hxxp://www[.]cacci[.]biz/

Resubmissions

11/07/2024, 00:07

240711-aegj6azfqh 1

11/07/2024, 00:04

240711-acktssxerk 1

Analysis

max time kernel
117s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.cacci.biz/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4308	msedge.exe
4308	msedge.exe
4572	identity_helper.exe
4572	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4308 wrote to memory of 1652	4308	msedge.exe	82
PID 4308 wrote to memory of 1652	4308	msedge.exe	82
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 532	4308	msedge.exe	83
PID 4308 wrote to memory of 4548	4308	msedge.exe	84
PID 4308 wrote to memory of 4548	4308	msedge.exe	84
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85
PID 4308 wrote to memory of 4720	4308	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.cacci.biz/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff8db8c46f8,0x7ff8db8c4708,0x7ff8db8c4718
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11934666470373307229,8181353474544839003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
20KB

MD5
62f1098a9d0b2752734c4d3165785d55

SHA1
8c9c3d595209c91f9a315b07b5ae4a13c3b56b7e

SHA256
9db11590f0bcf66815e46539bf9a5225c2e3121b0d0606019a829417dcf9a1c8

SHA512
e1b9da22dedcc5692a9f87c4fe821b5668e471bae4d3e7e0f0d3423892df0d842774b2212c664a1c5e4ea02046a1cde9d9e8829eb258225c7100dc8ca0a9e65e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\accc98b761c5f6d2_0

Filesize
12KB

MD5
6b7de8c64f3dd5391ab9956b5de438d4

SHA1
bea31c3f4b9192128ac654919f27c11eb53b4055

SHA256
cd52caf559e954076b133d9ad96e2898fbab2e08de4e27b4b2664f6a0800ddb4

SHA512
800cf235db4a14e5933ae5973326a7f4d96a7dfbfe515261bfe4b371bdc5207759dd23621e2e452d3946977854dafee2989785a27b6b81dc64f1aa4b0d750d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
6fd8f0dabd46c9a0b1a86d2d355cca9d

SHA1
925483ea84789b34cf17350fe55d0b5c1e1577cf

SHA256
caf5b99d87572470aa21b4316366692653d0c5d8a2477da9f4b065d20fb1f245

SHA512
40861ecea74d07c99dbee04e2f225870a9b8602dd8fe096f2399d2679972a0586698486f243af161d310e1625cf7690edbe57fb70f3bc4f2e399a391137daa87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
2701a1c10a767ae1fcc4e0f436436307

SHA1
19e66b4b5f671b636dbb1fe1ea9175e678202ca5

SHA256
6d45d80a49533ad3bd54edb4089a94634326a58cecae63b8d5e5673afd4ac7c1

SHA512
cb734f7989a54f32d35020e3d29eb61a461cb0d981cb5bb9dfafddc30149257a15f98d7c2cbd589c9da1ae7b7d8f54de5280290783f052fc7df67438473739cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e1a5d556239331a101a985259fd264dd

SHA1
b7ec8a31516cf854ac8321934f0701e7251e80d2

SHA256
e60223a2eb193d443f091513a76e5736f3dd032ce94ebc1f5b9b8fa94cb04267

SHA512
f22a0c033ed3b11885dbe4686df36e8c2e56ea6f4824be9b9d73e546051789754acf23f104cf92a692d48f62e8dd5372212d773108eea94a8434234c9a0484e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c369b92176dc000b33e760d1766bb94

SHA1
2fd87aab6d2a2e88ff67415e939baee325409cf2

SHA256
6120e8b68188054259cc32d6288a2a92bb35c53c6b499a8a3ddd52bf4b80f91b

SHA512
1e66035c398ade395918a622aded4d3ef6487cb8c7dd01e21ea64b2986550bcdcaf2d8be1630567fa5fb95aac90944f7395ab66cda68d9445d7cf2b78d5ad8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d02d8257084c11a5c00a9d3c9630d5b2

SHA1
002d419d8525ac0158808767c42a2170a96804db

SHA256
2d324fc7c18d5c0a9af0851927b952d21caca553f769811a16878c1f1ee846df

SHA512
90e04f9398a09d64daec9d1eb28be8955f031675be88a1228c87125eb74e8dba4453d8f52a538ed13581d06681d8096a4ed42cda6bb003ec9650c4ef859fa340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e2c638cf667f4ad61692878a508b492f

SHA1
12cb8dea94e52f4db80c3e3f987fe67f5136cca0

SHA256
9ff8224e192c79e581e5f38c37b57673699ec285fcf991e6e5a3c64d9ead8662

SHA512
1086f782705e14d8ce93c399e47c94c8d8ec11740304acd0c464a18a9bab9d591c1456c0ed78de88e7f769d4fc0156b64e5ea62740cd84e7c741dfd3d9bbd744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7d521a8ab1ffd9f976285a174fc5a203

SHA1
891122717fea5ea3535a294e9dd2c68bb4b8e10c

SHA256
3174d94c9402a857b73660b4fc6f347678caeffed2bb00e4d42bf9021447edd0

SHA512
d53519cfd5c951465a833c046bcb35c4f54bec9891bdb0f44f2a6ad0de8016693a6529e88229462fcb9f2ce985145bb08cac276d6aef6f8bee44f90a316ba760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b4c6e8c42c180fedf9bc485f51acaf81

SHA1
d8c402dc1829ae04997bd1c9ed4822a391145c04

SHA256
34647474040b4f8b1ab55fb2a2822aefbb6fa7b38243660c9ecece6dc4ef3830

SHA512
921f7b5b84e55531414b6ebe28c9c2a8536a42c9ca3639bbc76bea6c0683e2bca3a704acc6f11fe327805ec4dcc41e152c2b0dd05245e85920a99286b41848b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
5c27687502de26931edb6c2a7564cf38

SHA1
51626ef22d4b901772dfe61593631e1fec0a6fa2

SHA256
ec2d28a7f9282f5d4e0b5dfd670d601897013e949c94061578ae05c3673a3a56

SHA512
a342ef8f2f7aa23a21c65a8262ff2f10219890d8e6322b6fcc614dd8ac423d7d6bfbc1f0643730c000eeeeaf8e05a13857fa0147d5fc5ac3fffa4535e649a511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
1ca3a35f17faa6619336313a5f011dfd

SHA1
399deaeed15144a54d425c879654ee5e0bb5d4c1

SHA256
31fd84af0ea07a3dadab95816343ef45817545f5e21edfc8ed68275ad3c138dd

SHA512
2cc1f5599be5a9137ce151f75d6f6cfc8935eb1ffb259c58634627ebfed53e32cca58402162cd972da2c50f08ee656c359619af7fb61b22df33f4b9600ea93e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5822b6.TMP

Filesize
370B

MD5
5b8f4bf9902402756c617c42ecc0c837

SHA1
8dce614de965db98ac0bcddf30ae52382e55c4ab

SHA256
1f0e5f2e29820b33eaa373b29f7f5f4529b3eab0987ac0c15ab289748e2b460e

SHA512
afa58cc21501f266c29e7e3e222c6e0f738cac1683bd4cd72cd7b08b661f9a9517e0e19ad8dd695b8a926e0bbdbaa80c122d82b62d54d8f992db1dd1e8c63731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
243bdc506df57a0da10a06df94dbca2f

SHA1
a91b1b9e40916b127de42c0f604c8b0f484be769

SHA256
64f629aae4baf5dc8143ff33c12cb0cd11d374f55deb435499b8fed47c0b5326

SHA512
4ad12f89c6fcec48179fa3fa4c5ca11886045e33fa378125c8249ea2390fa933b68796545a1498806f73aa2877cf306934915e9ee3272f72eba73713a942315d

Download Submit