hxxp://www[.]flipsnack[.]com/E9CCA699E8C/texstar-equipment-sales/full-view[.]html

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.flipsnack.com/E9CCA699E8C/texstar-equipment-sales/full-view.html

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
117	ipapi.co
118	ipapi.co

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
5032	msedge.exe
5032	msedge.exe
1408	identity_helper.exe
1408	identity_helper.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 4376	5032	msedge.exe	83
PID 5032 wrote to memory of 4376	5032	msedge.exe	83
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 3628	5032	msedge.exe	84
PID 5032 wrote to memory of 4812	5032	msedge.exe	85
PID 5032 wrote to memory of 4812	5032	msedge.exe	85
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86
PID 5032 wrote to memory of 4828	5032	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.flipsnack.com/E9CCA699E8C/texstar-equipment-sales/full-view.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc074f46f8,0x7ffc074f4708,0x7ffc074f4718
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4507797283253517912,9884627869399483106,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
6b7fe75b24c6f387f677db9b48987b23

SHA1
55eb0d2c719726fa07007539d151fdec3a1b3b6e

SHA256
c77676602fb7dd8771c19be929dcc6759b0b6d07b734e0d82d3a7a1806ab4241

SHA512
e7cee25d7f4cc7c0b854c56aeb67e0ae458bf50f177653b5018cf2a83cdc4bbc963a87edf7b520b0946f97aa6ed749cad4605b1b52ba75c4ed99aab2543b1e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9b53944c2014fcf21825c8c1739290bc

SHA1
f3e8a937f5925ad9456221aa49cb52c34707b4a4

SHA256
a6b631ca75c089cdeac58b9fce06a5255dc671ae943baa8e6b832dae5bfda33b

SHA512
96ea97c53d7329a9c9c2e4080a8851cddd015c460ca650cc1f86e0a386c6bf31072a717f5b6cf1bc0df3f8a3e546995fa2eb1b9d4bd40782c85778e849a45dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5467c3f039a185fe6c57dc3f4bad4e94

SHA1
6465976c148160d0447430a636a07c2240fcc710

SHA256
b551ac2acc25453b1dd97d411bb35e0fea8e77558e931566025722b20a08b425

SHA512
9852b9a0dd9d5654660ede7f1853f3775ddb8b7caca224261b2f8f6b54401668124c3752b2b104dc72d01a77d12d0713b6bb88bd47077858496ded4cdf56bbe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
abf3e4cb9d2c89527dc0941b30d5c0cf

SHA1
4fd5959464bbddaf448cdb0974a2b97c496f6c82

SHA256
ba36d9016d421749d0cc6a99ab8e25e9e76f5559badb0734f852ca1f058d8edd

SHA512
ff55e9839e15f31638f520286527892a29ff341338edcf33d725f8303a03a5ce5c9cba98e8fb3573bdeaf49752b28988f0ea138a23fc4c40096592266b05f438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
868f651b40ce65a957fce72c7ae42ae8

SHA1
73fb436612b3ecbb114dc11077ff1e3be67e3acf

SHA256
93c111e7e48d8154cd4a825598912ec94f59c0bd599a485da85ea27d792c1b99

SHA512
cc1c2225abea98f8201dc5c711eccc6bf90e180367bfaee64cff2c171ec9dc393a8a7f011f8b9fbcaef39411fde490c208c0a5030efc2cc2ee0becefa13dc3bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48b9577673f541e63d31bb4c1d2506ef

SHA1
0561156b9e41d6a2965d05bb673130a1f2f1a374

SHA256
5de71f6fb04204d01de9fd99105d35001f035aa9d6ad85ae172f41c67eccb316

SHA512
26b3fd8abcc171910b98a598514754b850cc05bbcb565958a6015bdb259eccd363eeec83f131812b8e865be1460314aba353b7f75159d2eec663b9d95b84ea1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
b469b46cfd479eab0b0af656e0325ed4

SHA1
58f932f8a98102f2b52e0c797684f26f40a86e69

SHA256
3ea6d0c9a13b964be5e3048b8d1a06e9608eb783698b4eee63b677ae472184f5

SHA512
311425c66fff59a0b80a4dbf91fd2f06b4f5728176c6732597458168c43a83d85bfb47f77732e8eae78f8e5d0e76524d2e5033b2306fb5b813dd32db028b6873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b333.TMP

Filesize
702B

MD5
ee846ab406a3a4090be30fd1e58832c8

SHA1
95984972f12ab4f96b1b3d8cdc6aaa26618398c5

SHA256
24998f0664a0e9b17ff8cba00bc9462f676448468d4384cdcd5b0cf010c6263a

SHA512
3b3ed068f2ee6ea1d5fd6bd52a130ee36c4e9d6a87e10801605d99fc22e1e6ee7b3f9908d8061fd2d1c57cd232adb1e555f89c6e5e93d9bba4449346b302c05c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f9c329d0-35d2-447b-aea3-22e473597396.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8d740a82ebdf95edad26ccb89b99bdf1

SHA1
bc32e3e2db4192634a1c47934e325851f9f86ef7

SHA256
a4dcb45b7b20bffa960aef60d42ecf40088e93e87fe0b092849a56482497bcb3

SHA512
bc1732ec1494413571c40eab2034f94497eab6757e67bd75f4716ce248d2e647fbb734c0ff862c3a1af9dd69899e2a42b2cd19766708a9ed802bcce9a15be0e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit