hxxp://zipclip[.]pw

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://zipclip.pw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2728	msedge.exe
2728	msedge.exe
2980	msedge.exe
2980	msedge.exe
1996	identity_helper.exe
1996	identity_helper.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	780	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	780	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 1988	2980	msedge.exe	84
PID 2980 wrote to memory of 1988	2980	msedge.exe	84
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 1500	2980	msedge.exe	86
PID 2980 wrote to memory of 2728	2980	msedge.exe	87
PID 2980 wrote to memory of 2728	2980	msedge.exe	87
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88
PID 2980 wrote to memory of 1916	2980	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://zipclip.pw
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c04c46f8,0x7ff9c04c4708,0x7ff9c04c4718
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7023195173141208591,10171158710098525578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,7023195173141208591,10171158710098525578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,7023195173141208591,10171158710098525578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7023195173141208591,10171158710098525578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7023195173141208591,10171158710098525578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,7023195173141208591,10171158710098525578,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7023195173141208591,10171158710098525578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7023195173141208591,10171158710098525578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7023195173141208591,10171158710098525578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7023195173141208591,10171158710098525578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7023195173141208591,10171158710098525578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7023195173141208591,10171158710098525578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7023195173141208591,10171158710098525578,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3764

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x394 0x460
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
307KB

MD5
c769c83a0b329f3b9e778acadb291fc5

SHA1
9b055a73130573997ab7ce7051451cb39407326d

SHA256
8b91d95947cf0d23b6b38742feb772cd89a1a8dc8a6f87e9e12b8a832a85fabd

SHA512
23426929e0d08cf09baa6598939bf1ce9bb506c777b535c9409172c90b1d1ca2b4e4ede26625a050f9c35dc357b572c276fc6c06390f87b46390abb10c3d65af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
106KB

MD5
9b6854d8bf46e46a964e91ca3e384d6d

SHA1
ff2f44b1d0e8162248cd0c167922593421a00700

SHA256
5479ce2a5c1b8351ee4be3a43d022671f95fb2ade3791767fb7fe9339ff12ae9

SHA512
36c43f163cad57896f146e605be78e495b587e4ccf1d3fd97fa9d8099b7794e1d57b2f599d8959fb365d9fec75a32c88a5914d67cc3719189af96fca25f57283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
124KB

MD5
7f75fdc64267c411a072153d25921ebe

SHA1
ae323104764cdb8e3bb5c8e1ebb585976f1526f1

SHA256
ab0b382e6c50ca26a17ea2764f90318bedaad439dab30d401dfb0e962dd29bbe

SHA512
611d58f83fa1f0db80397b9f01bd070d03631e048eba20d3da99c392e41fc7f305e3f6ec83127349c6d5781cf4ac958db444f05ff66de4fdf0d2c257f2865e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
921KB

MD5
dd347aaf17d47310625a0b6f44880426

SHA1
cd62a9987f91af48f352e07ce77b33491e7eac2f

SHA256
9ab60648d84dd365f0479fe19d538faf76bbc3d37a4d85cb7df89ae4dece550e

SHA512
fc3ffdd812d8c64109285d1af1150cc0765c08a64da8e11cf35c278325469b69062ec966775bd944ca90cdaa0db7f63a6387188c063964d708607a7038fb3580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
704KB

MD5
9b5a667d13351edc58d4996fd532c1af

SHA1
51ba34710f0fc08a90b7a57d370026206ad08028

SHA256
83bbb0ec559bf59ad5759b4686222a04eb9a9224b4848058e5bba8af988ca70d

SHA512
06cceff44f26ea93b491353fa01af33f11b9b7bbfe5c16f4fc833540c03781db044df4fdfd2e3c446e4a37e0fed41d76c476192ec8b67af23b2e746754664723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
739KB

MD5
7c488cfc0e8871b18d0dbe1299915c12

SHA1
d0ebfae33c8a60ace44fc5ec2a8ebcc6f538ceae

SHA256
6288d9d462430b58e9a361808d8cfe4b7e01dcba7ca1e57a31b5be3189b7a684

SHA512
a918f7108d32432d43e77e302cee3e737e1afcf8309dd27ed3ac05d3210754550c33f8438a7ffaf1ff52a691402aedcbf0c5079ae28ed75239f1a0f2cf42c136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
7d04d41c5110aa2b096be3010d3e4dd6

SHA1
60c681a8c46cc73868f1ba0739e22c41b29bbffb

SHA256
dc1fdc68adbb14b79699564a203bb97e3f784d2396a506ebde25a2c9fcf0fa0c

SHA512
3519818c647b84db2e71f2e3d818f101db3b7dd377c44132fa3be5e2198270fbf9f6376cdd179d22deef70b4e19fbb4584d48acae73db5140008443d05295b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
13c319aca867e076fa5c2fd93c2513d0

SHA1
e9ef6f97729e4e9a3b6e09b01d59841ad4c42d92

SHA256
7e87e708bae748480a671454ab39abde8d6c8104375170b10191bb4e28b3f2e6

SHA512
39a40fdc8ca4eac775deb526468cb4924c61eec91a9fe12304d333b4e6ed3962f11f3038eab60ce91e9fc83b47dc062f2c9bf211bf11dc93b2b5ce1ef9c621bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fd2de7fed06c5f69fc4d8d19b3d78290

SHA1
30d08a1e87525143866cdb2cde5dd964e06248e3

SHA256
bac962e6dca05201b89e85c09eeacc28799fc4cd0517e4f7bb2b1fa26f0db18a

SHA512
3a48b47672c2326134234bf1d75045708ded7ed6b90fac75265c41f5b4b80c879cf823a957d472268a6a31aa9cf52698ae0bf25700bec53483c96c1832b17349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11abd61c44388db98759de5ef312786a

SHA1
54cb4cb7b2cb6c636e067859d3955efe4cf150d1

SHA256
8aa30f85464ff015d18e256acd142712db587f05c863b749534d73b8c10a2273

SHA512
10a2273da142d29d7c7fd6276264524690dff32791811667b1697b55a0bf4075bab79a80516c3bfb386bc4c2dbbc690ef39af019146430cb68d58f1758e07e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d483ecda1a43e37d63170d164927ad5

SHA1
93e3ff056a01c954bb77a5b0e40e7641bdd5336e

SHA256
0dcdad91c8292de07e6cd0f7d4938f0915f14a3cfcdc9709689373ee48b54e80

SHA512
cdb84cbb5c2257f7d5e747e8759df2fc4767bc321532e939aa31c89abe7c5dbf662d107d555dcd9d746ae32b0a1bd9f382134f6df93adcd8afa26e80a86599ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07281140f14e0f2ddb2f54b7ec1ac09a

SHA1
c9aeeee9764abbc76d7e3be2098a2ac42eacd31e

SHA256
6fc37d849d4491ee6382db4929b7667ecdf3274b2a13e926fa8c534153574b64

SHA512
3a0f0471faf08c5a2c3e0b6c06ad4c7dd00f6f487636c8c9273a524ae6ca50662b27934789d7e7b9d2a53b9171959533d1933ab61d5dec4cf32cb23f93a4d456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a781d89f172984eba05ef366a83486f4

SHA1
884b8c721d3f41c5659d2461c831ef5bd3485916

SHA256
392339f80069973b51c7ddff8989eeacbed143e674c83a6272391bdd7a938830

SHA512
d6eb84e23e2cfd5ded884768936bd8e21778293678e82b20337e95dfd7500a42dd3b107ed4ccb713ecadd09d11faa36e5d425fcefea800644abc382a06fcf17c

Download Submit