hxxps://superops[.]com/lp/rmm-solution?utm_term=advanced%20monitoring%20agent&utm_campaign=Super+-+Advanced+monitoring+agent+-+North+America&utm_source=Google-Ads&utm_medium=Paid-Search&hsa_acc=1644427990&hsa_cam=21160636729&hsa_grp=161040672856&hsa_ad=695668963325&hsa_src=g&hsa_tgt=kwd-368754115917&hsa_kw=advanced%20monitoring%20agent&hsa_mt=p&hsa_net=adwords&hsa_ver=3&gad_source=1&gclid=EAIaIQobChMIjsXbv8u2hQMV0xetBh3MXA4vEAAYASAAEgKfr_D_BwE

Analysis

max time kernel
197s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://superops.com/lp/rmm-solution?utm_term=advanced%20monitoring%20agent&utm_campaign=Super+-+Advanced+monitoring+agent+-+North+America&utm_source=Google-Ads&utm_medium=Paid-Search&hsa_acc=1644427990&hsa_cam=21160636729&hsa_grp=161040672856&hsa_ad=695668963325&hsa_src=g&hsa_tgt=kwd-368754115917&hsa_kw=advanced%20monitoring%20agent&hsa_mt=p&hsa_net=adwords&hsa_ver=3&gad_source=1&gclid=EAIaIQobChMIjsXbv8u2hQMV0xetBh3MXA4vEAAYASAAEgKfr_D_BwE

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
141	api.ipstack.com
144	api.ipstack.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
3000	msedge.exe
3000	msedge.exe
4188	identity_helper.exe
4188	identity_helper.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1616	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1616	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 4804	3000	msedge.exe	86
PID 3000 wrote to memory of 4804	3000	msedge.exe	86
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 1384	3000	msedge.exe	87
PID 3000 wrote to memory of 440	3000	msedge.exe	88
PID 3000 wrote to memory of 440	3000	msedge.exe	88
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89
PID 3000 wrote to memory of 3292	3000	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://superops.com/lp/rmm-solution?utm_term=advanced%20monitoring%20agent&utm_campaign=Super+-+Advanced+monitoring+agent+-+North+America&utm_source=Google-Ads&utm_medium=Paid-Search&hsa_acc=1644427990&hsa_cam=21160636729&hsa_grp=161040672856&hsa_ad=695668963325&hsa_src=g&hsa_tgt=kwd-368754115917&hsa_kw=advanced%20monitoring%20agent&hsa_mt=p&hsa_net=adwords&hsa_ver=3&gad_source=1&gclid=EAIaIQobChMIjsXbv8u2hQMV0xetBh3MXA4vEAAYASAAEgKfr_D_BwE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8214e46f8,0x7ff8214e4708,0x7ff8214e4718
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2224,4238035045331150912,4262589055250563610,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x494
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3beafce4-aad7-4a09-8b52-8796557a9be6.tmp

Filesize
4KB

MD5
a3a18ed3c31aa7fec5eb8bd027ee7974

SHA1
ab779cb8bdafd799a94da761d43c3ab9b4cc69c1

SHA256
40490c3ccf0ead687d17966cbf7824688feac8fa299d14ef224b6344986c90f2

SHA512
f482d7b2faecaff6bc6d3b3fef234887f0989bd2aed85c1262d1ba8cce816e620d384d961c09507670510b7c49116dc0b910b3a5e7863ffbfd6bba85c91e4948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a08ec23a2cec0d881919f9747df3c1ee

SHA1
580972697d96b9642c0cd35a97b8ad1e80bfbfc0

SHA256
fbe536e8d483f1867fb3be032537a9bc66c09bf9235be1a8ecd69a059c46c6ad

SHA512
9fa423e76031fbc37dae6e3865249fdde09c9b0e757f38c0687f632def390aa3c3bc48971deeb471b7f16e6bce6210bb8d369c722f347eaf16ab3b609532c5a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ed3f854761bc297d614d14aaa8de7c55

SHA1
6c6ed59e0753ab4d22917312bdcb31275525486d

SHA256
6d1d46170eb64f7f2a4680823709a51a7116f2a2bf3b4fdcc4d77d339ce14ca2

SHA512
9e88a65c69a1a75bfff70cd31104f8dd3757c90329295671d8b9769140c1833c9b4aba2ed95dda34f76361723436136e944ddde4c43fce454f100e43b706dac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e7d2ce7bd28b0e62f5d4531133329438

SHA1
f7d8d2fa4e0e8c2096b1d8049a6b79d2cae7cb34

SHA256
fd0c4a01edab27cff72024a8bc11590aada5cb63f57886eecb3fd17ca3594d6b

SHA512
298e53fbe5ab0a9fae703ab66cb01141cdbdb00ba2b52aa6e6fb14343f0a56fb9d5096b6f47c40bd6e20574a7085e92d11bf9ac565b0d43c03f4eb0ab411963e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cc159f7d8b212ac4394c1cb29e9114b1

SHA1
178e9d648fb10bdde0b4d447dbb9c4495e5a577a

SHA256
cea9983e9726d97bd5a519f59ae549cf0045bd8ba16f3a0c5483f5303955f20e

SHA512
2bd8ee7a2d1fcacaa44c58b09fb70204db598a801f3e4a2d3f60d9fcf4ef7d84198b8dc0eb418faa9d009adb7f5510411183fe97e5df6360d02d82e5c86b0063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0939fbaba004dfda3b72c235a5faa9db

SHA1
3f49dc8d27fb47651728f91fb6037a6c92b334aa

SHA256
81266eed9261374ba075bde6c30619c16f61533c59150b6f1db1a9542398ff4c

SHA512
1b258ed3da8466980acb2daa1eb347ab9498d41e3ab3f7fc88c1e9027c60ef80a7952416f372bd352f4591a92c23401aa812f46342800adcae44316c4d7a009c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1e97e343fb8aba367c8980961e91f453

SHA1
839fe532cd216149cf5bc2c059679ea40e236146

SHA256
32de2bd663e7105dd04a184c17bb3d659f08ab6eb8666b3eea426ad43dcdbb56

SHA512
768a89fa6cd477c70a7ac668e0b0fb8fec68e78a455210ed6846cc9204719d94a386dbfd32ecc75f68c65b6833be8726302af222e03b14df175412d797481380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6f37aaf94b5cb90239cd1c52a7b71e5b

SHA1
67149313ece0923a365032ddbc10b274213baecc

SHA256
8c6d4d44d78d8f8f506de4a20ea03f954ebc951286a5794fc3f11de641614a95

SHA512
198a75e88ec7e39ad84bb1c26b5d4bac7cacb42ac8bc91a275c4985249f857cb2607d02c0bd0c2470e2e0b00a752b4192c5edec9500dc6f79b2cc47353b5d0fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
acfd3a914a58f662d5d718972b7e0c9f

SHA1
7e53c418d567d206249a1e1489012b20df0e44ed

SHA256
d8d9bae1042e916f7f4a7918ca888550a7ee5b620aededc5a1fd1720963e2a4c

SHA512
7963b47b67cf638c45d5c1c31a34f09084a6b0998145a9a1c17b1856f2800bb1228c1e270c594d2043cc047099a7ab61f08d9ece013758b2494baf9dd82430e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5eb7b9f570330bb37f2cb922d45f55fc

SHA1
e61e69441ee340367ed24ba73622656ac4c6d083

SHA256
969962231f263a37571fe58eede4d4cc7733b64584f26a1e0af6844b64d61fd3

SHA512
300dd6e011a4234a4b110f9b01e75ac9bd92d4fbfba51833b1b357485245b43f940f401ebf207d5906c7e5d7311ca3af57fb2535df0ba4cd3503fd97d1fabdca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0549e7381291038b72d396c550fe8708

SHA1
6a979aca542af2552d4376fdea8ac8a0b6be4ec0

SHA256
61c7ecd415bf66fdfbcb7ca0b10fdd67c1ed830382654c4834ac79dda553ba9f

SHA512
d2644c0b7fc1be7278c168189ac31518f1d70a38e41a64cbb258c675fbcc272e0bbade42a8cbe554398773d2c9d5c9532940fa7734d9b3f75d571620f58291ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5788a8.TMP

Filesize
2KB

MD5
b733ee33432ff33b1c0916172b6c2065

SHA1
bec1f0a5ed32afac0f21bd1a2885aba120378c2e

SHA256
2a360c98f03c810fa2af689e8c082327ff3b7c378207678ff1418a97d2c0e5be

SHA512
595869f5d362f2c2630b24ee953a5cee0f3f118c9b1524ff0e6f5bc7c40b75b002a3b580cb2daa39199568a1c5ca0227f2c2f4c9112bad899c88b0463c744ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a1ae69ba646ab2b15ec1d5a50ac469c1

SHA1
7c7b2eea12adae92fddb04670e68ca8b83d40425

SHA256
ff5504a4b7f368eef46347f78350a8f95d793169ee50cc1d1e20f1de97d7676d

SHA512
7aebd726f3acf8d6565cddaf9555a6021d0f9a206a7b8aecbb148bdaed0280117bd97bb9633d5459b509e5ae274e5b43fab4ab2bd618b498e4eb81e23acab851

Download Submit