hxxps://eu[.]ping[.]com/getmedia/e0517799-1dcb-4dbf-9a04-c8925f4a9707/o0rs4b

Resubmissions

21/02/2024, 07:26

240221-h9lrcsdc94 1

21/02/2024, 07:20

240221-h54rdach3s 4

Analysis

max time kernel
146s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
21/02/2024, 07:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://eu.ping.com/getmedia/e0517799-1dcb-4dbf-9a04-c8925f4a9707/o0rs4b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1588	msedge.exe
1588	msedge.exe
3120	msedge.exe
3120	msedge.exe
3088	msedge.exe
3088	msedge.exe
4996	identity_helper.exe
4996	identity_helper.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 4800	3120	msedge.exe	71
PID 3120 wrote to memory of 4800	3120	msedge.exe	71
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 4756	3120	msedge.exe	81
PID 3120 wrote to memory of 1588	3120	msedge.exe	79
PID 3120 wrote to memory of 1588	3120	msedge.exe	79
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80
PID 3120 wrote to memory of 4012	3120	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://eu.ping.com/getmedia/e0517799-1dcb-4dbf-9a04-c8925f4a9707/o0rs4b
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb4563cb8,0x7ffcb4563cc8,0x7ffcb4563cd8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,10839671028573710359,8222010187051382827,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5504 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc9ad6481dbd849d589d50f5988c7fcb

SHA1
87cebc5ed3afcfda307b9a4972d2eadbaf0fa854

SHA256
7eb4a4ffb8ad7997365e51b970221549031ac53f87816263fedc1a594cf22556

SHA512
79ec0e21d8bb64c9ff746e93a7a16e37b20c7aae47416697c967306393b738ef27a3ed9dd11881cb191289046e49df3c714fbce697e5023cff67eb8ba17a23ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e57d1035bb714e7dc12c8a2ea447d877

SHA1
e52621e6ffcfb7bccc58a562ac972f8ccc892dcb

SHA256
2809d83190e4a6e4bafafffc82df41d95226c66b38d29d064a3e5fef17f33621

SHA512
c2af62ed0a7a271e7bb9892557ed417f142a5089e67172c54996f4012a5a07be0cad7b96804a7db3b92223bfa673a0f968e78c9aa3974a8dd6fb30ba582dbe25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
059f894715f2cf2bb897e752f4b12e69

SHA1
b98d76664899b9ac594ca1d03274ab29df26ea82

SHA256
7f46379091126ff6cbe4170fd46299dce80ead5c9bb4ff388807fbdc089f0a8b

SHA512
2d5a6218c84d1be1883ab40980a0089a45981a0c8a9cb2849a7969528540d8e7cd22e24a446f92a08b2a014baf284c93e5259b3960299f136cbe8778e90a4fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5c2430c54a12dffc25932ffff1b92ee3

SHA1
352a9713e8c5d4897a0b99d4d0a329071dc6b58b

SHA256
e9b7a343692913df6630b35398676dfdd36212d5f25f97cb6bf38ee2f9464117

SHA512
ec8007666f54e02ae3e3c353ec015396d2411a898273205a7ae521b1030575f4266cd185796f362ff7e47575f1c53d680de7c9b5cfe188992cc175b5f7940f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0e4fb214d445fbbefae76600da063b86

SHA1
114b13dc13e54c7e9a825be8a36d60d7a24efc6d

SHA256
5c881a81c99a86b9dcd6c6a09a14ab45ea0d47ffd9fb78780c0457d8105a4d48

SHA512
5466e2dc0c8e3a63dda008a210e18827317bafe6c6afd508837d12d5e6a3dd8dc9f621f46cdbae062d2d859abb36ee2df95f32d4d9aa2c93536e2ade30aa1ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee1d97858852db6b3f53557d4c9b841f

SHA1
085d03e455d4908bf13cacdece68404d85be54c6

SHA256
f41cba1e7e47a2beb1bf913cace00e997604360877723ac890857fe169f9b631

SHA512
4628192de7eaa9c8cee8194d5b6f79fb7925a7888378387af4b3fca02249cc554641411b0b26a13a629eeb5c29b366d03eaa12de5311279417b49444b9c24721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
adc26993384797f7ed4190a389b2b482

SHA1
aa5e9ce31acc3a058062a84d194cb0d459ebbd16

SHA256
38be8efab53db36174a504c63bcc18adb27aa1e18e74627e24cc7771f23dffa6

SHA512
24af8436dcd54bd55ce586a84389079751ef4933ecd7e3687b5bfe13aae61ecb14fbf8538be7a835863edeec7918731429dde72ff26cdc66ee0d91071d6fec78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c3230dfb70fc3c14fd140d0e392b3ee7

SHA1
1ea029c3d05286c86b08345a185c49511399ac27

SHA256
cb1f67b8e038780d5076717199547d068f74257a0506c87617a68a432bcbec7d

SHA512
38792f83a464ee6922d5dda12c9b1c011f308ffe017a6722d95455e126d552622e92a8c5191776372c875d66c0b6ae4f63216f6b4e4f5ad82a30c8d7bd878ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
6eebeb9a797a13b043f5b62db4f35dfd

SHA1
78509b1bf703579a1df798428e88727e802446d5

SHA256
e27034dcf63239ae5f57bff6dfed2c4c139c9a5c5183526b1b82e65e20c442aa

SHA512
19fbfd65018b2fe66e8867b676be2e90efa9b48b4bd4d98ff0e6c12f9cee6129dcd3344eca50097cc1879bed4c5c680a792ab219d7ad00da4a4d0d62d02d8cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd516ba40f342a68391fefaee09104c6

SHA1
75ebde2eb4e2dc38b5bd9f557a36b3ae52c44af5

SHA256
a346a943a30921cc17ccfa3fe4950e5b62514f25cff9c5d8185b95b2ed020b44

SHA512
1951c31310c256e8aa7374264bd3e30809efeb287e997cf6b881d2b22df37a94ec509210e7dc1270c5de574ffdf8f58c903c4311a50015d8162df8426d55c8df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582556.TMP

Filesize
537B

MD5
ae7ce77b6dec39f517eb8f29eaa3843f

SHA1
d7c200fa5b07b116cba8ca48c8005be39244386b

SHA256
bfd412bcd56783acbf207bd111bd3cbdd22ed0561924c1036675db8c1fdcf7b0

SHA512
d3468929c80c4084dd3cd7adea98e9b4088aaf1dad962873877d055fef828dea8f5c56660063619eb69e6df8eb093336f3ac8205573532cca798269ddbd7821c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
b9a4b5cc0860f489e040e840dd476c2d

SHA1
8fcd58a4959028c20c5300e9aa16a54bc47fcfd8

SHA256
1542103f0f68b9fe522ebae910b15a5d783f03075aa6d418c3c1298241bbd8dd

SHA512
f5ced8bf5e4f9b0a77e2797198cd8458132328d315d224d2515bfc6aee3d3716461a1c263ef7c3c25db5ca6520fb97286b05ccf0b4aeaf1799ecbddaab6d8669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e9db1cd9785a943a6866a15b9510de21

SHA1
8f449214ac033c2c91ad9385a94cbf30783fb951

SHA256
3a046a18f1a139444c9952947cd39e96b40335260f1475b3702624a40e3c99dc

SHA512
cba818ba061930ad767f4bc214f0f6b027966785ab04fb6cbfa3537b8cbf93c4db5003a1adeb7af80fd1a1d7b512c2622bf3c498bd1d883c2a4e687b28ec95e9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit