hxxps://ej136[.]cfd/w046

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ej136.cfd/w046

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3532	msedge.exe
3532	msedge.exe
3948	msedge.exe
3948	msedge.exe
2388	identity_helper.exe
2388	identity_helper.exe
5304	msedge.exe
5304	msedge.exe
5304	msedge.exe
5304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3948 wrote to memory of 4916	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4916	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 5820	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3532	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3532	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4792	3948	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ej136.cfd/w046
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccda846f8,0x7ffccda84708,0x7ffccda84718
2⤵
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
2⤵
PID:5820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:4212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
2⤵
PID:5424

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
2⤵
PID:1344

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
2⤵
PID:5764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
2⤵
PID:5280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
2⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
2⤵
PID:932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
2⤵
PID:3280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3674191632052052528,12057338229655684209,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5040 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
f9bd4249f5a01536eb813a93d15f1577

SHA1
8c44ed61f729d803af08a83ab99f6a8b820ad2d7

SHA256
2af92eb84b2cc989064975a7ee0f27898375001b698353fa04957e1266abab9e

SHA512
0f12407a6822c1e454b154a575c8af0b74df54c330565857320040341ca9f72cfa151a487c25f8965442fa45427db433318504150536b2aab96942082f55e7ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
9e35adbd0fdeb502a940323109b76f9d

SHA1
361aaa54e49cb92ed068a5082b67f2a4e905652c

SHA256
ac121eb904eb023988ba8618769719b5acebd4fb2bc15fea993669d539a7155f

SHA512
4bd5274e01c504887fb0d5072d5cb525555c3d4438d7ca3dc66eb1e3d1b1cd9081b29c208d2f312bf4cbf618248288261510d03667a7eae3044cacd5afe94286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
62eb20e2affbbaeecd87aad1a430b3f3

SHA1
89e530b111bb6b643b628843e62ee47088a81ea7

SHA256
8a97f31493117156ac91e69c5afac1906a2a90ce152019320043c2ba621ce846

SHA512
1ae743ce1ca4d5599f34605daadf8e0ca1e40745e97a6e7a86c25d7a854301ea9f866cca0d2f060ac0147bf4d24febeaca465098ad1e13bed5ad3f866518eb3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
874B

MD5
f45e3ef0616e32e98c0391d753cad7e7

SHA1
3dcba959619c446a027b1112d69c80496033a529

SHA256
5e08158c9b64ea7c7d4077e001722231a20480767e9c281d4dce4f6dd2b9e0bc

SHA512
954cde202c362869b0bfa663762e0027efe0bf13208228c97aef585b8cb2735ca7b1a0b9e4d282af9de4ae5f82c4e49a021c49e2c127d899030a2e4b59fe8909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0280e510dc8d00767b194b7e36d1556f

SHA1
14fc8d8e1f721ff5e5ec8e42fa0684021b662288

SHA256
76562067ddb8ef4da4bd623f360c3098ab6d4b1553fc41f3cf162a45ad56c4eb

SHA512
f9c4a79053a98a02321a99a42868ca363ed983836acfdfd000521d094f4e70b97e99a1c9e8d93eb781ef83793a86f44320d81ce20804192db8c73deecf06f3d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d07eccdffacbb1fcae7fdaf494ebf75a

SHA1
60c58cc63b2472e5db517d360b917fdf0af7af14

SHA256
a748f0e55964db901f463852a8136f3640219602c1f99a37a41aaca1e296b360

SHA512
5b4e14332347d7ad608afb150716163701e0fab2ede16c98f6f783f983959c265476612e598beb4f1a2fa4ac594f9fb15dbff35c1d77c42b26533cb78a4a8ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
160f40ce5a5974a60f25b625a0a31f9d

SHA1
744ca8ee49932b69c0157db91bd46f8a2424a757

SHA256
5cc86b95b07bd5b4187b608c365ff367a41090a0865428ba68ff30df68cced64

SHA512
1f3045b6b5ccfa53ad039b03818d051a566adecb6050a86d2fe514eb02bb3482b2c4ae7505a0730a3f9171bdf6a713c1312f8139789061878e4becfe612cfb53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
540B

MD5
895c33db1021aecf7638970e8f5dfa73

SHA1
f84f542c9892738eca7a45abf43099b396eddd36

SHA256
cc3169f0288e7422db992fb2bb32edce3d9f135699653ec08b68f4a42d549148

SHA512
2e7ae092051c713f676f8cc6e811db848d092bc5dc2371a24908c678bf3799560ae5a013d807fbff4cddf2d10744d50796e64fd4787d0d799a7fa876bf0c5e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583e8b.TMP
Filesize
540B

MD5
8c478efc5dfdf0860c20c50c6a59a825

SHA1
f0ca6963508f0bb1361b7cf4961f4f87bef5b2c4

SHA256
0433aa3cc271bddf70f7c54ca7e9c609178fdfa4b399cf78f17d0f8c9318c689

SHA512
cbfd8ffd87dac6524d5105d6c5b41ba99604f5c5f465d3df076c2026511cbe2a709c9cea9adc30cfcbc9de9b1e3d18197e583b5f39a66fd39445695f93b7422d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
3ccf98f0cb9eeb5e06e413e4936eca3d

SHA1
0f059ede3b31e00d1466b2007a2676c877ceb11b

SHA256
ef1c39ba538eadce65fa038e0ea300bd2071d04c01ec78f0b4dd652377af64df

SHA512
b546cb0daea6e71bcdc10edeb5d35d587624f7c05413516e5346f91948b0f38e8cd5fe98016fafd38eeb7fc7b43fb1d62e2e80f56da0b8211f1982f4aa586a4a

Download Submit