hxxps://my[.]avalonwaterways[.]com/Travel-Materials/

Analysis

max time kernel
232s
max time network
235s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://my.avalonwaterways.com/Travel-Materials/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
2856	msedge.exe
2856	msedge.exe
2696	identity_helper.exe
2696	identity_helper.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 1932	2856	msedge.exe	83
PID 2856 wrote to memory of 1932	2856	msedge.exe	83
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 4704	2856	msedge.exe	84
PID 2856 wrote to memory of 3332	2856	msedge.exe	85
PID 2856 wrote to memory of 3332	2856	msedge.exe	85
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86
PID 2856 wrote to memory of 3056	2856	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://my.avalonwaterways.com/Travel-Materials/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa431d46f8,0x7ffa431d4708,0x7ffa431d4718
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9031709416028750481,12855441998344101237,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
a3f34a7c3c4c2dcf0a739a5a50372b67

SHA1
12b38acf042d0f7ed2eec10bed026c75f4919c3c

SHA256
311bca580892f2e9ffb03872485162bcb0bc9dbcb5aa45509d45fae0c87b9297

SHA512
6ccf27abacc246dde91bee855b4c00153790895274dbed30b9bc27fc512e5018752b294097d781a673ad8bc3f3899285226ad53c1343adf3cf6de6172cc7581a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bc2a8ec138ad7a3de5795238d936d278

SHA1
c78902f0fd0e71ba22c0bc88de2cd4218639f79a

SHA256
6cd1deddc8e0e1da877501e9a429dfba7b2de93aced5ac83eaae8001ce4e0fa7

SHA512
6d4c3697853b8de090448a08496965d137f588fd5952105961636c7d945c6be0f3e766383bcbac21617818b1398ee78d78650e52fbf9f74c426657d8dfd889fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e0b85017e763b76404456014f52f98f6

SHA1
8b66884e3225d91390d7189c16f10265226f2315

SHA256
87d8c87eec32e57aab5ddbdcfc0e176089c859dd450184738db2ea4e22de8424

SHA512
d9fd01033d280913957f7a567beebb41cd5b686d4131c4c5d4ab2578e924ec4f25c0ee2e6c45827afbce916640c7a599a1cd132edc0846de63726d57d742c81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d67acd09e05b7b47012189e96e2316be

SHA1
bd764d066433d4fbbd2cbce92b0cec47d87b4db5

SHA256
7750c7f00f9ba7b19efdf4c7cbf55cd85c7c8d0e17c24a7221b61ad3b53e8a7b

SHA512
53f512fb6b213aba5e9ae1cba249b54c9af087f3965c3e8b13ee35491db4ddc272249e41016111512f98f0a62a9c5c31cf1c56096b4123974ccfe276c4618318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
33819660b943cbd11c2e7050960d1a16

SHA1
1a4e99cd6aa0e7b34c28843b7892c57d3cdf9fa7

SHA256
099e396af04c712129a781b45e7e62ccc1c2b99b488dc2a86e5b9fe2bc786139

SHA512
fb3a6cbb7294b62a0630b4762d40e520aa786e23e91ba4da5665a0d4888172657ef36603fef2367bc68c55cdfcb8f09a79558a89b1ebfa10430af195819e12ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d2ddcca727ed12bc2bb9eaabc359637

SHA1
d569722dacaab60d2c382a78b79d6ea92683a81a

SHA256
1559db56e373a9c02c613a302af6cffa1bd289cb7a07d4bd3e68a978aee0dd9e

SHA512
d988d4030f51aa46846e5c953f9c72c9029385a75f8d16916c4a6fa4920960c53e3b9bc80f86a2864a59b247d3ca863b2f16098c46db722a573a25aca11ab2f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4dca64c0f502f5ad30ce5458c6791da3

SHA1
37e3df09fd19c44834dd6c1d7145ceff13320914

SHA256
25f9525a16746b2a9531e29047e6ac2710b434b848afc963dc178cf6bed0909f

SHA512
05a32c4763e7dc0a93ac4dc53f55923d43efaa4dc9935caf41d5deb0447bf6e68466f909d0068ce23ac71d37271978bedc517f8e3d73e1d37553812059fe4182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
475f2b4346b1b37dafaf30f08ad6e5c5

SHA1
f007779e291045c6f1876f9f9c27b9573fceedc8

SHA256
15f09f7539b7e0892705581cf48e321ed08058ed76cd3ea3e436b855b0f6dc9e

SHA512
fd1437d73c1ca871ae9faf684f26d682e40e1a7424fc5af8f04322d98ac3eaf961e740b3f383de673d8b5bfb1123842c775b274d69514f52f2864e0227b20a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a6ce9930481b0654d0da6fb22f3cba85

SHA1
5686f970fe8f2636925f5f7c498aa96242542557

SHA256
e95837fa12cdbca6cbf918d74284a7ed977b87e57970363ed6101d832d9571bf

SHA512
78c028bf21b957d251e6586417f46c86c27a568ed7f5dc17560bd5cf3c4f122be8a83b227e0f72fe8d7ca36718ad46e5ce11272e0b56a420a0031a2a49018afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d7c9be7fbf6cdce613e4ace7d0a84a7

SHA1
3321f80e404ed4e19d79fae1f60a0f42b8b20823

SHA256
6a0d9e2d3ea3b22fbf975651f6bd7fc7c1794bcb3a1d99321788fb7b101fef95

SHA512
b019c69cd826d7eb0a6d9a29b34f248b15aeb13809ba5d9a6506dad93d96b255dfb29fe10e7a1ad824d780d98f2442de59e377c8d5666bbeef05165ece203467

Download Submit