hxxps://app[.]getresponse[.]com/view[.]html?x=a62b&m=B9jrdl&u=tTiwe&z=EzLRwSt&o=pp_5&data=05|02|eaglelee@clp[.]com[.]hk|0d34957d839b4573ce8008dc31c3d332|33893f4e33974cabbb3c9224bf7eafba|1|0|638439964347952265|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|0|||&sdata=W3dXXPdfhFVL+jsbJbQxyob/SUZN/wufzc8oOQyjecY=&reserved=0

Analysis

max time kernel
145s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
07/03/2024, 03:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://app.getresponse.com/view.html?x=a62b&m=B9jrdl&u=tTiwe&z=EzLRwSt&o=pp_5&data=05|02|[email protected]|0d34957d839b4573ce8008dc31c3d332|33893f4e33974cabbb3c9224bf7eafba|1|0|638439964347952265|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|0|||&sdata=W3dXXPdfhFVL+jsbJbQxyob/SUZN/wufzc8oOQyjecY=&reserved=0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
1352	msedge.exe
1352	msedge.exe
3200	msedge.exe
3200	msedge.exe
4172	identity_helper.exe
4172	identity_helper.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 1032	1352	msedge.exe	80
PID 1352 wrote to memory of 1032	1352	msedge.exe	80
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 1476	1352	msedge.exe	82
PID 1352 wrote to memory of 4152	1352	msedge.exe	83
PID 1352 wrote to memory of 4152	1352	msedge.exe	83
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84
PID 1352 wrote to memory of 2812	1352	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.getresponse.com/view.html?x=a62b&m=B9jrdl&u=tTiwe&z=EzLRwSt&o=pp_5&data=05|02|[email protected]|0d34957d839b4573ce8008dc31c3d332|33893f4e33974cabbb3c9224bf7eafba|1|0|638439964347952265|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|0|||&sdata=W3dXXPdfhFVL+jsbJbQxyob/SUZN/wufzc8oOQyjecY=&reserved=0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc1393cb8,0x7ffdc1393cc8,0x7ffdc1393cd8
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,8246136181894086691,12646271351858859630,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6224 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
45a17d862e0e1756a16f43cf422d8f03

SHA1
44af0e7019f05c5b26607020e724cbd0de834030

SHA256
062f1b4547a1db9e4d44d7ad15ad06f60c240ad1a95079ccbbf63d3556e10388

SHA512
1f00d8efe6f3a717d30cf0f27fc32eb269bc7ee82656f857fbd5df495ccf2e03cb6c6bbda11cfc707e92399c39c1c65c92490047253d23c2d835f736bc9796b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d459a8c16562fb3f4b1d7cadaca620aa

SHA1
7810bf83e8c362e0c69298e8c16964ed48a90d3a

SHA256
fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

SHA512
35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
656bb397c72d15efa159441f116440a6

SHA1
5b57747d6fdd99160af6d3e580114dbbd351921f

SHA256
770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

SHA512
5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3b113c0d-1822-4b26-ba1d-67588676826b.tmp

Filesize
3KB

MD5
a3c0bdbfce5b0b26f3d1cb59f0917aa5

SHA1
3b4de25c97c74710bad5c5e120144507d3761e62

SHA256
477b1a2197488029a595baee17abccb1357bc9f9059b4e8afce686b948be6594

SHA512
0d691816d246a4e1a1cc942b0719c1d650e6de0d844799f1112b4b13b0f12f6808bc2627c5a3abe02de50686f81e53e14456a69469a40910b20c5a6f7e63c737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
15f6257c22d3a28fc6ca5caad03ecf7e

SHA1
28c4d6712817d249e917abadb191630324fe86b9

SHA256
85963910479aedc3bfd8e9e5eded6a9a39233e924f48e6b75b33caa51747ea64

SHA512
0504f39e16a0f4ae0232cf3f3b3ecd2b25262aa44a6e20ef1f8dd030033acaf68699a3f1054cd511c5bfc6453a7e906684f8f4ce552fe06d1009787be4e5e3ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
24737e88c13c0c0b68237f474853e40b

SHA1
0cdc9cc0d0656367e29615a00721e9108172ff78

SHA256
acc30dcf79073a0daa402ddd3617a3fc006ad55de681313e155ee00c45fcd4aa

SHA512
c201c65d90b6546c7490b2c42f6a86a05a4c4c998cd59bbc85e6b69a3f3214e0b942e10b50593aa55e7dcd4780c0c4adedbaa8d800686fff6a4f81a6339fde87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2a579d71089f0686724f8b27bde04048

SHA1
fdf2fc16cbe95c521cebe40e78920d4301a71765

SHA256
0cafd3326dd0c9a4295b3362567c37345958f602faf921d4fe99ba23ea399dbf

SHA512
7426177d325538631e8a4486eef59d6a4822a12e7dcfba313b07253a05641f865f0d3f6a50746a1b629d1a6c0aae332b1a882517c7fe67c6ecf4d0ad48ed820c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0402a41ad6498fb111f6b344a82e3268

SHA1
000817e67b47fc8885ae9e7dcd7c001ab3c413d3

SHA256
f08f35c53557b2bf99f176d661654fffc114e27d605a21dc0aa07a8896332f39

SHA512
b3555b09b4f5aee94798d4421d9a4ffeb7290a9dc38b850a467dccf1ce4364459d8046843efd018af6a774feee404851ea9014b5970dd62ea0e6de85b02b312c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d1a.TMP

Filesize
2KB

MD5
6fea40ef9e9175c1ac628d2595de6b44

SHA1
55ab5e572f99e869768fb1a54def5eb0e88dd691

SHA256
f745ecf57580bb71198cdef093f139586b90157403a727d553a279c89db624c9

SHA512
8ce61d08fcb954747d24b6488d7dbcd97d39ea77f73e67f65ba3f0b4eee84283d73282aa48635c7971337236589a1085fd0ca65ae693c7d163b5b30faf4ea60a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4dd4f1770272b130ab139895824a5c8c

SHA1
c169893f430256c57dc3b725f61148e990b6d5f9

SHA256
f14eb6334c0a6619183c2679de0a0e6994486193143ecd82a72135ad5b8bcba1

SHA512
456af718def15d7d604e8f89f70c65d004544ef801d59327c2372e5ab18e48ed58bbba3ac5e4b5f2e1c4df7c9ba3efc405123972d8b70d2963eb5644220f455a

Download Submit