hxxps://t[.]email[.]caixabank[.]com/r/?id=h53014a64,6db27ee6,f3bae0f&p1=car-life-support-tomakomai。com/g/YXRlbmNpb25hbGNsaWVudGVAZWNvZW1iZXMuY29t$

Analysis

max time kernel
240s
max time network
270s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 06:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://t.email.caixabank.com/r/?id=h53014a64,6db27ee6,f3bae0f&p1=car-life-support-tomakomai。com/g/YXRlbmNpb25hbGNsaWVudGVAZWNvZW1iZXMuY29t$

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
100	ipapi.co
99	ipapi.co

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4700	msedge.exe
4700	msedge.exe
1852	msedge.exe
1852	msedge.exe
3172	identity_helper.exe
3172	identity_helper.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 5032	1852	msedge.exe	83
PID 1852 wrote to memory of 5032	1852	msedge.exe	83
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 3152	1852	msedge.exe	84
PID 1852 wrote to memory of 4700	1852	msedge.exe	85
PID 1852 wrote to memory of 4700	1852	msedge.exe	85
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86
PID 1852 wrote to memory of 1436	1852	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.email.caixabank.com/r/?id=h53014a64,6db27ee6,f3bae0f&p1=car-life-support-tomakomai。com/g/YXRlbmNpb25hbGNsaWVudGVAZWNvZW1iZXMuY29t$
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafda846f8,0x7ffafda84708,0x7ffafda84718
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,15080740916487821703,13977626486499342713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2484 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
f75b544342d5ca629f33cccc5a15042d

SHA1
f07287d5943c5c343c95e00c8c451ccd43f637ae

SHA256
1440563e5f50cba8ed92b6f3960930ca28e6d3ce19c07dec2a1f2969e656e903

SHA512
f614fd6f01fd6b35e09645b1a0721cc2f7b23d689033c74107e6e26a579b840dad96b63b8dc45c11236f5d1851f460ff5f8e0b4cb86b9e2024ca70b3b3a32ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8bd60739f288ddf3109c1a8b6f434e9f

SHA1
4c52b7fd601c9c66ea9fe4950849ea702e3e8156

SHA256
88b3122291befca3c4c1eedb85217309806809c8ed160b3a6c9f0d47533432a0

SHA512
f89e3ca1b1b361644d993e1557ed13d00cb05597a1c4a429a8828784f5f7777f505249aaa2343463d2cfd3a611e336528299d05b419fc9b5003036862217f53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03c2b5b72da69023334449071d471ad4

SHA1
8b577aba34067016c227fd43a049996eb5336f6d

SHA256
a5ea0b26c6954ca7b67eb6ca97bb5eef8a6d74205d5a728eb8c170b80cdca4b6

SHA512
964e9e4d1a030638a2b28ef07626fc816c7675ba18e677774c446669055cabdc8e7b44746743b0d2e51a284fec8f651cc3a0bdfc3c1ee23c832c2a1b9807a6d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74514683bb5f5ffdf44adc7acd4c492d

SHA1
01f71715fee72c6f6744c06d330545a5586c2a93

SHA256
4ac170d8e1d60c693eaf66d0a18c691b3237a2732c2c93be401fc6ad399609b0

SHA512
d05b713bc897934b21ef24fb43dff9341a5061d1d4a32c643c100147b0e5283e5027feb7d1c901306d289c8c6d5ad610619f6b40cfe8d357e185fc191b763c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f6bd5b5ec7d4bf19881e04940d8861b

SHA1
db30fb132d79756d5b2de9b953a0a92ba3815db2

SHA256
71dfa45da1ba7c0ce6c19e94630e9dc6e4c477eaebd4ce0431159b7aa56e7ef2

SHA512
84d88524b8395e16d92b56d02dc1d426aa06265e998d8a5e16bd36aaa9d629d80c4b87811acfb222f5d44d280831b447995cc491801f56ef93982dfc9fa20a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
3e8b15bdb477f92018d80ef41efe9f79

SHA1
6afa0e00de8a711d1d29e880d3e71feee0d20b3c

SHA256
f73eba50c1744eeebf6a3431485d201825be518a901fe9871c537d0f19d05109

SHA512
efcdaf31e89e8407639d463256465ec3dbfbee388a61d11dd4b39bcc578eba425cdc49f4428518faf3c89f911f52b87cc46e8d50d30238863a303c84600bf4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b3ee.TMP

Filesize
203B

MD5
6378e8261db1b87baefdef04662640b7

SHA1
41f53a9ed204d8059fdf5886f91815af1f5562f1

SHA256
f41b26a3b615343dd5df543117baa408f25bca2449cce95775c14b9f9d6c8d81

SHA512
32405c01f671a9bfb724ad81d122070438976de20fddc39600ca6fc184fabdedc1d49aab7d8bd6c4cbf8fd495b514f1e19d6cc969322e079d627bf38e9257e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7ed43812e492b526ede4a47bed05cae0

SHA1
c93c5d2599f88e0befaed0ab1d699082a9358972

SHA256
3de419ea18c908affa9503e88225df7c831469c9f5ffb25b571a2a4627ffa6c0

SHA512
2390f867344b161f4630ec144a35e490e89616c43d45695e5abaa74ec97d95661f660e95870391ae90fa81998d3be907cc882aca502654968e288fb3d610f367

Download Submit