hxxps://optout[.]oracle-zoominfo-notice[.]com/acton/ct/45126/s-0084-2312/Bct/g-00b9/l-00aa[:]69b6ed/ct1_0/1/lu?sid=TV2[:]vWbipHQ4w

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 08:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-0084-2312/Bct/g-00b9/l-00aa:69b6ed/ct1_0/1/lu?sid=TV2:vWbipHQ4w

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1340	msedge.exe
1340	msedge.exe
3636	msedge.exe
3636	msedge.exe
864	identity_helper.exe
864	identity_helper.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 3972	3636	msedge.exe	51
PID 3636 wrote to memory of 3972	3636	msedge.exe	51
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 4756	3636	msedge.exe	90
PID 3636 wrote to memory of 1340	3636	msedge.exe	89
PID 3636 wrote to memory of 1340	3636	msedge.exe	89
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91
PID 3636 wrote to memory of 5080	3636	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-0084-2312/Bct/g-00b9/l-00aa:69b6ed/ct1_0/1/lu?sid=TV2:vWbipHQ4w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8e1246f8,0x7ffe8e124708,0x7ffe8e124718
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,4566328789370310663,17984967390658172857,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3468 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
201KB

MD5
e3038f6bc551682771347013cf7e4e4f

SHA1
f4593aba87d0a96d6f91f0e59464d7d4c74ed77e

SHA256
6a55e169bc14e97dfcd7352b9bc4b834da37dd1e561282d8f2cc1dbf9964d29a

SHA512
4bee876cea29ad19e6c41d57b3b7228f05f33f422e007dc1a8288fd1a207deb882c2789422e255a76c5bf21544f475689e7192b9a8a80dc2e87c94ee0bc6d75f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
c21cec2ac28c035ff2af209d19c1681a

SHA1
92bf1585c19fb2dee013e05d2625541f3d2cb8c9

SHA256
c006fafddccdda11126d85e6dd267d175676390b0b6f68b2842f7319a514360e

SHA512
b37395eeee036ec84624202226cd2b8f88b52cc5e9391f8ad62d99dd9702fba1cf1dbf8fe31a7bd6bf558810209e6edd0aa591b36070f4b0f10d92dec488ba44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
164d4e3b9d4a5cb0b483ec6013c04f64

SHA1
8029c8bfdf7fc544b0d989ead67b3779a13a469a

SHA256
d1fbeca34f7dba096dfd49859e4fc7a4a8db6b0d4d227820b3cf942e0cbf3390

SHA512
09fd1625d6e36a8755b43607088c2fd8aeba3c6efa36239a0eced78bfbba6371cec60635a4d5933319ba67085e18c5d7b1110f518337b8cf5e48911371985ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b201579ae6e84475718ed8cd98598a0b

SHA1
c2b4132a4d86c87ce18855aa5eb3790f286e3fd8

SHA256
1abd1425c4776092a1415fc0aaed03cf04eec07567135ab370289edb6aabed0b

SHA512
2b874df4c2a881af611b003511da84d7d6b0e0924f1c1118ab63bea3a60d450ab34324d87ab3b4f7d8234c51c47e3c8f074192f1dbd85645cc4d8f2cd43d0828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7908bc8029b34c0cf4a6fd03a708101c

SHA1
00d1a1807e345f110108a45db5c941a5c3fc5763

SHA256
da2af81e16b01af9f35b31e90a0d08121ab1fcf89ccd1c49c054de39bdda80aa

SHA512
e9cb962d887c8e04df429dc3c7b494b4410061d481fc77d842502f1bcf535d1c6747ff2968f89fa740daba8f098f75b1bd8c45ce0ea60e8d03a5bc7ef71738f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37ab34764b2ed491e345495195ebd2cf

SHA1
d04bc517d1d3d3f1fe7637fc2af51bdf7f89fd5c

SHA256
925aa6a816e78f2483bf7ef975838b80585f859bfc4a3a10f6bf5b2c09759ae9

SHA512
3d6faf175538b051f239c2868ceda5a3e65efafe0f7c01c7c0c95c2807023fe3619c4fd453d971c885ee7f6d16e0901af3ec5d89a71724d2177895e3b0da5081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d36aadaaba10e939d8785e3ed13b9df

SHA1
b092ff1bd84fd661d5bb613b6b8ba9f49e67447e

SHA256
83c7c4bc277c2e55c6fa3c488c61d330aafa2b2ba06455713ff35af379c6dc9d

SHA512
f3037b6192c1adb387ae99615b61b367dd47184b71de050e2092904b2306f7f784451ebb4b7ef83e918aad0c012ec0ce5173e31715aa17460fbec64550697c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b8c8b6a7e71e904c7b680cb6b80cb576

SHA1
1fade197c5fb61a24ce601d6184e9093646b44ec

SHA256
3ba01f16153a4c3f3f59303a86737fa0af0abd2bcc69cd9f352ad4dd0e63b9ed

SHA512
584b6b3023b70ccb70361031a460282a51951dcf538d19785eb68af8be87351d32ff5a8baea4056e20720fc2e69493a629a104cbab5bc22d7ac4279be559b827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
d689a57b3f5725b085746d19132c799a

SHA1
03821bcb8c3c8c8d1376dd94a2f6585fab65c38d

SHA256
d2335cba7fb16a91a2d9f9c5c4a8576c66813e5c811f54866efe0737008cd0e0

SHA512
e67061204de050d9f21ffa7fca740723bb91d3f1522e890003fa6a5939333175147c2c345399ad9413589e80bebc31b763702927b86f6228675fccf335b7f5e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
c6f8404f25614ef0e30c8dcddb01a46b

SHA1
9b921bc5dfe641b79cc2e50072911b0b663ed1ee

SHA256
230e855add3cc3f0b14c5ef95bd8c25f0e0bb261e9874f5dbb607205a7b3bb49

SHA512
245e374a5b49ad323dde4842df56fbd1312844426b00eae3005039c3639235797452bfcda948d61ecf967a78962cedacfb6174e5bdc8ff7bf76ae8831ee7afb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
0faa40d58f097023500a8bec29b5147a

SHA1
10358874e29e346cb04c07703d3ced49d7a10743

SHA256
698c501905b95836cb79ee97da1596bf87f687a28ff1a5ae97191acd28b0e870

SHA512
1121eb851585271df05019b85c70f89a3adce847c0b338f0040b3595099169cc224496c5e4a6009bbd062a8efb8a3f73c43dd73d80140e656c8c1474de8d9b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
2ecc26e8ec4acc20dac1c7f3924d541f

SHA1
c0eaaab347737c875344c02c9748d4aafe7eba27

SHA256
f294e3382b6ae52d12fc052406070d354620e4188907a84e0fafe6d877e60bf1

SHA512
19f47618e4af76cb24534314368085f5e7759f09764053f1a2d0295ba0909c1f9b5bd3701b4a78adbef4d20431a4e9786da3c8eadebb8387886e16cee40c3d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57efce.TMP

Filesize
371B

MD5
98f266a11b446835c026cab890a33237

SHA1
cc0c7ae6217af50b16fa91d4b4769f4b41c7e198

SHA256
acd41a4b9ac1ce8248bb9af5dac5f05a5bc8ad8e78adbbe5fcdbda550ad07c94

SHA512
fd48b53a8d73bb4dc2bfb97f8985b4f7620c0989702765bec1526c0f2e35d55e09cd92cb6b97a5c99235dc1165009e0db0f08bbecb97dfed9ccca995e314771a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4cfe848ac0294fed2c4d0017443ee87f

SHA1
44fe9ab568b309ac343843b0f59fd9aa853b30ba

SHA256
3f836b81aaa1f696e8f3c3585b20608c3ca6d1c3e7921128e80d276df094e9c8

SHA512
56ae13e6091abfaa94b0d6b821b453a16c56d64ce85caea93a344cfb62256a46937a7e8626316f1b67c149065a7414a9cb2910ec1f5348d2827764eefefcc2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
87e3db67c4ef4ba39f66580a64f77644

SHA1
7c463f89eaf15c59227475e80df38f2c9d387f4b

SHA256
2c73747380b459bcf8754fb20f7ada75bcfe5b344ab041a90d40e66ca254f0f7

SHA512
8ef220754bdbda7c78fa9f09ff92fd918e17942a545a5a2c1958011a425c469ae792b4668b00bb330c527bfebdd8bf17b13953b21be91921ab5784aa74e42d7d

Download Submit