hxxps://www[.]renewtech[.]com/fujitsu-a3c40059210[.]html

Analysis

max time kernel
265s
max time network
269s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 05:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.renewtech.com/fujitsu-a3c40059210.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4792	msedge.exe
4792	msedge.exe
3600	identity_helper.exe
3600	identity_helper.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4032	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4032	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 2052	4792	msedge.exe	86
PID 4792 wrote to memory of 2052	4792	msedge.exe	86
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 3884	4792	msedge.exe	87
PID 4792 wrote to memory of 4036	4792	msedge.exe	88
PID 4792 wrote to memory of 4036	4792	msedge.exe	88
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89
PID 4792 wrote to memory of 4636	4792	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.renewtech.com/fujitsu-a3c40059210.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaad6146f8,0x7ffaad614708,0x7ffaad614718
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,11060541549657907663,6308423837951124695,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1932

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x454
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
8e6342049b04dfabad734ec5444fbbe3

SHA1
63ceed894b458c5b0bac21c2c86a6baf3200e441

SHA256
1666295941d2d62dc941d475ab4ae288449a24382dc6bdc522bc3e20b1a7d44b

SHA512
457acf782a289a34a02f1a90b56965ab8bbdc9fe35840c37ce4c08d1c1a078685a952805c3c6e4f42f99c7e2431299fd92e1d779c62cf58f8ea7664f4ec222ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\778ed64d-3d8e-4546-bab6-b8a26b0ce87b.tmp

Filesize
1KB

MD5
47405cd451b8996e2d4a23f7d0bf4464

SHA1
9e7d3f92e618212aa8263a134aec91f5c7d1d099

SHA256
436a518789f1e032e87da0449b93e8a4dc0751e80b9a99632a44d910cf3f7b72

SHA512
4217de3b7040a741f1e54690c4fef59e07f05097d6ba234a88f0c5dfe309435d5edd9e333e8f7e033a7c701bbcfd0da01438106b6e43f8d6c760afdf2ea7c629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
67210a02bd5e2296675259b9aa743990

SHA1
dc4f1f7344db5250a54ed1b0f77a18680bb6880a

SHA256
53d59cc2a6d34b96eadc93b247848b58adcab29e97078fdf6dfe8e330168f30d

SHA512
008e9dfa54577864c1dc80159734537e6f5240910020ff7446b983a0a4ee5d8969e56f6ffe268f660f44fc75790d8685d2a7029ded7ce06fb45f40077496a898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
396606c81b44b7e31ead43f1f3737ac8

SHA1
83670ba4ee598ceb7585136424342c840cc81c36

SHA256
b2880903f43f4f42d812d97d5d3afab893259bec2c73092481eefa79427e4400

SHA512
b1d8ae41fc390ec87d0b825ed6f4d6e1670735b88f0717ffbfbc16592cfc62823a223c45cf357553d0ed1f36a84a161fe83c196e435073ef36604f13aae8dc37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c4c565e353feb647fdf09ac1b00d16e

SHA1
6b45000a242bb4ce26bbcf3cd4a43f6c4ed07ba0

SHA256
10cdb08162e562c48f4507e6f44a686de2219749ace0c3b26390f0c05ace6f74

SHA512
6fd7eb622305b8902f951f25c89f9859e41bb4d07cd74fcfb707b600ed74a8f9b801d7851ba20314331f4031ae5edab41fb0cd7ea85fc0b2c72afc3c6886b8d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
323d8706084185afd3782eb2ae83fbe8

SHA1
381fead6e2c006d6766672ec7b73bd70b8137d46

SHA256
2a5e1d601e8c5563bd7f1b8419a11198693ab540a3016031f1eb53128817238d

SHA512
8a25a7db3ad00c38ae063bb65b3da8be18d66e9625d8061a9e6903357ed303cad260e5e9b61efc4acb05ac69125d9980e605d8e497849f8c7f0335ae26c0cd71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c81c35774fa68dbd55dcf5c185329524

SHA1
fbdcad3862be8b22ea96f05c6d03aec7e94bc3cd

SHA256
03d7a8f8fcad8c1d56122ef9be86659737bbd2aa3f43db528cdbd278018a22e7

SHA512
d28a2c7a8d6e06bf6e3991afa680b0350efc89ee632efc3194e785ac12b022ab0127fd72196169b9ab1fa67ca8adbd08e83448e9c3f83bc6b69daea4b1f6354c

Download Submit