hxxp://www[.]iqbalscientific[.]com

Analysis

max time kernel
137s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2024, 07:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.iqbalscientific.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1996	msedge.exe
1996	msedge.exe
3224	msedge.exe
3224	msedge.exe
1316	identity_helper.exe
1316	identity_helper.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3224 wrote to memory of 2928	3224	msedge.exe	87
PID 3224 wrote to memory of 2928	3224	msedge.exe	87
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 3956	3224	msedge.exe	88
PID 3224 wrote to memory of 1996	3224	msedge.exe	89
PID 3224 wrote to memory of 1996	3224	msedge.exe	89
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90
PID 3224 wrote to memory of 3536	3224	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.iqbalscientific.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0fff46f8,0x7ffd0fff4708,0x7ffd0fff4718
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16424340897181704515,3909038810897399531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:5144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
64836d9ed0fa36504e81806dfddba79d

SHA1
ce09ebf37aebaf90664fcf7f20d9361c7473a372

SHA256
ca4ff89e62d8fa19b959aee20a3eb90a032317329e392dc4e455dc7720651cb3

SHA512
99debdc52571e358b1da6c4086d085f818d5a27b8cddecf68aeff0aa4600d9952277d4578c5d411d4cc4024c54704f5f4583d2b8d2146aef00c031b1ebad412e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f89eacc173016441580a1298f148d46e

SHA1
7e27c79728f54be41984235f7bfdd8a0bdcd3a54

SHA256
68bc2993e25bb9f44bdd514acb1ad122806ffba33f21730a201ccc347f496625

SHA512
8c966c08f3decb560b58816dcc8115f927eb58b96e3acfc2b7cc512654479fda45a3de77f9d4639713c8bbce65f202696613bdc66bb33444e9b5451f6cd7481b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
201KB

MD5
f5bc40498b73af1cc23f51ea60130601

SHA1
44de2c184cf4e0a2b9106756fc860df9ed584666

SHA256
c11b6273f0c5f039dfef3bf5d8efe45a2ecf65966e89eeb1a6c2277d712ae9fb

SHA512
9c993ef3ec746cbe937bbe32735410257f94ceb6f734d75e401fb78dc2e3ab3b7d83c086086f0e1230dc8dafd5328f9af664341eb781c72e67c4d84d1f6c1112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
788d17c125fd34bb1cf1b41bfd862804

SHA1
e3fbd580b80cfd2bd9784474d81df7fefd6dcec9

SHA256
0e1e0aa8824480fde3af7cee26415a5c52fbf9dea3166ccf955c2b89255032e9

SHA512
d2a35328f30c731ef5a9e8273c7db6df869d7f4fefe1c6aabb950f08ce2ad79446169d678492fa315c088483acdd0af346c800e64cb9269bed0d4bc346234856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cd985e1396c0b8d7eccb8b46c92078f0

SHA1
2dcffab8768f324e0a258589a8aaa29c7abd6c47

SHA256
dd24cd48d152cc330e253e3ac9e890884c24851d269b367970e6cb022a2feb36

SHA512
45e9ab20f5ff1625c65be84250b0e728d13256932261eed0789b261d998658fcc721dc80afe18ec106c70fb6eeca44d844f8b3a5d0024950d5baf1125d89189a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
43b098011756404caf46ac54cd4ff112

SHA1
72efd27c84ad45ec37ec2e601ad72ace80d1956e

SHA256
d2a3c818cfb1957797e7f9ebbff299151f6fd344a8e6fe174416ccee1a1f0411

SHA512
87543b2cc9d7205777d7ae3b8a71a41429fe18b301a5d5f9cfe120e14fa31385a8a4512fa11ceb31356b559813ac372441f8aa277d4097427bfb657269ae632d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0be465f517c02436121d79f020d3b906

SHA1
fd61c338dce495544eedacb3bcfc5886c07a74bc

SHA256
4f4257dd195df0dd566709ebec05fe263cee8eee349341d96bdeb826f0f0e74d

SHA512
686ec851c98d099636b384d4bd993503543984321df0bee909cbbbd46b25482959f3ffcd0c186db41ad3e0353084099cb8a2a8f013053a90d9dcff42ac13459c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a9f7d55352504c60c79d01003fc53ddb

SHA1
225c3365f2515171fa792a92d9990aae17afdb09

SHA256
5de8cdfbe0e2a35f2d0cda82f2c50cca62c31077d02f7b1d0a932ae20a46c0c1

SHA512
cbad090e71786f41563bc6f3b9061f9c3e281cb559ac6944d05ae821086abd67699a1ce63f25ce728fb871112841905181a31014c4c389f512f689ac07f1a97d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ee1d2c1ff8af5c0d333d4b55f7ca02d9

SHA1
af6c7b46d35bfe2f9f1e415df6df98a9f8fcf681

SHA256
298cfcf49ddc01fbff644cdda3a24e2eac588dd16f275f6b0aa69eeacd4262b2

SHA512
d1a9193eae9db79e27bf6dd067689307a5da66002910681a877ec7a8282b80e8376b09628bf5aeead8962eb7b7d7e2ea154c70cbfddd5efc9e284d58b7374fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1a4f20166fe1cfb8c796c03e7111f8e4

SHA1
e596dc29778f12787c10860c7bbe20f917b3ad58

SHA256
241fb89843eefa83205c7145ca0c385728d8762d60af7ef9cb7f410b3db34b70

SHA512
c331549d0b7d1445fbce5acfbcd343e2fa3ce43d6a51cc8baaaa073af0d89f5fae7bb731145ae78792d3e58648c358c7d9bdea7408daac10bb764859b885d96b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dedefb2d563ea8f09ae3b898f7c755b6

SHA1
f5d5729bc1bb3361d1b309cd8448fcfba33c3be7

SHA256
ae214e719ae3449ad360f0aa8a20cf326a13f3e9bb4022f7a557cb645bdd17c1

SHA512
381be21ed8021e769e43ea464608351c405e30570edcc0e31a4073fe31a83ed13eecaf1f7865cce2820dd426e549e9bd5ccb0ea741ae3a678e80ff5f8eee78e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40ac9577784b1b352d1535531738627f

SHA1
8420fe58b2bb0cf1436adfaec39ea25be0b3f0a8

SHA256
5305b960923796b6ca88b597a546ba40a89eec004ed473a555f8bae08a15515d

SHA512
e1c40e9af053b9defd8e58f2ea901ca85a441fe9b11320af4793be574dcfbe9783da569c66eebbe66aa3c8ce9ec961769fc9606d110fc7ac17e9c2290f6183e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
96ce24afbf0b633a7db05f4c8f10e1aa

SHA1
856a015786456de3c84b2805618703ab1634288f

SHA256
b7ae36bd5cb097239143c1727da59d0da96dd6e4cdea197797a94832065de03e

SHA512
71d452850fc14bcf3124f9a70e9b0d4394142f851bf6c8b4e968cab0b76eae376fe7c93937096dfd0de820ebcddd1cb99d75c266358764b9a0591a81864778b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e5f9bd32aae6854212a031b6e300523

SHA1
cc8669258e1434751286afd57da411a05c9998db

SHA256
25750dcc8a27581ee9b900318146ab470cc1b7c57fb483eba9133cf44de6414d

SHA512
c32061bf863417242b480540c28fcda97cca5cc0d16d72d2d1523a35a087a7479d74ef9f871ae0e328c378af07e58eb1a6d17aa3cd1c41d426a61bb6a02b27a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
69aa89787154040bc78e750affa95571

SHA1
a4f1e66992f35996120e65fbf71346b65a17428a

SHA256
79034dbe306a6f9e240c47c4ed7c29929f8a6e58dc2032302dd2e559db85e313

SHA512
4bf2582f51f07d2e12e8f3038872306d89b040d23e2288a228227240e8f64d23946eafa03c9daac9f50ef824b26b322a865b08771630258915fc2594a6d86aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e32c.TMP

Filesize
705B

MD5
32c669a2051aef04eb1f5f5957530a87

SHA1
ea4983875c81ea70d2a92d1bee4c317552fd84c9

SHA256
513475b49941fed24889dafbbf7616673e0afb07545c25077a5991e16692caef

SHA512
76b5b5ee2a7ebc4dbb09454d0c311c5e4ea79dc8e8a69285b82233b1be7a3adb24aa98c6c84cc116c62ef38e3aa9b8880a6f803bf6ef3615ba1aa3447489be7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c10197f8c241e59e854779a046700968

SHA1
2a73ac48fe379a273aea955b2e4d97d0ca1f02bd

SHA256
591613e90a1a873865ab4de7ff603671169ab92d57fa2794c0bdd24e3e068480

SHA512
e62cee8a1fa1f29331a8b4b5a7a6153f70f5b9815f3921564449321bc97bee8a9381c8f8289990e6521666a482e78fef70852dffe1e54d86208a8bd679b582c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
759c3c070237b96451472a38f10cb385

SHA1
0614c45ceeaf6b4037720979947f84fce94ff2b5

SHA256
0064e034c3cd3dcb3154ec5344e808df391bf4b78e36a1b3ab0114b26c8fe8ef

SHA512
12428aee1b638156a6969707c505a1340707173085f3db4dcfcc241223dc98a3461d4401fd70986279a43c62b69585f459d3c5f80dd8d25e5009945600fc68fe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit