hxxps://blackhost[.]xyz

Analysis

max time kernel
150s
max time network
158s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
23/02/2024, 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://blackhost.xyz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4808	msedge.exe
4808	msedge.exe
3288	msedge.exe
3288	msedge.exe
1988	identity_helper.exe
1988	identity_helper.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 1328	4808	msedge.exe	61
PID 4808 wrote to memory of 1328	4808	msedge.exe	61
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4984	4808	msedge.exe	82
PID 4808 wrote to memory of 4524	4808	msedge.exe	81
PID 4808 wrote to memory of 4524	4808	msedge.exe	81
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83
PID 4808 wrote to memory of 5116	4808	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://blackhost.xyz
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e7763cb8,0x7ff9e7763cc8,0x7ff9e7763cd8
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14711831389169244312,14152093329123746399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1
  2⤵
  PID:2112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaacbd78b8e7ebc636ff19241b2b13d

SHA1
4435edc68c0594ebb8b0aa84b769d566ad913bc8

SHA256
989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a

SHA512
c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c194bbd45fc5d3714e8db77e01ac25a

SHA1
e758434417035cccc8891d516854afb4141dd72a

SHA256
253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3

SHA512
aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
181B

MD5
2f5ebcfd32ae96d1f11d7f5e69818bc7

SHA1
28a8127a3b21a34b004c06f8590785d2e7a5d146

SHA256
26e2c92a6f9cc1bbcdde59b54458f98512c558bac5ddfb05910fdf2e8419b0bc

SHA512
800379cf5688f65ff6d2a8f63b5d0816082d5e1b45adbfa7bebb45878a85c8a5da68cd4083007d0c11c3a483873016020d4a2d78ece2f28b047fe4668d2580ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5057349831bed0aba0f4d3bac71f3af8

SHA1
b6a9e23b997d8f046dec1c66f8e9c80a83b6b4b2

SHA256
ab767c5f2ab03950f9e0b333c26b5eb928db381915009e058c09361c7b4b089f

SHA512
42a796885963f5026b9704de0622a9cc1219b60dfc64020b3d0416233ce43753ab30ab8aca69e2f7c33347d30dbf4220a1e88ef6b15296059200d0be33ecb250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfc662ccfc4c59c9ec49074ef2cd170e

SHA1
ab43bfb0919b44647fc473b0bf993dcc4a745ab1

SHA256
0a58fb8ddff5928bcf5711bbc4850bd849e861d07a91d6e01441861255282de0

SHA512
3c04f54b053a525ec04976e2381fd857eafcf4f8745c493a0d693e97e9980717c65d9690d1eaa2e6c8a704437192cd51c6d2b667c32a5064bb5e4f9a8e90c019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98fb430caec6bc4dc2f4c1b1804ef5bf

SHA1
d6c97c8593b1cd639e411db5824d7a6856153908

SHA256
8e2b794a6b0ba9c6e75952bd4b87ead1503aa468f69f29fd6d3e9506ee34d7ca

SHA512
e73aca5983e64b959eb8a358a02b5ea3f9d25b8aa550678649f3a5288cf6d9b598b48717edcfcd724d3c4f85332bb47919dd29b6948bab542b8506a2d570bd0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e2517f277d2c31e77250f28aa1d1cca5

SHA1
f16f9c7f9d4b881927e9aa4d225e84ef44809485

SHA256
ebc61c4929f0c21a3795965218ed9a8d6d246f45748baa8e3b9ef829862f3f0f

SHA512
dccd75c3e3c66923a79e4bd28254f809190fb94a9c47be35c5405639ea78dd6cd7dfe28d0c1ab8742991e29d90ba61d56c0341f11b50ab38234fe7604718465f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f46db8d2ced4286de547df734a0a70d

SHA1
bd55237a8f4b86aba2e4e7389006aa884c619a00

SHA256
076ad90fd0567f7e5e5c24b06dcdafe72ce3a67dfdf235b8aff19cc4a82ced89

SHA512
aec4cc96024a0747adeb9b49470c5492cddf82b8979dfc73b511e963508c848186fa943e5dacbe11fc86d77158a497e877f68437ad40f0c48577c49c5ccb13db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
773439d7ab7ffe03dd19a42c431521dd

SHA1
109df423466fddb5c45db19ce3fe4f448df30015

SHA256
33e597ebd96576679d9e03a29137d2dd3f75beb8ce2043edd819c893f142e64c

SHA512
5e8beab425085160de0e5cec871e13588a31350c8bab375748c2c38412ecc7a602e1cee5482dca3a9b406326e2a1de0a02374a8a29ce3139a8b93b14ea9e6cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02fe0306a964538f4d574d96fd968b45

SHA1
8b691641767fd9e2fd53531b3467cd9548c5243f

SHA256
9e82a4cd66b27ff666a46f1e4204271c47de0b45f0e8b0c2d136b2a2cbb4ee26

SHA512
944002d5ddf476fe47c4016f5ce3f0d5b5f0b350c95ecea704547f31f258656518f6e9218a6ae1647cc803930f4669aff38a3e297787dbde6447183123375a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
8f11cfa29d5685bcbab4a9d8924aa6f4

SHA1
93fee2a9cbaae4cc6360b1e3adbafb0d617b093f

SHA256
1b7de1a2caf5bf8ed34b89c81f4abea351c2a8afe761b1736238954d34a4aad1

SHA512
467ace0ea0370e6c0b48a5bdd7a3853f976f99445ccda617abb9daa5d89f0224f0ebfd516c6f919ebba75f8e4ddfe3e6a38cb0da95aa7e2edd40633884018c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
4bff8f3a5aa16b9314944f4f1cc1ccd7

SHA1
18ac72439903dfc4baafc5e2856d5af1a862b84f

SHA256
34c81f926774a48273ce561c97616d9d108b58de695e6e73119e713db8130d9d

SHA512
6551269a91552c1a2b0e523a9968b63c6790ab682c7d6de8abc868a57ed5822bc655e0df08a2d77cb18fbb91dd119679f0da6f9edc507ba0f7743b5c7c2b8c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
786f706420f10c34fffdb2a927729954

SHA1
3df8c98fad73e1f1b55475684966d5441036500e

SHA256
e11a8ba38cef0f818451488fc4dff60a7179ff36d57d8141e5c8ccdc9af5fff4

SHA512
fcc528a31327dcfa0c4595b1122acce3c8c58f14fb32c8788d671d9fd3606afca56bb912fb89ec51dfccc78938872aaefc5dd4f1e35563aad964dc7f64683f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
292e6e0252af539f66456c905ef1b047

SHA1
62d6ba45ecf939d78e3423cd7f81117c4da480b3

SHA256
bffac87cdaa043dc62683f71ba4c27550643c2da9ad8cb6927e400fd1ab26797

SHA512
b74a466c1c4968b1053d155bdbcc8e1ace9ad5abe6d10ede83372ec30b8ad26007a42c0ec8a2ff3ba74bbc608e4462ac570aa7ef7a8e7811640a41128e350cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586210.TMP

Filesize
203B

MD5
b8dd8633ad357885845a25b7d0b6c88d

SHA1
b66ed57de8d8dfe9b503d51889f1eabc1630ccb4

SHA256
c9777f4b9daa88f325b9f6bffcee0b7edf29156ea4edd19cae9920178bce4c94

SHA512
42ee2ea8a56831bbdb093f2c2e18bb8e896e682dea42c8c4cc18b4e6f0beaf9e7e787daab76c0f9cc3bf12dec2e4d0411f106720530ef13ee9495df3845cd85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3aa1d635e5527b7a1599e90c83733bc5

SHA1
a178600a00840a421053ec36a1bf1ef13a7703ea

SHA256
edf991eee145023fd639461098cb788f17568df6ee9b9400496436f14c890e57

SHA512
90efe76828731dcbfe248ff6031f53bc4fd2412d2f15e516987d476a55aff6b6f975819239b74d0fd6e8289d4790ec51d9188bafd70fa646d06a84f323661672

Download Submit