hxxps://hidefporn[.]ws/2417950-su-chang-is-back-ep5-swimsuit-md-0190-5-fullhd-1080p[.]html | Triage

Analysis

max time kernel
96s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 14:57

Sharing

Report Analysis Logs

General

Target

https://hidefporn.ws/2417950-su-chang-is-back-ep5-swimsuit-md-0190-5-fullhd-1080p.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2276	msedge.exe
2276	msedge.exe
3560	identity_helper.exe
3560	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 4688	2088	msedge.exe	86
PID 2088 wrote to memory of 4688	2088	msedge.exe	86
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 5096	2088	msedge.exe	87
PID 2088 wrote to memory of 2276	2088	msedge.exe	88
PID 2088 wrote to memory of 2276	2088	msedge.exe	88
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89
PID 2088 wrote to memory of 464	2088	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hidefporn.ws/2417950-su-chang-is-back-ep5-swimsuit-md-0190-5-fullhd-1080p.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd9a246f8,0x7fffd9a24708,0x7fffd9a24718
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3348462360543783300,16005307793017020200,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3348462360543783300,16005307793017020200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3348462360543783300,16005307793017020200,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3348462360543783300,16005307793017020200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3348462360543783300,16005307793017020200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3348462360543783300,16005307793017020200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3348462360543783300,16005307793017020200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3348462360543783300,16005307793017020200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3348462360543783300,16005307793017020200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3348462360543783300,16005307793017020200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3348462360543783300,16005307793017020200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3348462360543783300,16005307793017020200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:1388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
360dd5debf8bf7b89c4d88d29e38446c

SHA1
65afff8c78aeb12c577a523cb77cd58d401b0f82

SHA256
3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef

SHA512
0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fbbaffc5a50295d007ab405b0885ab5

SHA1
518e87df81db1dded184c3e4e3f129cca15baba1

SHA256
b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6

SHA512
011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\83f9435a-8abb-4111-83f5-91396bbf4d3c.tmp

Filesize
1KB

MD5
094149cd74b435f67f319eefe5e79ff5

SHA1
2273bb9b861b2dd6d4f7d253e34e18c83cdb0e47

SHA256
a06067d30ddc99c0000cc461ad47ec8779502f30d1ddfc0dfe19dccf68feb257

SHA512
a0eee1c3942e8e1b78f126fc6d27cef14d9941c51e84de56d657828b615ee0ece2822193ce32530b1d4ed73c828bc4ef57f53bb6e0bdd57ff2dd8c5f2b7d448e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8fcca3ac-fb5a-4c13-95aa-b28cec07cd62.tmp

Filesize
1KB

MD5
61977981739e5a96fd839469c36425b9

SHA1
006d5dfbae9fbc7a8317c49d3ee4c1a55eb08f6f

SHA256
32d2faf912046ac6681ec733c64e326bf6db2e6445e30f21ea4da60b11ad3e6d

SHA512
dc7bc661949cf13dad1f278e473968dacc88483b287203ce7f3a59c3f41454dd0e000116960b284e3c61c1c7cd833af7c98c1f6b5f0c4982882d5cd8e32c9b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
bb2c8b28ad23c58493e47dc313fac98b

SHA1
3f38bc45545a84bda2b756fb326fd53ca60106b6

SHA256
06e104982a52895565f643080c6fc33977d3bedc0dcdef73c382d0476a9eda0e

SHA512
0ae51d23c5299d81104973e0e5506a00547634379b077106e936ecb439721fea1e1d60a6f2d84478f150e54252ace38bf001636d8cbcde769e795a2ca79446c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
566afe5ff988e2b66641e9546653c7c8

SHA1
d3e0f040e8942333f29bef8a0f655e630fc233dd

SHA256
bde70343ef0761926a3eb1adb7e8909db0ce2fba901926f5e3e1bd64e2b2942f

SHA512
ede43edf1ec9f0455dfcd920dc174449a5462848e083f91003c99512b7b895d1264c0706de96a51225e2552c1fef6336609c167496b7c404ca99073df315bdfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ebda5b560ca8b756958f45449d5941a3

SHA1
0c0870a94d25eb99d91e74f93d389af0da17d1c3

SHA256
30c8f32459c0e368f292aaed7e46f11c1b45901ec3b28900a814f92358cadaa6

SHA512
e7a0c6ee67cb9b38a54fd70aefd9214e8c39a28fb51ab3931f10f7e0b0abcf8839f8ac9850ab43eeb53db5957da5c5143a00838a3418c15b56fb4846263184cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f05e1697b71948a6a396bea2561074e5

SHA1
4ac89ba995fabeda7f3ed75587fefa74de8e981d

SHA256
e22433b5a0bb54d56ea47122ee2176ef37169e581fe8cb96eaf75fd9dbe89b6e

SHA512
b6e5a58016b5081ea6290d57f617a33a8bac5992b9ad1953659b4b5bf09102fa9a971ba94be9026e8ab53c474c742f7070b90e9f6ea65fde548d5748e7a65c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec670b0b506922d017c14369ae21de7d

SHA1
c2bcf5ad5b57d61c5f9274a0d21bf9ac0ce17034

SHA256
6604a392016e3a0ed264ab03f91ad94a19e353bf1ece5244a1b7abbf51d4b870

SHA512
24d6872f4d2f251003e6f280556a4d080432c1beabf24aa3022b4a6401e43e2dfa8f343d1cfa0009399e2f13a3d3febbaebc8c8f738c3a10f26e0f52d1d8d4a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8b5b9f1de469657ef6c4c10deae88ec

SHA1
2cbbd6e0c8b21e2732810bcd19d08f894b3ab141

SHA256
c07920ef55794c8069bfde60111df3f0564612dd5f55eb0b7e398d57c13518ce

SHA512
3cb7ef3576dd91c811a66e4dc488aee5e70b35a22ef0bdec79220b6872de29fb4bdfa8f68e5733f5b943be60ce125b13edd4efb46ae5cd062990829a9355fa95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3f85a15a7328ec4a5b96753553f96abe

SHA1
c63421f37c7dbe8df6f17e7f27f29d8212083000

SHA256
ad8314dbdead42b13f41d3aab938d1710d33d8b0e1132aa798c4f687193b6f7c

SHA512
20903c03f2881209415c2e5ff48efc529cbf018530f942170beaebe2626f938fab3c85e8c5c4d67638a6e8168e858de98e9d280e83cbcdf20d078b2624365dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cacd.TMP

Filesize
1KB

MD5
140bea171ca9820ac9ac2b4672043bc4

SHA1
f7d1467a4c4b17dea8ede8de808ec162e7e44eae

SHA256
e904b6aa56bdd11c342bc8e51d0d136dca6e830bdf58d478502bff26576400ad

SHA512
be78041c8aba0084bf7b77b5e5a582eeeb306743ca6660da3a8f3bbc7f9497f22a130aad177dda8baca1587a90b1d4425778616bad3efb31bf031f2cd278e932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3f575597c15db00ef008632e8a730bc7

SHA1
585490adc58552b245cee911a4e63542b929b948

SHA256
c8b8b469b1c98e0cfbda7635f3ad04b9047d8cbf622c4f41e651d5ff96caf02a

SHA512
e3ebb326e35f784d6d19237dfa5675843401ce271782292671c9ea8145e7afcf8cdd43a37290e44ca330410415f53b31aa93de166a80721a1f68d4f4cdb02b90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8eda6edf05f9769fd29e1d2303476201

SHA1
e7654db9db8df1c8e2f8f3292610adeba785f976

SHA256
a5c82f9a44c4becc30577ab90a47357f9f4511bc9f9535abd8b5957445dc570c

SHA512
5113b516b64792e089c707cc7b67098a86d9c2d8ceb2cb336e61ca405cb50d3c0106c5fee0d84fd99ed56ae2fb991c14fe25fdf8895cd3d2dc15397cc655c875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7f1baf607b6bf0b697004a1cffd9f22e

SHA1
cb33ad96a6e27ab6334ee592171eded3653a319a

SHA256
fa49ab28a8d36733936ac07cac191f69bd96782d4ec4d178c97017c1bdd175c3

SHA512
05902040eb1600df56cbf5c8e99b31c2d79a8c644563ca7f58c46e7d14933c6adfb794d844f1ff283ad2d711226aaa5ae71ed6c455fba4befd74aaabd044dc76

Download Submit