hxxps://invigomedia[.]com/medical-client-successes/

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://invigomedia.com/medical-client-successes/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
2652	msedge.exe
2652	msedge.exe
1152	identity_helper.exe
1152	identity_helper.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3452	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3452	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 628	2652	msedge.exe	83
PID 2652 wrote to memory of 628	2652	msedge.exe	83
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 2456	2652	msedge.exe	84
PID 2652 wrote to memory of 5020	2652	msedge.exe	85
PID 2652 wrote to memory of 5020	2652	msedge.exe	85
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86
PID 2652 wrote to memory of 5064	2652	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://invigomedia.com/medical-client-successes/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff815d46f8,0x7fff815d4708,0x7fff815d4718
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4008 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,13120051056707948477,16263716350992095181,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
1023KB

MD5
c48d490738b009955ad021e51f950c7b

SHA1
56dd6d12c5851764095e1c9a1aab985a24cfd00d

SHA256
30870ce93d5b57597e08d2f6466f9731aada4484a18203b0e484014f75b00c2b

SHA512
e26daca44fed658b28e84471e39479559a1e751c02bcfa950aebbd8a8fff446e75a267236682d58fa0eaed25ce9f6204b63bf14f4923573d6ba63395316b46d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
927KB

MD5
2c6c72a2abba8bd03c9c8eac67a1fceb

SHA1
521ec1f2adcd5b0f5b411a784c936762bce822d9

SHA256
492164430ab1585271d747e5db9d60da1b902c71b158d33661790d6ea5ea045d

SHA512
4d7818870d459a25d1ee0bb84bc91aeef737d8b4f44dff806db0e58e922fc2d915b2776f7420d7185c479cae510a9aad9f6e82c4462a35e020933b8336190b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
879KB

MD5
0da2f774919b7249e9c91d689b71d67a

SHA1
890f481af56425214c4dc4fa72a0cce07b8d0f88

SHA256
f456655ad8e4a38b73106f904668bfd3dda1b9afce51c68bcbd3687c1037fa7f

SHA512
f0bd71dd5a50301e49133a9bc0ac0c072408c24a07cfd24bffc76d161190278fad952da177fe3143695cbd252650b1144ecca245863d0304ab26970f325947c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
ce91ce5fc87b4cc39c1405724c0c02d5

SHA1
e883e0c1eb450331ef4b4a0ff1d79687d8f65348

SHA256
1d032753b06150a97bfd26396e72881252beec05b2ae241625802f4691cc04ee

SHA512
195fc008be06556e99ae4598d872613b1d12a65c668c9f4e651a5bacdcb62e3f3f75e4551a86e994fc2be01a4b95df264456f15c5d69f12663d87b429888c51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c2b81a4fe592118498af4faddd266919

SHA1
c5bc2992009a286b652917a7b27dfe21f39c5bff

SHA256
e7767f729a70ae63267a9047df55f7cde821d1d506d0bffd984d6e2919972fe0

SHA512
1fa8130d542b0bd64b509aa6446c586b052fd7f936fe426393548ee45438d9bc196e18270fc40cd53955ee20147dff9cd2ae0789cab34def384104dd31043a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84628ec930f0b2c30d11fc3931e35baf

SHA1
bb49a30e1d60411d301c1c5951e625315c7e8033

SHA256
c3bc88b818a397d10795a97d57de05eecbe2f5a3aaae4a45852fd869ff2f81ee

SHA512
11aa0c1110a82ace2bbc4468380cec865693a70952743fa63734b083c8296f3d1b74a4e3b2f2aaa3103f3f9ff0a357647a289b99b51984f2c683acac9dfaeae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4f510b525a4b06bf8f278b743557b4ac

SHA1
0c2ae54038462b4001b8b361631a30d4e28f9bf4

SHA256
02d2d29a4a123fb0d728999002c48e45182cf445174fe0e29408efbe71c56253

SHA512
cf2502814b8bf81e419be62dc0c376b9bb22d7e17640f8ffd5cb2f6028e4f64e930c4f6361308bd513efbbf4b21808365f338526a83e7871480751519f2c615f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5ea8935e5b8ca7c91556d7b0e4521aac

SHA1
666ebb327057755a76e7170fdd593907aa82ff8f

SHA256
eb833e9cbb5573c879bfc1be9458f1add6e2fb073a170408e9fb36c1bcba27da

SHA512
a6ac6c57c4551e462f96c70403d1ec4f0be5e072bd3f1992f61c89c97efcb2a075ef2217a12729b9291321c878bc79d3ad51f3629a9e015a1b6128fbbd8a79b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2a8fdbafc72c033565c2ddf25b9c0825

SHA1
0ac17f177ab244e79ce072f513fc5e7cd7775e7e

SHA256
bc989bfa665a4af0ac4066be3d7f225dc7515486f994c277bfbdeedda7d4a2db

SHA512
4e9a28cfb346152939e861801b841cf24f204840e7d29738a7bc9452e765d74d10e444154ba4a3c33ba0433c0637c2709cab454302c60e54c03d5930e382a5db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582575.TMP

Filesize
1KB

MD5
45b71ba5348199873eeb50d828fc8abe

SHA1
721e56d964f844c1e69b4d26fb3192b298989bd7

SHA256
c18fdd3b5cb20f0f89f1eec34d0f3bfbef8b834fd5cc5b1cafa589b1fc4b57f2

SHA512
a00d2e6bafca0986548d9696bcbc2ba7a55905ca46fad7099e8a3ebc16dbdc770a747b4877cb15f28fcded18b0120ca6fbfc202a7d3b46b6e9a81a2b211cc36f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
58218db8a56b0d0e8c81556fac89dac6

SHA1
be7f1776c799501b09c184ecaa91cc86b88dc9f0

SHA256
25e78a9c6f2e8e25a5a733fd353e4a3de1eca86cf974aac62cf4fed3077ddef4

SHA512
df3c55f91771edc904c2a04989e22cc26fd7134a7dc5d0d223b47a738d39dec0bdd11c659e9ab80a3c3670a241a45f70ebb96f9ce824aadfffd558ef1787abb6

Download Submit