hxxps://du0pud0sdlmzf[.]cloudfront[.]net/7eGZmdkEbCQgQfgwPAkt4QVFSRnleDBUZLwhbNhE3SzwKNC47VUACOxxbVlAtGQgBSyUdSyIzZx0IBUtwXhMHSywXHA8aLRlDVDB0VlZDRHFQEQ8YJRcRFVNzSAgSU3NIV1ZYcV1VJFNzSBEPGHdMQ1U0ZEpWHkB1UUNURiAIFgoTNh0EDR81XVQgQ3JPSF-VAZEpWTh0pDAsKU3M7Q1RGLRENA1NzSAEDFSoXT0NEcRsOFBksHUNUMHRKSFZYc09SVVhwSVBDRHELBwAXMxFDVDB0S1FIRXddVFYTJR8DQ0QHSVNIR3RIUFVQNEVX

Analysis

max time kernel
197s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 06:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://du0pud0sdlmzf.cloudfront.net/7eGZmdkEbCQgQfgwPAkt4QVFSRnleDBUZLwhbNhE3SzwKNC47VUACOxxbVlAtGQgBSyUdSyIzZx0IBUtwXhMHSywXHA8aLRlDVDB0VlZDRHFQEQ8YJRcRFVNzSAgSU3NIV1ZYcV1VJFNzSBEPGHdMQ1U0ZEpWHkB1UUNURiAIFgoTNh0EDR81XVQgQ3JPSF-VAZEpWTh0pDAsKU3M7Q1RGLRENA1NzSAEDFSoXT0NEcRsOFBksHUNUMHRKSFZYc09SVVhwSVBDRHELBwAXMxFDVDB0S1FIRXddVFYTJR8DQ0QHSVNIR3RIUFVQNEVX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2516	msedge.exe
2516	msedge.exe
4864	msedge.exe
4864	msedge.exe
2772	identity_helper.exe
2772	identity_helper.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 2236	4864	msedge.exe	65
PID 4864 wrote to memory of 2236	4864	msedge.exe	65
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 4920	4864	msedge.exe	89
PID 4864 wrote to memory of 2516	4864	msedge.exe	91
PID 4864 wrote to memory of 2516	4864	msedge.exe	91
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90
PID 4864 wrote to memory of 1844	4864	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://du0pud0sdlmzf.cloudfront.net/7eGZmdkEbCQgQfgwPAkt4QVFSRnleDBUZLwhbNhE3SzwKNC47VUACOxxbVlAtGQgBSyUdSyIzZx0IBUtwXhMHSywXHA8aLRlDVDB0VlZDRHFQEQ8YJRcRFVNzSAgSU3NIV1ZYcV1VJFNzSBEPGHdMQ1U0ZEpWHkB1UUNURiAIFgoTNh0EDR81XVQgQ3JPSF-VAZEpWTh0pDAsKU3M7Q1RGLRENA1NzSAEDFSoXT0NEcRsOFBksHUNUMHRKSFZYc09SVVhwSVBDRHELBwAXMxFDVDB0S1FIRXddVFYTJR8DQ0QHSVNIR3RIUFVQNEVX
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffeeab46f8,0x7fffeeab4708,0x7fffeeab4718
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3408 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13713102900429945234,9362776809798742948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
343e73b39eb89ceab25618efc0cd8c8c

SHA1
6a5c7dcfd4cd4088793de6a3966aa914a07faf4c

SHA256
6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223

SHA512
54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4c957a0a66b47d997435ead0940becf

SHA1
1aed2765dd971764b96455003851f8965e3ae07d

SHA256
53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163

SHA512
19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
196B

MD5
9289852602fd579e281aa8b028985c35

SHA1
650ba65a770575c00fda16b9673f07f61115263e

SHA256
78faaece2bf9f0498875179f0ede8440c8ff7d369f6d79a569fe34d38b6b5cfe

SHA512
81158839e2536239d1e047428fc28a72312e0bf45f6ab249a8c14e36c350676da39f99bd52158476723bd858fe1965ebf509d6909497988ea245506fd94498b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
266B

MD5
f020d18a0354cd8d413efc45a4e23ffd

SHA1
c6ff344acb7db3d7023ee23218cbe83b267f61d2

SHA256
13394fc7aa1d54ecb6880a576bcefc2351dd8f4676bec67deb5031572c783692

SHA512
9fbb2990f5fe0f495c5d4f61f9d16172fc130c6d681fedfa8820b8f44ef699417d745596b616a2e0001ee70d4b263d880639eaeb91613f39a7c29aa05ca392d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1b408c7672d8d04273d782520a982df

SHA1
8d1f7def61716a9e5dffe7b9b2db2efa20090911

SHA256
043ec7ffd39f8629ea22fe7e66ba0ec10806b64b2e48e5d145dd4e53e7e9fb09

SHA512
4825a6f2dad01c714f0fefd22c71ded754f57897eb377628c114fef74d0b5121bc1f93624541060c943aae8e58db8a696a1f04221297a971b973326226bff72d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48d3c7e2feb303f7980865740b06283d

SHA1
fcd6ef7bd2334a16244af26e87939744a0131b07

SHA256
01ee2bd8585ce3ab0ef7f662e95d2d7753029212c3838d2ee45276f879ef588c

SHA512
9367a36c43bf5721ced5788c7b6dc64b0772717a5c3eb4d71d0edcbdebd0dd26f7db46dc7093ef2c2356ac29e7cfadab530fc65fe38511ce7a685472b4e98010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5df4e8fb6d55f5dd7da5d4b2bfa1657

SHA1
cb685f23f6b7db089f3168af5d4aa9d8228e16ee

SHA256
97a6ff47032f9e53d682de7262f2cd00ceabbfecb8c1a94acee81c7ea44df30d

SHA512
edab96deede458a889b102e42b3a14b87612e838d60d40e661b1e12859197e923b1b2c0cb2cfc3f950d105a0457afc7331a19647a0834a484ddf80bcd2c3f5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac9fce9618e79f6c72388860b5e5879a

SHA1
4f797eab580caa4ceb41193b83fc0cafb1cb4e3e

SHA256
99cf3fc5c7b373e930df447f25c88d7a46fadcbd643da39fc9e2a1e75391d2ca

SHA512
030c42166b13b7c71a89a52d5e4dafdf8be080273b80c0f041327f81c91a92f5fefa89e8348e0df37806f7d73ce33cfc62d2eaba6d024b79fc778f2a60def93b

Download Submit