3ef278e1756f9047468ccd39554be942c062266b12af06676fd8a0f5b586bb6d

Resubmissions

14/02/2024, 05:23

240214-f3eclabc72 1

14/02/2024, 05:20

240214-f1lc5aaa7v 1

Analysis

max time kernel
300s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lucas-sim-h2-3-25-bnzwwh80xxwfp1s8.html
Size

15KB
MD5

174dd7386ae5ef6b64199408482f8558
SHA1

7d2326e5fc3a3553c0b5f2484eec90e9bc493146
SHA256

3ef278e1756f9047468ccd39554be942c062266b12af06676fd8a0f5b586bb6d
SHA512

8d2b897f001c56667122667a93cb633b818055c8517b4657275836b49ec32cae7e4d6b5f290fdae0c407e8a0ffdb6511d9bd96f1b58a2cfad2463ae69d24e4c1
SSDEEP

384:eDjK/Wn9vv6W+fBKWovyD1P4CFDgQRMRrQR3RCUHrqx8GYeRPVyZtAvqdzOQJSCH:eDjvwDdZFDgXVV8tAMzOQJjDjo+I4J

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
4644	msedge.exe
4644	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2960	identity_helper.exe
2960	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 4964	4644	msedge.exe	83
PID 4644 wrote to memory of 4964	4644	msedge.exe	83
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 744	4644	msedge.exe	84
PID 4644 wrote to memory of 244	4644	msedge.exe	85
PID 4644 wrote to memory of 244	4644	msedge.exe	85
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86
PID 4644 wrote to memory of 408	4644	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\lucas-sim-h2-3-25-bnzwwh80xxwfp1s8.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cce346f8,0x7ff8cce34708,0x7ff8cce34718
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1472,2922904494979797682,12737689642646634138,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,2922904494979797682,12737689642646634138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1472,2922904494979797682,12737689642646634138,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,2922904494979797682,12737689642646634138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,2922904494979797682,12737689642646634138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1472,2922904494979797682,12737689642646634138,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,2922904494979797682,12737689642646634138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,2922904494979797682,12737689642646634138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1472,2922904494979797682,12737689642646634138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1472,2922904494979797682,12737689642646634138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,2922904494979797682,12737689642646634138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,2922904494979797682,12737689642646634138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
55KB

MD5
88e1e90ac5abd755ed54e65e666784be

SHA1
63f5c35647c8960bbd8aa6cd661d9a79750bce61

SHA256
54ab59be1c0a91b6a5faf94a7ce272a7639ecd354a7350a0c290acc0fd042bb1

SHA512
90adb93e7f3c30b22aa7fd51508a27374b2ca328cacc58239fb0a18630eab3a5a6a0ce618a55f17f021b38d19d0cbfed3b108be382e335cad2b57328c6496a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
221KB

MD5
66c6e40883646a7ad993108b2ce2da32

SHA1
7a2602d2ebb08ce895e33addb6fe595f1029431e

SHA256
17fe38ab302c7e5dbfb5c3d87801092d79be958500db6412ed3bc0f126bd53d3

SHA512
8a166f9044346cce8ca92b00f5dac0de6d0ff64ab72fbf390a268049fffb72be2bda1397ae0ee97e37cf33e3c309cc630a638ab9151f944d8d05ad652d6cf261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
32KB

MD5
f9dce4d9dbb64450608c56b1c1d77ec6

SHA1
48da04b88e675c85d48641c040a6e70d66432f66

SHA256
39037edb7ad5eeba45c93b4455021807413e1f5b46df172078f0757514cf0cc6

SHA512
90c1008632be1f91f066393f85e41ccbf2b3a72be642cef151aa397aca8f476809b047abb15b1e1fc41dc4bc1a4f6c949faec4ca79f5fc15cc15cc7fabeefeb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
81KB

MD5
7921941276ad9af5086a53fba6d3189c

SHA1
0885c3a66a076f8e7a7c811ee39af5b9fbde259f

SHA256
8f05cc372b11c065a0a8f2dc29b761724ef1b96a80987f5c4585b55db223f246

SHA512
241297c3fe1ea43c4ccaf60e629f33e1288ed2dc9356485f2884502f4b5dc3ee8e6776b45ec53541448c2433de9b57089d0110c2f616e94abaa2eda22c2233ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
219KB

MD5
4aa40a3a3e6bc0b62792aea1304e0e54

SHA1
4ed2acac752440ddfb2bbf968586ff2a209948e2

SHA256
67a271fc950f9caef4c3df9169096d78f59906bae78c98c518905a489a9637d3

SHA512
437d49b42aec3f14374aa4bdbb67892f363a9841c5b6011c53cfb49426793762c8af533865754bee7624a9882fde9a12983a6ed647b606f8ef182da79b7edbae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
51KB

MD5
f0c342c7069f3b19988f88bd6b987634

SHA1
cc700f1db5f198c26a1357b3b7b692958064a6b6

SHA256
e3ded29ef956889943f75b745d1054f81b83e14cf0ec71dcf3bcf0b8de6e932f

SHA512
f4731bec2558893f47dbeb07f0743c8bfca913622639b3bac011b89f7f51068e8c1eeeea255d98e84bb61e18a3a1709926849c65c59841aeae942525dcbbb2df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
37KB

MD5
752ca5fef0bcad6f16b06cb66acb70d8

SHA1
8a9add9597970eeadff9deb66dd9550beb357b51

SHA256
aaa8c2225000fb26461684128c7fbc0068c66a6748435a95628da762a8c40241

SHA512
30d3e12929f0192b280152302e62c74b03c6d6d74e0c942f02159f835fa37e09192c27b79528b89afdb9cdc30e8b294b28094b81e748929b3b4cbe345e808f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
583B

MD5
0d24429afee9768c6a8e59a45ee9ca3e

SHA1
ac7c0a115b5d31e967647081ac3579c8dcca43e0

SHA256
7389fedd3fe2b887d906a14d9c4ddf7d59f868b7ed91b5c4ca165b850b497712

SHA512
5f502f50f82cf76013d5eee0ff6e86dd624ae43153331b796207a91e3d0624a54cfc018e237407c6316fe0d3968521089d65337b6cc78e210a63c608f3d06780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
85316d5e73a79901bba3e01482858b34

SHA1
9b73e0a07696d0b232ee15f3ae7c3bcf7d1c03ef

SHA256
335f1fa6015c1ed885b63c97127879948a34a4c3efad28588f5a916b96a8e27d

SHA512
e5e4e435b25548760241a7fd5a9519d9f9c520e872152fbbe061d830dea8bbbe5407d5db32c55bae32fbacc21ae7149ef051ffc1d44c3d5ab9c025eefb739a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
528a3530f14f295108b3e6bc439196ee

SHA1
aa8ce40501f7dfc6df53a9dfa92c1636c737069c

SHA256
1a84a6fcd1ad274ad57a94ba674e606ca312061eb16610e01003942c5e631c38

SHA512
9cb2b295cbb6d954960bc4dfc2f40e69cb25c6744831649aecf5899cf5c1a49bb7dd127a6f313fafa297c7cc433bd95d0672118d9f303c480982abab2d0ddd23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5e30250415e8b0b13e612ffec22c52ce

SHA1
d40adfb28c1cc130191ee633c8007b73bb8ebc9b

SHA256
a126227c6724e9319634cebe76b558f6a40c31a8fff199ab2451ba4ae61839e7

SHA512
e1bebd60acd12161c1097ff640e198909cbdb6bd06aef5db849f9c82f867ebc3f26913ce29edf395693e3b3caa5f7622b41c1f790d3afc6e226f801beef47116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
06e4309810894323f6b5b5bf8662c49f

SHA1
2f226762dd6035b0f4ffb9ce51bbf3554634d03c

SHA256
2953f56d20e24acc17aa78e4f8e34a04fdd1fa1a56fc3e0d3dc29a1ad1db991a

SHA512
d46ac42fb8a49ae8040230346aeae0f61a780c43b406ac3a41f206d7043399ddabcb59311df28311a13931080cfb3632568fd8adf5f716705e96ce1aa5cab0bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
7807dd4ca4a371be71bfa60c3a0d68bb

SHA1
109e47b28a9980ee2c49937a1d466bef83028a7a

SHA256
b574d1d37c73ad29728c08ff3216f53e96e4d0b77d4708c7c20f8be908ac6255

SHA512
7a6b727ca1bb93140c25cb3b74878517460960c920ca62117e509ade2cab6f192d2bfc6f98f33311c53f891cd94935a9654678a0a11526eb87658332194af3eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
e1ce05fcd29f4d9e31d395530ccbdcd1

SHA1
dce8fad279ba939ebfb934f35f0e72bcbca0d443

SHA256
df57423ea025233e5c152bc8a84b65acb838922a86495a9d2633f8c768b711bf

SHA512
c12da38f913f2df5f8434451eaf94a4f968923112727babb0014ec22a1701e1a7ccca744ab2204c491d138038249c569eb18dafc9039059e99511dc7ed02c6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
a9b5818f85573be152ffc118aae13bc4

SHA1
c3363dd55bfefeb8514b707cb5cfab594714febb

SHA256
6d74a4512ff97210a1c1c59fbd66b3fb244589e2491f3f539e94b8f73f7539c6

SHA512
46b4779e4af802c3c014fc0cc9334494ee3c4a0b82069b5cd08efc50b93c21a1c29bbef11e919d220482682674f1870a21427cd973898408ff184e8797f25111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
532c54b2fc451c61bb7cd65dd5d51be1

SHA1
4dd6239b8949c3dc7b452dbfe3b6b18b227a4825

SHA256
dda0d82aed9249c187a0168498ee076c1ae9f9fd43cc7af1048b657cf973474c

SHA512
5c63185d45e92bb4fc9884699fda013a1e688068111995436f651e14ee060ec76551b744cc4d332c59406786fe6cc3147ccba69601b1e1f74551eae85866a2f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
462baac61bc47b4eb7ee8465bdd2a714

SHA1
90fb7decad174ecd684c45ee201fe032674ef1bf

SHA256
889e70b36045317a923186b87631d47e2b4b6010a1c1de04d5e2fd7640539bf0

SHA512
43c51f94862d63d51a7b89e41f2e97e37b06ac7297a8368cc3dd3b65594b9f14fa4b017561b5f293857e1d581f94f94ef72f5e00321eb204356e0060c3908d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
5c90557e95b6446ab38d3971e22d21bd

SHA1
4768c1e307680567bfc172c0ef3af96805fa6d0a

SHA256
c9a1e448f27bb0b9ac4c02c44b805d786dfe4728671faa708f8d6babba4dfd32

SHA512
f24e7f8fb225ed8617ee69ecec77eebb3d415d4ecfb943518dbcb36e0b97c824c8cf3942f3d9bbb8fe381ead54eedc1ccd8f771a0e9da78e374aa1e36440807f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
b8aaa49763de0c6de9f0bac53d38d33e

SHA1
166eb250f2c354f46dcea25ccc84c4e1afc24235

SHA256
df097130ca2e454bc1c65fdf4e3072753106adbd5fb8063ae399749bacc633f2

SHA512
3b6e8bc7b199673f3db0d850d904d78b886f4500e7135e3931692a31bd3efbb9a4ad99223fb73ad11c401d485ac47ee71ed145f221660d8b69563ec2d05e816d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
fab615d3cd8c9275e89361313c4d81a0

SHA1
442c5b9fcea4c908bdf6bb610a51cad0d4db7f1f

SHA256
f4a616d2ebf6f697d75836213e0a6d2e01e7b6316b0c3591d1037a8d20015ea6

SHA512
9ab075e24b4094843637d681f08df6c5366e7e8f791d8e8e57e99f8bbe66b05310ccdb915b6731bae1f159383a5c20dca714f891949e1ffc2c4c473795465a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
bc4d861c2459893220cb5abd1855391f

SHA1
dba0a6da4d28b96ce2ef5956a8603a39f297dd07

SHA256
e4a0164ce231885052110a1612710bc2e94d524edbacdfcfd807fcd44be7b9f3

SHA512
a6a05da04ecafc4884883924c132d4695b95b197b1a4e1301a01718462bb9073e7e289c24038819fd4997ab27498c374db36d3326a07f2242250b991b4d11528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
bb3106fd5b17ce9c4ab1194e55cc5d19

SHA1
3476954871884e47ca931f4c74c3da32bf90cf7e

SHA256
c60826e55918db67a56f206f55150f94f67a25dad7f32e15460137f349fe02cc

SHA512
50fab50897fb87db1ddafe621682afebb663763679f52a6b0b93551a29e039d807d33d7f181721cb4e3f4ca169ad7a151b618365920b013eb5010999a26ae022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
94b7916f758e7cea8a8c9426e19ed0eb

SHA1
9cc0ef5caf8a1e8503998ac03d1ac1d6bee70dc2

SHA256
bf6573ea074247cc282390f2f9ad4812927b6a74c81264c6a9e63206b5ea0a4f

SHA512
c673f91b8e0c67a4218d9e71f98f0e5bfd7b8791f485db6370a2fcb0be3d6b52340ceb05d988884a9182f58732eabbabd6beee6667c6bf8007acbef83d3179de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
10265c3e27d736072d45e7197ccc405a

SHA1
500f293b0ab1f850699bf692ee31b0ae86a86d29

SHA256
6a693b7f9c60c434fe289c80de3664d4c0981c21e907fbbc897368ad6187e485

SHA512
d33c1a930cb73576b101777237e7b1d892216f3d7deb2c641539e082d37924b82b84bcf3998904f7e9c8467d9fa25311384f2900cc3c30108caf86aaeba51f0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
9a79bd1c242aeb622451b2697a15febf

SHA1
fed79f388411d9b111728a0b70a2910296a6b9ae

SHA256
72660f6e0d7d88bda24b98ca3ec16fb042339198918ea685aad1bc1d379dc8e7

SHA512
43e02607858b374429d3f8f53437d28035958b1f83c2d79568ed2953b677da3d1017c1d94c55e8b66c7e13621675ab7e1c613a566850d431779b3ef0aa315bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
b166ee73fb624350d43d6ed5d4f05e3c

SHA1
fc2dae47db9244d651bb455010ed7fece790c6b9

SHA256
2ffac09651c5062254936098a599479ebe3a106993f6f4e78b52bbfa7942a1b1

SHA512
bdb780ffd8c14ffb6557fffe1073cc86c6aaf6c70a3b587dfd1a753b868013cf5d174c928fe2df5c89aa250bcf3caa1fcccd4f0557b42b401e6221bc14a43f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
448b27da04214165fea9f55f53e38303

SHA1
ef7a7496b94aec45a6e6892ef73e4381a601340a

SHA256
a50628f97618e14ba5fd3f06db06dd38cf80beb4ac791831ddf63e82fb24fc8c

SHA512
50c98f778544dda35a683a197a332f81f6e10bd835606ff45b3ff68deb062beb9859f0364046b72d74241c50a9a45c4c834020df6c269310f0cb9e57c882d6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
2ea2abd139549404f8f044fd6aaadc72

SHA1
cb5d4493674e2612d9bc35f79f3baae74cc06d25

SHA256
927b43774a2212b7cb18ced32dccd1347846130ecb5ebb8c505f732431686625

SHA512
a54bd137396bc02d1ff1e86ffc8678590614bc511a6c6d38f867c38f205695b3fdce4b2eae5b37675cb39202a84d132b02ba3372ac92e9b011cc5e640222baf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
814e9d3cc9a0fdcceaa0f5da6d34b6a1

SHA1
414c932e62c1aa06900a0d1ee25b68d891759c03

SHA256
3684c653152f4140422f975a0de0dc9faba165551d01b1577d3eb42d4f05fac7

SHA512
0e6a2c65e5e6ff915c089006deddf2bb7bbded6a5f96101b49e2f1efd5d0244977de2a9e0a8eecd04df7b3d2a6b18753bf2c477bc70bfc3f6945e57cd1b6c262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d244.TMP

Filesize
204B

MD5
2f08365443b8777f2fdc3b16c8882909

SHA1
8d98c612db62a0701663b895c58b98e48b4847d2

SHA256
e91e4ac975feb7a52030223ed87c1f70911b6873a1971d46ee0e30aa8d80b003

SHA512
e489a5efc2a41fb4ad48fa41c5f59b6b4b98f1367ec124fe22e550b6fcdfd7cb757363d2867212d39268d6c5104678ae927395adaff7939fe83d952e9b2a5865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d57fda53-9ef7-4d58-a67e-35d665e00c88.tmp

Filesize
371B

MD5
8401e207505e69199d18cbbb023c304e

SHA1
302b71c2dff92e6cdcfecd53f7ed0b6da23e6044

SHA256
b74f1528b9e9c791c3cb18c609f8ffb391107883903db089941b61abf3d99acd

SHA512
8c707d2b4d1de1582c1c2763ded2fb38859ef217459abf53d4351378a18e529b12188e51314012bd8e4ff3789bc396d626c7d05b132ed7880b51f0e8b9ae9080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
be9f387db7312ff8d5e271cc758e7ea4

SHA1
ca6c8670e0147015fbd475fd6a721bdc1a593583

SHA256
a86628f330dee7a97a0b56835de2aa793f1a62d565c59bcbfa7068fd4c47e48b

SHA512
eba123dd89c795f271d90719016633ad0802223d1bb2c2b11967b7a39818e8461395acb4d25107b31a8f8a973a7413556841f3238ef3a1d4d661648c364f4f5e

Download Submit