hxxps://gorden-sun[.]notion[.]site/7-1-AI-eb6dc9a1a8064f91a1e1c225d977279e?pvs=21

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gorden-sun.notion.site/7-1-AI-eb6dc9a1a8064f91a1e1c225d977279e?pvs=21

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-701583114-2636601053-947405450-1000\{6EA18850-76DA-40D5-BDAB-96B8F946E362}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3640	msedge.exe
3640	msedge.exe
2996	msedge.exe
2996	msedge.exe
3288	msedge.exe
3288	msedge.exe
1604	identity_helper.exe
1604	identity_helper.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2308	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2308	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 1360	2996	msedge.exe	82
PID 2996 wrote to memory of 1360	2996	msedge.exe	82
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 4408	2996	msedge.exe	84
PID 2996 wrote to memory of 3640	2996	msedge.exe	85
PID 2996 wrote to memory of 3640	2996	msedge.exe	85
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86
PID 2996 wrote to memory of 4176	2996	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gorden-sun.notion.site/7-1-AI-eb6dc9a1a8064f91a1e1c225d977279e?pvs=21
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2a9646f8,0x7fff2a964708,0x7fff2a964718
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,10071971652050086842,3137112619914357584,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5576 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
134KB

MD5
0751a6fabc37cab3d6337726cc9c2df1

SHA1
806510c344b86a10a90edd5bac25a30d297d8f0d

SHA256
4ae36f766251176fa234acc72f9c63bbe6e506bc4ae649a310a6963f6c20b2b6

SHA512
b55e22d998c9c2bafdee0850c20881ee86526a440d34ba6e123714706cc9cd9e6eaa8662b79e3857031e64057dffceb9e7c1b2ae476229ebec82fb794431035f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
1024KB

MD5
1038180199c273d7240e07f97c945e65

SHA1
b59faf0e9b504a61a973f4bca26f2a4fc6f5eb0b

SHA256
81acbf968d80e3b6dd706d73f4d1bba26d308df24b06322018fb01e54fe67ccc

SHA512
de5b980e8f58bd39efe6af79f642f744bac693b922084a58b7b03235a7c05ea495dbd5df7ec12009b0e104c7bb921e5a3fc20c9e812f2846d62bafd4bfb53695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
879KB

MD5
47a2037967d2e8404ced19281a685795

SHA1
d62edae78ce007db32c94f276be4940575c122f9

SHA256
b79f2fd2fc9961971ffaa420da1782927caac8166d3cf21f7c8a1869988ad596

SHA512
bdebbbb8c52786152a510eb351dfb9a0dee7e36ac7a66011218d170a4d8ccdef80677c82bcede7d7108501b67457e291d79cb9aad387ee5f43f0eec6d9419e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
646KB

MD5
24d70ba397f732b816fca687cc726a2f

SHA1
a9d9cce0ac0b13e052b037542b05ba1f3fea5cd9

SHA256
ae80f2fd2ce8097f81bd8c5272d9e555bd88f11cf32495bf1905452b9abafb87

SHA512
f28ade8f3887c6197b627c350169f1af699f8e8988789f2a340731a2c8abb5a38c45355f0abf30aba36206222dbef6b825b9659a0d2b4a5b535990a0c368ab51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fbb91c0a377eb518d9183b59ba568dd6

SHA1
b0f4c87d7b8d52ea2d7af4d23caf9eb3f0693ebf

SHA256
8b8d2394e6a36be5c72dce2868c382f4ea529e56c8f9d7cf6f9285dd76f31496

SHA512
ce0535f0a1cfea5d8d8165661cff79f1d07f3791d43b01ef2d4cd6f1574f46fd12fe66b8523f7b1ba25e973f720cd97aa9c058a9203a788d7828a02fdb87e674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
59eb1cf882b461ec9d83cde5a73c4962

SHA1
1131e401e60a9cb286586b875b16af14588aa1c7

SHA256
7910417ec752b09454d8eeb1339cdccb83c7884860db8c1758dd3219c14c0ccc

SHA512
7df30c3207f484316f02462f9412ffc106952f1fb352ffa064104dbdc9f8f8e292a122bf6b5aa0e1ec9f69d605f5f63e6ca3c5e980d794cfbd9194e7f3de22e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
934B

MD5
0538771443c33ff784c8929f1438f464

SHA1
5b1bb976e72f343dc1af9f7edeed0692585882db

SHA256
6e61d09bc81159d7c858b135eedd6e43be35b1e9c46cdff01fcad09541bfa247

SHA512
66d73d0dc6f0f639d363c29f5b29edfefa264271ecf5d740943bb134cf592b7d3eece62fcf7e0cf14739776ad47396dfb77bb99e882c2c952025b2c507087c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7b3bcc281d8ad34bf773a9da8ad1f42

SHA1
d2476fddf3e231593b1108e0297e36a9552b0abf

SHA256
64b77a48f8eefffe7603e24b4a8ec043cba4ce05031941b6c211a25435c06479

SHA512
f378476ec502725452655dac8b792c63188fa89717e695f7ce74a7024f29ea0f65d46fe12224fe93142ad9071af6a4c0106233095b4a4126e902b092e6e243d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ef2378f56c5b58831a675b57cf9f5ab

SHA1
a6298c6179661c8bc9c9d41c9ea3ae5909da4794

SHA256
2d57387e1891f1fd4970fe3467ce09824432978f5945ee01a70a0b36d98ae64d

SHA512
89be729c51dc316f12928935307e42db2af0f886d2a0f23cf66db4ad5d945b272f07c894fdf8ced59fa523912be4a52f289e95521d681ace918e600f0dfebc26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
312082c5bb329732eb2e882c9a35767a

SHA1
45459f52ce3d25de9d0311582f211ef514857fdc

SHA256
2f9a180b7a2a6c16b22c2edb0d4f311ecd053c1ed1bafd656a6f4a7bb331edf2

SHA512
02361ca2055caa78474996fe7f9c99b8f28d71d84e755aa9167ec32666e8af3a0dc817894135e55ef2205e3c27635d1fde3781a7babc6d8bf386baa87cb03772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5c2b8ed2e95d9220b0f8d1125cb30a45

SHA1
574846d8af6579b11129b93692f82de67576d0d3

SHA256
d15c87f1bf4ce673147163772059011850748001d1b97a578d20b4ebc8c1fd8c

SHA512
e2c8ab0840f5aad80c8dcae092b352669f543c7055389e2bbebbac18f6ebaed86be77e28802f960d4e9f65c7ca089950b111b24a8c486a1298a9a3ad0e84ee6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0cbd53b746a46b7c050a64c7a87c0938

SHA1
552707648b7f64022dcc42ccc2cada5335439a9f

SHA256
4c800d115b953a5fccf584474edcd05ec1333ed20d77f1612cf21aa2f6588ca4

SHA512
919af6f9edf15253039b6a8bfb9cc21c21248d0b7a00ad9a3d7d576ca748f16d5ce6a9d6c170428938dd4c444472210c8be1e53c44f4adb7342db853b5a05e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc021059e0a3dbb52ca42959d65537f9

SHA1
ba20dfeeff9ab296ac7ea2d7e603e518468d40f6

SHA256
a12f91fa645ac81627221a132fb3e475d57989b224140b0328a7f6bd4214114e

SHA512
e5620258f10487ef3616716c1d35eeb5d43aef3489c474187dc11ba66881da04197f06d3c6c9b354eab035c2cbd37fd22cc79a83906e7b1de6b473908a006c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
459e716eafcd2763c701e92378079185

SHA1
4897de069c66eee679f0499de6126f1d32b20419

SHA256
b73780ebf3e843fc1a8f6283e8c61e4ce761f7df0eb0c33b6604bfad2ee908ee

SHA512
9d996e7220141dee34d1d31a31eab177eaf77a9fa2d2f1621f479a26577150075210ca65194fa839e00978d4917a99c0dbcdad3062d8c3383955bda76f6ed66c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
332636c4b9e7539fc6e33f10b42b38ec

SHA1
5626922a93dcb3e59f381b122764b4467a911518

SHA256
866c6585bbedbaca4dfc167c737d287cb98a44b0cd4d2e0ad9ecdaecda8fbea0

SHA512
310a7385796eefc1b02ae068e60c01d0cb69ab8bfd8210500850779b8f3ae72c6ef317e3ca0ea2819dd04f77e2c0dddea1be675a753ea4f505f6a75e9e582e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d795e5a55cb32e287bbf2fe43d32a8b

SHA1
fb3c976a8897b79caa6ecdf25c230a6b716d7d2f

SHA256
f169f6f778c188fe6a5759426ecdfba3d396ecde0959ef4ab9c73103a99ae566

SHA512
1bbafa1dad7c941e2191f20315811574512326df8fcd75a86dcd4b84244a080df2d6e1b4896cbf20c90c7b64e7b6bf177b7cb9817b238dc637aeab71d3613992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
355367c5890827d07f74f0859799d497

SHA1
736596c65d65484fe44c92e9ea888fdc63e86b64

SHA256
3e32d89acc881cce6222c28d6189cfec6c5acf0d2a9e31f70199bcb43fb04afc

SHA512
892d95461d3192a2ec8e886911ec2efef3b910d5b673feaa9461ed9491a5e9f9c79621408a155c115a8598aa2ccac76f9338cd4cb8c7d897ee116c62795a7f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
81dc471239d010dedc382bfe3be8ea17

SHA1
2e11798d58376c1e90fc647d390c125d227ebb20

SHA256
85f2b651a24958064e8bf7b648ac39dc60893bda73bc3ae72d1315be61945cc0

SHA512
184b44ee4e651c959e1e649d5f5f1c951feedf4c7b2fe9a115ebd6a0bdd303830e06523f1403460c53999cc21ffa1b319a6145bf59eddb2b1d19b6fb6f2d1447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
572ae4b8791dab065e4790de5567ca52

SHA1
5612cfbe8530f085a8fbec7596d8935652c6abea

SHA256
30b7b24d09d426ba2a23c9a36cf45aaf5f38c3f89a17acc87380023935132218

SHA512
222155d9b37c3ebcc5895e80123cf24498b4ccb0feade8c9be5e8f93558a4b9ae5d5994c3ddfd26be066a7dbd14a875f86898bf4c03ca0c2971beee1826ae084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2da1a997d5f097cd2b2ad577a4452097

SHA1
43e65f6ea9199b72199fa22fc176f3a09cd98bf3

SHA256
e7dae59cce8480184d8e58012a44ae08498266be7a4e144c3f10ec085acd24ef

SHA512
86002c50f61f207e02f7912508841894f198c06657f3b9fffed6f7f52e40d8f8ecaf4e015321ae232db1f2220cff5594636c2d658b43f9822a7cf35455855662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5814db.TMP

Filesize
1KB

MD5
287c5d4d5f50fcd64eb34c2f51f5225f

SHA1
8e50e30db437043ec455c4cac629aacd02ee9a18

SHA256
7166d897af94090114215d6493d6addbf2aa074feb56e8a8cbdbce9de504ba0e

SHA512
bd78edfe91681287f681cf61932a5619d8108d28162ce97ad8249655c1e0c233538ada0bc09d17037faf3af7538b1b1defd3a81cd6c8874ad896702aad313ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
800cb4f643465eb4e9a1908894e43590

SHA1
af9f48ffa0337269452db88a547f6229ad9413e7

SHA256
5fbc268277617e0ec93e02ebb11c1e072e01a40f2196a178c586688771251061

SHA512
2bc09afe72575a5808d3e1e640e723076bc70b3af9cd56050da595d73d1254877f53f18a55bb509dcfd351fed0c5ba2e10ec048bf4bfbed1f8dc9e65dad12370

Download Submit