hxxps://frostchanger[.]de/

Analysis

max time kernel
310s
max time network
326s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
09/04/2024, 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://frostchanger.de/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
19	discord.com
24	discord.com
30	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1016	msedge.exe
1016	msedge.exe
1436	msedge.exe
1436	msedge.exe
4192	msedge.exe
4192	msedge.exe
3896	identity_helper.exe
3896	identity_helper.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 2108	1436	msedge.exe	79
PID 1436 wrote to memory of 2108	1436	msedge.exe	79
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 904	1436	msedge.exe	80
PID 1436 wrote to memory of 1016	1436	msedge.exe	81
PID 1436 wrote to memory of 1016	1436	msedge.exe	81
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82
PID 1436 wrote to memory of 1260	1436	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://frostchanger.de/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4ffc3cb8,0x7ffb4ffc3cc8,0x7ffb4ffc3cd8
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,11244487364696729444,11165616699882783588,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5508 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4424

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC
1⤵
PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
341f6b71eb8fcb1e52a749a673b2819c

SHA1
6c81b6acb3ce5f64180cb58a6aae927b882f4109

SHA256
57934852f04cef38bb4acbe4407f707f137fada0c36bab71b2cdfd58cc030a29

SHA512
57ecaa087bc5626752f89501c635a2da8404dbda89260895910a9cc31203e15095eba2e1ce9eee1481f02a43d0df77b75cb9b0d77a3bc3b894fdd1cf0f6ce6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
88e9aaca62aa2aed293699f139d7e7e1

SHA1
09d9ccfbdff9680366291d5d1bc311b0b56a05e9

SHA256
27dcdb1cddab5d56ac53cff93489038de93f61b5504f8595b1eb2d3124bbc12c

SHA512
d90dabe34504dde422f5f6dec87851af8f4849f521759a768dfa0a38f50827b099dfde256d8f8467460c289bdb168358b2678772b8b49418c23b882ba21d4793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
1024KB

MD5
23b89551bb79b4fca34cdfef67ae4222

SHA1
0fe9acdc299f03527d94d045283b826a9c6aa917

SHA256
b44a6dee9bc7818d6b6fbf9fcc7280369476167b03962131290848b4651ff174

SHA512
b54d0919d55335a7dd61f1d65e445c21aac75c347ede2ed1cab2ca6d846535ca3dc6608107a37e193b87133923d4d95f15da7c339cb36133a657991a8b66c1c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
1024KB

MD5
4480c6e20722c192c28ab8ddfd645017

SHA1
17404270e4b57cc2ed2990278c3821361b9397f7

SHA256
379c21b25dc9d7b0f2d1ad21dc02d0f79866fea5c69ec44fdea31f87c0099159

SHA512
47a2ce0edd532bdcd1271a8f86a1de86b06c20925b422a103af4b9860e864a62bb563c5e1eca1bb1b04ad0f1490a45036ac9792f6b6c338c56725c862d415de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
1024KB

MD5
50cf735e5a3c91a82c2f3f1b969e33ed

SHA1
65d1de34dbee0e915de16fc88c17d70a8fc10fd4

SHA256
b45534a41f29dc9d87f6b5b73afb856f04a5c9e4e40ca8f82aca9a0b653599ba

SHA512
961afb50ae4aedd5cbebaee083d7d46951a6b03f03200df1aae924571186687abfe7ac8ed1be8eecc8b849d68dd7ac22e633dd4ad85a19d464f55bc1926301c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
378KB

MD5
ce51ff02e87a580ba46978e3b1b86f10

SHA1
a0deed0c3db46cdda62c9c1c07f153bdd4b4634d

SHA256
c7dfd812bb2382acbdd3c7185a37d918f4c8da51e29b03fdd8ef6fd8a169fb30

SHA512
f6fb612211bb229b2e32ec790187e7cc6d593e8b96f984db55595e8162b41c7a52cfbfe53ee9cfcabd45b6ce16720d6d330fff0d128db96096545cc00ae04d0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
93058c4e0331a9b7f4905910b44627e7

SHA1
50b4688528e9dbb286712858e4e759644fc49c59

SHA256
f0323229f3b9a6c5ba7730985b1851aeb8ea01592aaf9300475c0d36bf078a1a

SHA512
47069675ec17e2d18c6c9146253a795edea3284c26ba292cf8aa1832b5bef3f5df62a2dfa69df87ea99832022c62bd4d6445884eb73c1381b5271b23f83fcee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
09dd9ad5f0c85aea3df87055e2ca87ae

SHA1
ddf0eef2a1355b0add3bb920bfbd76ef7d513a93

SHA256
2b30be76054895cdb796a27b688925286c8e0145e8096bcc6a517948585641b9

SHA512
3d6673a624d8cdca8f77ddf5a8e392bff4cccfb525a93bf1d37d66e6ec42f0aab7b88a8e4fb4e9b01718b8d5fd8e4c09ee62a339e56b37ee3d51c5ed78632511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
882399c6794a8646fd7d54ec1ff490cc

SHA1
3da5d10c408868b039b820831828cfae95354b37

SHA256
56e9b188c919daacafc6b0beee2ec57904a002bc7258b47c339b594ed74e2483

SHA512
52637be91918d18f378dfe2541160a5fecef5d92a84c177ad754f9671870730b9737dec85c3c5c1ec06b2d45907dfb68ca67053c5ba29f91ddd41382eda81597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
833f769e8128ed05b84adf3699428e1a

SHA1
a9acee3797ea2954b7ac6b0114f4ded4c7c6f69e

SHA256
0121327e457a6990bcddc570d409fad560a6f4be4175d4d7e8934d7d9b1087f6

SHA512
093d4db6ca4dc30e4cb55fce68faefa073640b0b8d242feb96c10fd3206b26c9373ed3fb38e49f88d472c0daac47bf5379c075538dce95f3c36b8a20ed11ca74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
290743afe0348dd6a24e1841c0a052f5

SHA1
8fcc5c747949907acebac81caa291cc973f79be3

SHA256
7bd0fed8525636701578bd3bd409893e37e544da6f483e0c61f920673ca2c2a2

SHA512
99429895b7f9afaae54e1a0ce50dbf6e4aa5573f76447c77eaa8c3435fb8ffbf049171e4e47fc9a8e8b141aa7f03bd72d7aebfb58995d3b8f25cafe164eed179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cd5f94b5cd0926016b83a59dc2f40359

SHA1
ec916baafc72f1214d7f332e58453f67461775cf

SHA256
9ddec70a8eb23557f675e71528e22008d2a223066381273d8a14134390a1a3ee

SHA512
863dddffb748a95327ee2f8847cea8550fe040ab2bc30925014f3a8eeaf281996a01a8be7a07687dfe4c20de1061f0894e9ceb5b97ca015e3c58e2386bc4e861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
187fc9e954362cfbc147fbb2c4cd12a0

SHA1
ccbdf3af9c5ee4c9c756a16d7c72845793adaf15

SHA256
7286a012244100007c2e0df78a916298a140d1fe68879b6ee754fc861d996311

SHA512
58aeb80cad16b358b9069da6ce84fd2899233b59fa718f93e3dfab5226b1e1caccfb1740d48126c92a021cf885f18c6de598be01ed11c31875e6f8927896f439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b116d8beade156a6e813df3a3111e1e2

SHA1
1a2e56bf07a99fbc39c72dc0ccfcf142d58e91cd

SHA256
e40357733db7afa0ff0c968e79bad3c2b8e9c71590ce75a12b18b63d098aa7c2

SHA512
c52d6b63cd8279a1d78b6d32b2fb7651bc133341aa730552c2837c373c1a932c309d2123def241e97fb3bef1f2de92174adbad807ced454c3f9407d7a8188402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b735.TMP

Filesize
705B

MD5
4fe743328434ba84d0a06a3e0aff348a

SHA1
7e985a427709648f3dcbc13c2f9670be019b8a65

SHA256
72ed00bd0a07397af6b36f7e8fce452d0ef9023ccc39d3017fa4bd2692f6b530

SHA512
46404c2252793bb5aabd9dced90d53a39792848338d7dc8dc075ce8f60c94046bfefadbf05525cacb350e648c490c2c2879fe5f8b153086fceca3c6c66ee4856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5a0b66d8a2be4c5b599dd8b2fd622937

SHA1
48ef7083695088ad34e24098962fe3f2119fe282

SHA256
a4dfd7febe8d128bf9af3b9ad90348eaa062149be4a208e45945feba3b313491

SHA512
ecc90cd69626d6d4900127b22fe0613a3a93c40e6822b976353811764e74a0529a7f66d2e59780f7ec228ca3fbeef7d5bc9639a0f4ae2e9802632856765f32a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13541a0b9823928af650179b8aad677f

SHA1
c30f6ec7c159a2b951185bede7e3b28280e9ea15

SHA256
31e8cd396d3e51061cac0c71da35c4cb6bfde1db6000f7803a7512da5f8927f4

SHA512
1b0fa8e72b9bddcafe02df45fbdd42a3ccdb66905fb6df1b0cf4c68e25b8986e3b96b61ad0c3eefb9150e9467c062b5a1e9e4b5a9cded161639079a4ffe45c15

Download Submit