hxxp://www[.]flashbet[.]gg

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 19:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.flashbet.gg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
2416	msedge.exe
2416	msedge.exe
1020	identity_helper.exe
1020	identity_helper.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 2020	4688	msedge.exe	81
PID 4688 wrote to memory of 2020	4688	msedge.exe	81
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 4876	4688	msedge.exe	82
PID 4688 wrote to memory of 2416	4688	msedge.exe	83
PID 4688 wrote to memory of 2416	4688	msedge.exe	83
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84
PID 4688 wrote to memory of 692	4688	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.flashbet.gg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa276746f8,0x7ffa27674708,0x7ffa27674718
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,3505237954641970666,18409821418439406773,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,3505237954641970666,18409821418439406773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,3505237954641970666,18409821418439406773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3505237954641970666,18409821418439406773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3505237954641970666,18409821418439406773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3505237954641970666,18409821418439406773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,3505237954641970666,18409821418439406773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,3505237954641970666,18409821418439406773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3505237954641970666,18409821418439406773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3505237954641970666,18409821418439406773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3505237954641970666,18409821418439406773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3505237954641970666,18409821418439406773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,3505237954641970666,18409821418439406773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
32KB

MD5
2b5e6b580cce299f930f62bcaf1e9d94

SHA1
be5df8bfc5b4997aefbdac166f383e83b055ae6b

SHA256
b8208126c34b5360d95d8925dfd0549f9ac5716c339b35fa5c5547b39a08770f

SHA512
76eff9d35a96266499ac2edd6abc2f55a6e229142ed482b8706aa7d0c75db896cbfd1d82aa1090a046c6e00dfaf67b8366ed3b2786461fd2238cbabae608347e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
71KB

MD5
1cff1ce35fd5583ad104b8fac65c246d

SHA1
a5029d70d7e1b24df61f4ead509dac61cdf917ac

SHA256
2cb4c4aaf01f872c9bdd3e0c26fc509f022bf37c7224cb3b5d2ceac17bdf7712

SHA512
4b2955557907c261ee89a43f80f3773197cc2bf917d8766d4d95ad1ba5652d92e09503bf151515a314d8709de815de09d993a828e233412459224eb557b66343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
56KB

MD5
7538ae25001820cd0c822fe0b940dc8a

SHA1
40a7f6b5d7dbd61c5388cfab5c7546a696fc3c82

SHA256
b1705e4cc4a302a53252b71ea72891c06d19e9138f93ad0cdea4aea511a47452

SHA512
9d0abf539bc8ccad9a3ebd7613491d6f14dd6a27d936bf3a18f9fa406329deea374e6881cccccd8dc014e9e11c084c150180d91abb935b30f436c979f09d2e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
768B

MD5
b0874b2c0f48da45eacbc960f44dfcae

SHA1
1581bb03ef85ad1dd7ec722e6b14f803d08d780f

SHA256
78eadaadc37a947cf6e356bc849367746db594b1e5d0b2ca8c7379db8600e204

SHA512
0161b71778e5282f24567c3bbe51a7d994230fe0c1138fb31137c957694b211736d5d4d5c474f73dd4e98343f447bfcf59430c54ff66a1bcf1d6bdd9da97c724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
55f21fe7415c536776401bcc905f85e9

SHA1
b1430d25e1f7f91bef112d1f0514b29871dd7463

SHA256
f20bbfe77bf9af6423a4b3524a09760df5662a6c0bdb7af94f669ddbfaaf8e33

SHA512
ccc26b4cab1797205c739a9c5e2af4616010bcfde37b3fdef95ce9e68e27ff84e5ce1edac8efa6f92aacfb4e9b3e5e0d501382c6a7e38cde3de4a102be487bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
c7f616cc960f5d5abc3007f910242285

SHA1
c7a855099ca4b374d71c98e332b713c6e39761c8

SHA256
435079399b2085618e15ef260f95891f893f26fa972245e01cd26c3b32c91196

SHA512
ceab002998d0f47caab09029e2e56e3586a8ce6b720d709954af5d5ee0c2b47f266d228449d4cdc9566786c66172a2772a59e125625f5718da1b707e35e4b8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
62001e8049f9a02dc15ea0af297ee4a4

SHA1
1fa62e972a9183c06fc0d42e437922163940a8b3

SHA256
241fcf5701276689aa08bf5282706692935fb90910dde54922fcc307ee468604

SHA512
5be8ae4f87e3d72a0600573925b5feb7d23159f687eefcbec78a5142fdc268767c8783d4bca22c2d65def63b76b68f04db96f3d2fcf1e55ca9468c41e2bf9d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ef68c7dec3a3a756845c006e727e09c0

SHA1
fefdb16befeb0038a5e5cb3bc9fbd6f326373ba7

SHA256
ad038bb997ab125e42573659c278e9a6f2ee7a27f84f03bf36570a98df3478db

SHA512
7b70a247147ce55673a64e7b10139fc1b69f06404a33c24e1750a630b85fdb262c456b9d96dc18eed8e3203c269f6fb6b0b53e4cdee4496bbafa479122bab953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a88a1a09f1c14465064a86cf5905aa50

SHA1
cd06ef086f759d23c7d0c7697c00106704cf45bd

SHA256
1c872fdbf2f27d13c6d3b7f28a879a938696206cb34bee1eca6ef479c95c28d8

SHA512
5e1757d6fc6617ab8f0ba47d9a82ac226b17d777c55dd348d361a61612e4eaf12d65ed2312ad7deac8831ee75798cff2bd4e0e1184280a201ed70e50adee6ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5beb597c844029922ebd9272ba99b1eb

SHA1
d9aff74b8a1917f6eb4dc5a123735a116a1ac5e1

SHA256
ed9a34c2ff754cc5900f46d4998ce2f715d59447548806768f93adf7e102791d

SHA512
2542274b6074621175e39b75d089211dfc0f57dd7d5ac67982bf05d844055c807bf14c0f3ef20ec9ff53fd9991ef8d06b79b5580d0ad6d06f3742b133c477597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be972a10acf535923ae539f8e2d62832

SHA1
a40dd7cfd5198d8c9e8567bb6e78110f7196798b

SHA256
76e3d643cad9863aade093956bb0eeb349850b912c8531aa51dd27d356ffcf79

SHA512
cc7a939c830a9be94f8b2916f5d59d22f4daad8d5e4f9a7e27497c1b3b0fb61a13af3a472550e6185103ee9ac8843e27d9082fb48320cea0d2d5a63358959d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a38a325e35daf6d9bbd1ef87791407c

SHA1
a5dac114ade2ddf038e4d08f2f83cbc678b8c594

SHA256
3e6516f232b7df7f8ea3e49cc17f81720832ddf30dfa328777ccb3edaba52633

SHA512
011fc581454a727d1e1df84fe378a9ef439835049f7e5ddebf44537081e03fd8d370a6631fcd44c68e6ecaeb9a1b69d35746e352ceff41488e37dbcce6e55ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ae93da5756137020de8be2d0b6e7212

SHA1
29acebceb77f11f5103cfc95947a5e59aed41754

SHA256
1a0859393d5769de7b7d8da9db6e519be4b82e4f5b669b2e56bf414671ea9252

SHA512
52276a3ab662b19782ef4781340dc152e3feae7497fa394321d1ca92721c4a997bc3089340a8793d409dedd7d6e3357ea9dc64762293b49ee22da3e4babec474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
c5cb8349b90597ca52de7ae5b84e5f92

SHA1
2a7b81c5321458cdb53c3dfedf07abd7d669936d

SHA256
0da90009af44382c18b3873c4a5f62495d2e5c52f5379ef21e99c7d322692ae8

SHA512
cea8185d955986421811dd66d74eec21622a4158488ebcda0712d0e26a5da0ce8f4560515c830c8c826bd65cc368e52421e4a1a586242568120e9974554710da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
9742173f34d39d695a017ec86b992665

SHA1
51268779297ce961e8b063750fcaf495f76d325c

SHA256
8df6d66589cc1f4be9a469c8ef95fdeaa61eb1c2cb731ed1fe589ae3973d695c

SHA512
e50aee2f58c1a80b721541356aa90d7260859bff509435414cbc8e38077296bb3720267182aa80b7dc95b9d82f07f7bb9548b3de68200702c9b45a9cd86f46bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
8397f702789a76abccf029e016295581

SHA1
91238c45744520fcd71aec03dd22d1381cc41177

SHA256
a1a50b85170d7fcac3bde75b96fbea6d0ebe6bca4a941b0dd801244605e621bf

SHA512
bcbd3d94d25ccdd23532d47e086baf490bed05f5fb9706e36b9dd5b5468b186d8b1e6adaac18e23c8f42474212ee4fc4901304f43f002654c2c4cd547aa62339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
4d6388bc69f8286fe6a24484620512bf

SHA1
cd52636392e6325795de9a7d5cb34300b01eaf12

SHA256
f11255d2a9a42abfd490f542d72d886a9f6326d3f25d8b690a99409da258716a

SHA512
d66f40ecdef738c4dc13e968e63f0e23d343c92e7cb572667537ac564a992885a90bfb1677c8e5ecd7dd72e8c2e305692baa8e93c502662e9d57200468fe992f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
8a90789b3ebb29bf79e753d899bdc1ac

SHA1
133af88226331c1f74a3f263728c19261bd66839

SHA256
e488af0e31028e199e5fcec6498c219375b6e1fc899473c1c1e5bd120f5aa7a7

SHA512
2841db60a2ca45ca60b07a2b1894b6aa3bcb164c6fc77f4ba4128f50cfc9aba6a433900d2c2a617c5dd891d60bfe7628b6ed5a3a3672070da54ff77dde4b1812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fca0.TMP

Filesize
873B

MD5
5604b215c9358285d76713306e3c9283

SHA1
990f3429569fcb245a37fdbbcfc3c738541aad1a

SHA256
d382d04d282dd18a961aaa01cbce5510f0f72ad814d9cd3d753c822fd37f1ae7

SHA512
b1ee2972baa6a6054340b28cdd1442488dd63b4913fbf39656e18354ce55dca642385e8d82be2e6eb22d278b194913101fa39f050f3da0b48002b4283e1f92ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
11ddc94fc34cf090333f1affd0d7bc9c

SHA1
65eb53999eee9c6a22288c27595350b2d2adde29

SHA256
b579168f80061877a3e31a2818a207e9b6c9bc1fdb0ef003909dc6124c1260d1

SHA512
a9f2b799457c2aca045cda03a04cb74d8913aeed3e2fcbd42cff447dedb5d92e87b2385999ed6db3bf850989c95785d42bdd671310877d115db79fcc097e002a

Download Submit