7a639b16d76cb43a64a096032a68ada7f080672e6f6fc05cac86ff87365dc1eb

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ratiborus-kms-tools-78-8054.html
Size

35KB
MD5

e4bfc18bb738aa69a67bdc3b15e91b44
SHA1

980624d48a9105f3b94ce9c9de8987c58219cc5d
SHA256

7a639b16d76cb43a64a096032a68ada7f080672e6f6fc05cac86ff87365dc1eb
SHA512

d11723ff549a56b00dc40b953cc675c1db9d0a8431996a7bec956869904619c42e3f4c5811c8104c942feb9b3074f848e95960c4dd2587027ffc7d1a7d157e36
SSDEEP

768:7YK8bblLvyBrxX/udhjb8XhJrT/ZgmhqXVLLUk49Ohqx:8bblLvyBrxX/udhjIXL7Z8XVLQ9Ocx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1600	msedge.exe
1600	msedge.exe
3660	msedge.exe
3660	msedge.exe
2148	identity_helper.exe
2148	identity_helper.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 1360	3660	msedge.exe	76
PID 3660 wrote to memory of 1360	3660	msedge.exe	76
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 4856	3660	msedge.exe	87
PID 3660 wrote to memory of 1600	3660	msedge.exe	88
PID 3660 wrote to memory of 1600	3660	msedge.exe	88
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89
PID 3660 wrote to memory of 1476	3660	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ratiborus-kms-tools-78-8054.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf38546f8,0x7ffcf3854708,0x7ffcf3854718
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7192172462546931819,14162748832944556299,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1af9fbc1d4655baf2df9e8948103d616

SHA1
c58d5c208d0d5aab5b6979b64102b0086799b0bf

SHA256
e83daa7b2af963dbb884d82919710164e2337f0f9f5e5c56ee4b7129d160c135

SHA512
714d0ff527a8a24ec5d32a0a2b74e402ee933ea86e42d3e2fb5615c8345e6c09aa1c2ddf2dea53d71c5a666483a3b494b894326fea0cc1d8a06d3b32ec9397d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa6f46176fbc19ccf3e361dc1135ece0

SHA1
cb1f8c693b88331e9513b77efe47be9e43c43b12

SHA256
2f5ba493c7c4192e9310cea3a96cfec4fd14c6285af6e3659627ab177e560819

SHA512
5d26fdffebeb1eb5adde9f7da19fe7069e364d3f68670013cb0cc3e2b40bf1fbcb9bdebbfe999747caf141c88ccd53bd4acf2074283e4bde46b8c28fbae296f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
f1aeebe673693b7258a78c049239dd03

SHA1
c13a067511ec8b97515acf6e5f50c83eee989c6b

SHA256
da5bc8553dee6b7c2f41f411e6d14a289f6634d1bd5f584010c34b1b90bb02da

SHA512
1ab671714650400fd02b9fb536b98d1d01807e095f63c7d549e6c8fd4efdc196f2c92bfb45468f878abdf4a992a155032e60d0496fac48c22ac8410ccd6fa950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2de3f3d68325fb7785ab31a8f21c50e8

SHA1
96ee1046473a65d42b3743e111cfc1baa434d6ee

SHA256
7eefdeb9371220897ffe63127c8c578fe3598422b2e29d24d2169062099d8d4d

SHA512
ec26e8327045543818cc36821145630d3fd5442e5ce77f9e60b1564fc83d48cc8e671171e94fb6c028d1ed9bd5c3a16b114cd54f18e9864afa34329df756f5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e51849e774813ae770c91383f5422e3

SHA1
cad8644383fdd3307ab85d3bfbeefcbfbdead48c

SHA256
014a4b5417877ee1de83623f7895b73d3b38bde4570612fe98f68469c58f4a5f

SHA512
0c8e16874dfcb8fd100d3b87f9b001621acd6f8b4abdcf17e59cb2f0105e4eed4af96e34ef4056f467f5884e66037bb1d59ff5654f76b58ad3986fa20c009650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec01b66c46627956491364cf8b84364a

SHA1
6bccde2c41ee76ba4733abd6a4c6f1c466e0089c

SHA256
08586ef792ef48c1b7000d94d30f9e24c8ba50da40348bb04edcf17e50dc2a66

SHA512
7c7758588bcb2ccdfa5a35d0ec4bfdd4cc926253adbc48b8422c88e03ca23e7ee658bff6a69e4d76db4915363d6f8b54120b9980b1a1ffcb5824f3db8b08a2c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eb9fdcb62b704df793b4c1b2e8878c9e

SHA1
0e7116b53e7f5afa48410b83b9400c2a4c27d121

SHA256
00bd4dd0238a4596d030376924ed4d96c74e2f36dfaabf9476b8d760fda4045c

SHA512
9b02c6c19335f003e553f1483f9a01bf8e3c9b6cb5994a35adea3278ce1a31a040e9e6a8e4d4dd7fc41dc04e682c9ce7c25054227a8961baf1eab1f7871ddb1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
b688d651cde9ea34a9ea5288a85b97ad

SHA1
80b451d9c0693674bff709552c1a6d9326d7108d

SHA256
a918667f9ab3413f9fc423ff07806f3ee6865381f2b51ceef8f5c85f6f1f5699

SHA512
7b8e5867021807169b8df5cb59834fbfe843f38532a0007a33384736d5efade734cb5ce82d568e30624a71ac61a71a254dba72b58b64b1248e8e682e3c927acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f220.TMP

Filesize
370B

MD5
c2523a6578c2f6150eb5c25a9eb6d942

SHA1
545ee8a011be75d4614eeeeb89e3fbbefa716621

SHA256
e5bd67d09f0f0a6809675083efad4d3a3259b83974ecc0951775904c679fa195

SHA512
a3019035e2160fd0fb30f3e59653dbc2e8da9fc66f69cab40eeb0e734aa8ea992e9bdd2b650eefc4c510f6eb90b27c4103d3858c5adf6b15f26be25542f22ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d680fef063ec82f10cd8a0977b54cde1

SHA1
887ec891f153c8531b846601d079d0bb8042eb9e

SHA256
4f03b3ba01975a494118b771d2d70a52c6bcc34f69c9d3c009498f8a45ad15a8

SHA512
8072c73e680fc85ba67f4e1fef344eee9aad586f20ba9dc05fbbd1a5da92cd0ee2ebb8e6a369b4da25cdea64cc491b05221cb9f532e606b4939b5c0f10882aa2

Download Submit