hxxps://www[.]pcrisk[.]es/guias-de-desinfeccion/11226-arkeistealer-malware

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.pcrisk.es/guias-de-desinfeccion/11226-arkeistealer-malware

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
2076	msedge.exe
2076	msedge.exe
4500	identity_helper.exe
4500	identity_helper.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 4804	2076	msedge.exe	86
PID 2076 wrote to memory of 4804	2076	msedge.exe	86
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 4672	2076	msedge.exe	88
PID 2076 wrote to memory of 3388	2076	msedge.exe	89
PID 2076 wrote to memory of 3388	2076	msedge.exe	89
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90
PID 2076 wrote to memory of 4540	2076	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pcrisk.es/guias-de-desinfeccion/11226-arkeistealer-malware
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad6d046f8,0x7ffad6d04708,0x7ffad6d04718
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8120251225470801296,4812213378547386997,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8120251225470801296,4812213378547386997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,8120251225470801296,4812213378547386997,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8120251225470801296,4812213378547386997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8120251225470801296,4812213378547386997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8120251225470801296,4812213378547386997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8120251225470801296,4812213378547386997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8120251225470801296,4812213378547386997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8120251225470801296,4812213378547386997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8120251225470801296,4812213378547386997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8120251225470801296,4812213378547386997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8120251225470801296,4812213378547386997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8120251225470801296,4812213378547386997,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5680 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
46KB

MD5
d30d249af71c31b931599c5e6c3cf0ff

SHA1
3163d26c41721bb081a1823236b059f1cc4a1fb0

SHA256
c323ca487d85fe78876ccbb789b925fac86e2b42a3837eae76347b97b94b3188

SHA512
8c2bbf9d21ebab414c1a7440d52d00339091e3cf27ad37917ef66135ee77c5179309c5cd162f0f3d181ba884dfc98c41ab5a6b9d75c0809196e39f765ff4fc59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
32KB

MD5
cbf1a0de554bac240ec0d5fc9afdbd4b

SHA1
11a8fc794c0d072d6806da59c716b6e16140564d

SHA256
3ec598835438a723183bcfe3e878b261bd5cebd1c796ca0fec5f2c6eec60aeb9

SHA512
6d9851d2951462b11c3e4b3c992c47151c211cffbf456462062cf5e9a966b47af159ad7ba3473ae103ed80f3a82807787e94f1f23a0fffb2cb273ecddf32cb40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
19KB

MD5
e6cde919e406d885d50ea35f02468cd5

SHA1
d3a93677e3844d2c5a6d44d139281d8a9dd96fcb

SHA256
a15ca5f30eb0024d39a88e11460590d93a8391187184e16803ced7704e38cda3

SHA512
fcb2f00923fcb1e80e794e32460ef67f4fce7a334de718c70d8c23df7d644b7b68c4bd44af4b6e43627dfe804724216e9d1f46b76c1a35483d9678448acd880d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
e23b8f3ff498e7a9856df220927a6e5c

SHA1
4e1d3ab433d1b722dddb8baa563ca482b339eead

SHA256
3bcc66aa9cf86d192b7c98ab69dfec1e29351b525ab027ef07be80c48851de5e

SHA512
bc668a40d016635457aef81c33b9187b834eb1b9354ab2000c9ac406dea2f3ffd8d761678f65fda31efa9f9fd8c2e1ec407ceadace95093fe697ed47723b6724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
feb874ba5dc4ec8331a0285c38993c19

SHA1
da40ae165c80699b464562a6a2c77bfc2029e297

SHA256
e73c3c6be79dc1e1b17d0f6523630e3b2ddc0d7ccaa8a6e13a917a81388ad5e3

SHA512
1a2324c5b6ead2411771cea9773ac2c6663beadf4ba36c1ce9f2c4e11d18bee72687b33634e1163f0e991982eb21772d9b4e4be0fe169672e584ab75b598aaa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
756B

MD5
c1b7b9f693ebdf191cf78c10d54b094e

SHA1
cecc7f8296b10d95db6e314c3c9bafec60a05ec9

SHA256
88720b3422b080aa63cf3e5b6421de7872992d351cf65eefb8a314ca881910bf

SHA512
c9e4e82cdc6139a3e6c6cb5e43010651da810bf001b7e455ebd0261a9383cacabcb628e9fd820d6adb35976bf5952370399e1186ca2821660b55c96f0c6cc1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2e8f1a76470dfc2acc8b285959362b79

SHA1
b6efd9195c0369781eed66481eac8efbe415a64a

SHA256
d64182fc92ce7cabf1007db5287afd8289b9c0f5dfef481de5e5e9167e9101a7

SHA512
475dd1900fbf252d70818577889addb0f1432b9bdbb1dfb643a2f575dd8f5fb042386ea604b64386ca43ec4b769582b9f3091e51804aa4eb2e82c81f49b5c051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89b39a2970048a79f089671c913dea59

SHA1
7377103d2a7af12bd7486d2658f08406e4246407

SHA256
639dbff7f0d7d9b42fd6635d76c1bf471852a712d48cc1d5c4ff21a12739cfd5

SHA512
5cd1c60c6022384a96a88bd0337dc53623add58a2863bb9b56bd313db5112e71e679a972cff535ce8346162e03d70676fd08d5efd29fcdf8a7af3ac4d907018e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
405740b30e8452eb78e6a80732ba4a97

SHA1
69a375e1307802893080777756b05a3aad6a6e57

SHA256
6e0a756c3b2198241743c27f9afd2ec8e39ccfcbf574a6b34c4719575afdd7a9

SHA512
8c3ab47baccbd60842bb3b71bda01be3adcaf12a02f5fd6e0f2510de52ddc65a21896096e9b39a3b367989295ae0013b18233c22be054db03a1c2586ea53c15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a43e6faa6f2d44233a4f5a83ec82cd06

SHA1
ecb70fb2e60fae72aeb4a8e2fe88140756b3de68

SHA256
37bdf1e850cb806e272141153ab98a585ef9276952837ceadf540567e1143289

SHA512
f90a470656d3a3c006ef8c645a4102d45f707332b5704784ef3b3f2054961b7798ef0749cb4614cd6b40750109b024eb5d399a4ae73051f32ceab85e57e19f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
60e750cd4c3a4484ae7c6474e4e8d839

SHA1
16441b4436dab825fba79a5cdc7fcb24d6052f0d

SHA256
c737222ccafa47c6ef8b3cee20fd43b26548a75dfa51fcee6d9852bfe0f814a4

SHA512
b074509f18249df5340e58db9d9400c870538cd65859bb7fc5963aab844ef56049ae7b91b6075c180a7d3c111dba27ef7f75ab63a4868801abb48ac232bc9f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
42546582baa786b046fe44405762c824

SHA1
bf1c8bd2a399826344a4cdd6ef6e5276bc879316

SHA256
17949e6e4699a491c3738a43a69f0b47138fb34433ef8d69f3847dd9493996b7

SHA512
49eb74d73197163ddf9cd413b2483e9c1ecca2194949150c25a456c6dde0bce8eb463b58a7d621b96da9b8dfdf6d23d31a1af16089eb990bfe01fc13143625b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587829.TMP

Filesize
705B

MD5
f635d1d66a7e51af449076cbfcb73718

SHA1
83cf8a6034d4a66ccc46c4d0599a4697c2ccccb7

SHA256
4d6233643663803fb34d8057d5cf4be8a8ae7b67b4f5c1c40742ade07f7e9b18

SHA512
fa5a0e85e141ce04e183d4b355b346acb2c23b60d142f85f296ff3b89745cef4519a11eee55b76948f6ed88cbefde094d739e8d9f66f8d090377adf45ce2b687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
be61549bfed012898b59993b93847e69

SHA1
167acc7c224572855789e959c8e209ea066f2c0a

SHA256
bd884a9f0ba484b14962465bcb7eda2b8fce13b8072539c4140b1d157a000e9c

SHA512
c766cb2db0e52263128c5a03c8c9a23841b2ee43cca00eadb7c628cd39c2777a2ba1d9426dbcc259026d0c39e8e6f67ddded9d6583bd9cd60b7d691b6596d076

Download Submit