512
5e3d95bec6ed321d8e71681512282fd729c3ce5413cdb70044f3584e8b314c100b72b641b0877af274422e497cb4b85bf0502af895d1ff3751e78438fb36a0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
90a4f7d3495496f162344b2b8b7297db

SHA1
b5171f6ac0042c37d3f831c5b77e1ca23bfebe50

SHA256
c951193567d6401df1fac44856a1c0b2594cc4a76676b3d682fbb832b04f2d4b

SHA512
cfea35e40746c14721d5e3e3677e3e2567a8d0a4afa789929d83c416a9d5345fb6f42c058b2ac476cbbb53ccd2eb314c8b6cf357159f4c2679310c5db5a2bd9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d52e893fec888d6c9b39fb036c2dc6c6

SHA1
cd70fd4b7a28701b3acbbaed43a66e6b0fc384cb

SHA256
f216f7546cbf0280f1b9ad8ffd55261a183e1ba52739acbb050e74a75473f59e

SHA512
3dc65274efdd38991297987a4ef9d731a0219a5eed531cdf2dddb3d9c24bc389a22b247013fdfe114d4257da646847ad2b681d228ab22ee3c10a777bed7d6b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3ebdeba0534f91dbf3a753d5863f0082

SHA1
625b787c5943109945a89d9a7108088e8e6cc97a

SHA256
5221e21af431690d00f152e3c9d4754f8ba363e9665c7c1431d831102aafb8c5

SHA512
8917b5e586d32e61077d7a8c0150bcd859f3262ffb1fa09649b1433f90129212211a27e2a5c9025c287a9cf54ce3220832f8d6e2acb82644c834fb4a901b872a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
643a7bd74e485c66aa706ae2eea6f129

SHA1
b508a872f73ac9ea257488a8b34f07cc0517a186

SHA256
3d2e5a41d87fd6ecde1930e6c474495558ea22abcd9c6165378e1c33a38ad5bf

SHA512
e006e7e971e86b6a3d555a2e162c6c530c3fcbe0ab227514afa67201fac9f3f5034ed8c67149fef81dbc7d0c68bf99ee9445b695ca2312901366ace514a4fc94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9fabaef8aafe2629373ff7a1b550e672

SHA1
39b9ba82b8c4108441bfb6975e73c8c103d8eb98

SHA256
ef0207de558ced3555ae7d4701a84758285c53f148942e784a2d299f1322808b

SHA512
57672515e03e010c6d44f9b2dfbb085af809b194783d5100e40c7fec8b8b31e757245e59a106930ecc7c70b2d97b66ee27685fc47758ace2e7b9b0e26f689e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e30738d93d6789672ce8e1c4bfe275a8

SHA1
ce2195ec1f2e3830b9a106a9dc8d7fa5397d10fc

SHA256
7d60046d1238ff11bdf616d83c212ad6866a7cc630ee9be8580050dee7f74832

SHA512
e39c9590f558477a1b823de555bf27542a725566d8bd839a1c493459444d49d755445d8ff34f59681ede12a8e654c5a7fc34b6008c9abcfd65d09f6b1b523a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
e76266c000512932274b9bdf23207a52

SHA1
6765e838d9ba54c61dea8b84ad4580d004ef0632

SHA256
91836d4014a98bad460786c5eed7347763b443ae1cc714086b9e2ef1ebb4d9df

SHA512
621e456ebefb4b5ab2e94f88a37649fa7b0c7d2d3d211e457b3ad7b71c07c6765926a0c3c2a911c689a957c82ed38ecadd4ea0cd8aebb100a87f628af9216a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
6a931022beb28fa7871d41a9a11dd3c1

SHA1
eaf12598d4afa75f160c7958249557004e811311

SHA256
2d79abdd76a7da751e792add4532d3ffdb26ade98879068b2958f26e2dfeeb2e

SHA512
457704169b24956cabb0d05cb766a756f3a9ff96b153549f449b05d7441c609d758293e3ebf9bf54ddc7d2d24ca7275aaabc2956ab6212bf86eaae3495b1b64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
87ae3a237c23f1aa2aac92d67cddb003

SHA1
ab4dd7fb9a2ee14c43afa525afe13c11926e1db5

SHA256
7db3befa17134a7fd21aa874f2ebd1117f434e9ea4e38cf3b248864b89091a31

SHA512
a84bc87e4af989399d11f00be2b9149499147f29bedd78c1837836c8bb5ccfff9ec076e892cfcf4888b6c8d5e3a6d29e290eeab7278dbb9af310d8c1cb899103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586a00.TMP

Filesize
539B

MD5
c1c8241540785bad3a4d4bc6dc630e12

SHA1
3708ae3795b477eabe2580837bb3a3e97bfcaa5d

SHA256
7027755d98ba26edbee921a9f6ca1af9403fc1d6a1c9d0fc7f5b00d64882fcd0

SHA512
c06b492d3ea27bd7b90cf3d40a9f2ffaeca4eb42146d5cc4e426d413521e46210f21d5a2c18a69547b93ac7b18b1107cf68435d4b0253eaba8d7d3b5555f4743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c4321143b00b90e4f709bdb3ba520509

SHA1
3ad44128b32659650125f02f94abbc47eaa441c4

SHA256
5c92f60fc108ff31470610b2caf0e95a4cd581fdb1456254a9acad864a509d72

SHA512
c5811448dd31d83fdc470460eaf55b18e94b2fff465d5cc8b92dca504519921bede92f6e0d362b47790b49a097708c2f7fdf40cd272cfb809e0d2b1d12d5a3ae

Download Submit