hxxp://media[.]bio[.]site

Analysis

max time kernel
240s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-08-2024 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://media.bio.site

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
1440	msedge.exe
1440	msedge.exe
4240	identity_helper.exe
4240	identity_helper.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 1356	1440	msedge.exe	83
PID 1440 wrote to memory of 1356	1440	msedge.exe	83
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 4272	1440	msedge.exe	84
PID 1440 wrote to memory of 3088	1440	msedge.exe	85
PID 1440 wrote to memory of 3088	1440	msedge.exe	85
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86
PID 1440 wrote to memory of 1556	1440	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://media.bio.site
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae86e46f8,0x7ffae86e4708,0x7ffae86e4718
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16983344587349030716,15999887713057584233,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5576 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
1024KB

MD5
73cfd87f537a4cdf4eb0bd2e54e78f32

SHA1
5d62ccb0c76c2c4a041e9b1499b5c06c069b0294

SHA256
3c8097833a28dcd8a49ed2cd0ad62618f48e97b98605bc867127ef0fc3aabcdf

SHA512
99c2a765786aa21760122d4713d00a0fe66ce91bf185a0975b1b2de34228941877b99deea799ba15252aa3893b93bfe5a04bb3e6964d4374cfe4fd763d9222e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
d2a3ccf4369c30755b087e6d7078151a

SHA1
210186831aedd8fac1ea17142f5ba05c60ea199b

SHA256
f46ea10e65ae8772a8e35820b9f1d81d2338d0ee6d7d591c45a2e26d06df6346

SHA512
80776f11a1db4ac5b69f613e866360baf5a7b9c83cb38707e94b093b0b1957b3099490e8e6453e2c2e59b483addf029cbd60f70a6742343e4f42bdb62f077844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
da085e1a4304361d01250a24286adedb

SHA1
dc688ecfa98875207a539b752a91b23c64e69c32

SHA256
ae574c0e83b06264d581214ecc638017a8c07138cea13250bcec1a2f2d24420d

SHA512
d21b8ef89d14700a8add0d579f3ca7ce2819a44d07ac3187f0164c7b4c837a7ec11c327b17895f29944dc9dac166eca8ed1cfdbe19e76ecda7b5bb057c035b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8d19790b7bae30d17cd966887bd5372a

SHA1
2f7b2632d8c76c6c34c0f3063b85817395a7d1a5

SHA256
838009b287a04c2f768f05ed45d596966014aaad3c67acbc24702de0cbdb1a47

SHA512
d245e7160adc7f36d15f422ce3b44b7d94d0cb7820a1ebd4a5e73b4d5ac4673c13583ebcdab4baf0eb8f8e09e8a567c47b625dd4d7ad39495f14cacfc0fcbf0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
656d3a22697f4177d27f787a1dd8f896

SHA1
1ab862e84233e11370d40810da56a08628102e48

SHA256
10156e8b2a4e945dbd94b7255323ce893b97f10a33f3cd2b1cd456b34eb0f341

SHA512
7b6603a84ac929fd4fcb30d690d763b59535f7c326495668a2a45e02b1d0ab687be8e6432214380631a8e4d45b7196817f29b1792a6fef4f2fae150fb469a61f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a410216f01bd3821073707e3d731c0a4

SHA1
3cf02c32055f4f32e2ff0e81d55d643f16ce7d10

SHA256
df8067b3308233eed9c4982b3b4881c504fa8d80b78902b05334bdc365b39550

SHA512
24e75b1ec8aafcbd95f8e31c0865c196e161a316a9ff556c4d93854b2f34b65c0c4c68153cd7860a5438a55fb3fa099c9a12d8a84954da0b639800935c7d6e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3b85674ff10935de6d0a02320ae6551

SHA1
ac4d17cb7535ac0b312c4eafba9a22968f2ccf1f

SHA256
41e49e02a9365898e536018ca1f1a9d4e2609dd3702b74a89431f9cc144c78e7

SHA512
5b26934112913790c68a6927200fd56a8690eb2f513bdabbde2b224ce5db9d137502ad2e7563002358ccb2b3477dc3f6b42d9708989b372cb4275f394596a175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c791580be117f8faefc130b0af745e46

SHA1
e43d5468574c3ce9e1070f057308c33065af8daa

SHA256
6dcfc7f4778c4e2075e7c6ec83feae74cab9cee883533f8445f10baf4275fd08

SHA512
b180fd0718651be908af9ed734cb4da707bda89044f233ee44690f5b0d09c939b4435c5539193cbfd5c66e7f5c447c28d9c5fecc4242f0bb70ceb31416249e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d7ba8ac7fe5a9a1266f2bf302bab7d2

SHA1
56ad09133bfedeffcbb2f022d92e855afba26b0e

SHA256
84129e3e336f8d4442b911dfd3e8ecdb7cc4cdcdcb55437e8b6ba07811dcade2

SHA512
1be96669a0e60df14bd3f55a73be99532d6636c7cc4eaf8dad84f6f71bcb9497b8d7875da5dbdf0c2a483572467bce88bc8d464d8e540600a2411f6d8952bf11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc5c8797f63a48296fa67cb6560612f5

SHA1
d94d0a153d50110a68fb96dfbae8c4974b547e5e

SHA256
54486c53c64132a229ae9b498090c0f573b35e718e37ead758216ca9c92a7ecd

SHA512
7b35dea8eb6f60d5eb0dd0b4c2f27ecef3dd777dbc215e97cb5aa8550efbd28ff23a045a22395ee9f2618ff8ec5c139e6b9e8da639bcff2cc33ca48fc7ef07fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
4babfed7843948bfef20b0ee4b253d05

SHA1
c4b3b28e662115b22207efe2380971d5dc629db8

SHA256
5f30ccc1afbe21440353dbfb7edc00e56407b50d5ea26b814d84fd5ec43253c0

SHA512
6028b952560edefd338103dcda137afb4a94d2e5eebb19e99706077eca6503c1e7daccc89cc7b7fe224f7fa3043e7db34866a6a027700c7ca8fc18c968b32b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
4daac2f91ed77d595425b0e417d1a491

SHA1
4f91343cf9a11574ac317326f136e5d748b2c50d

SHA256
5aa57bce8c465888d665e0d2d2511ad106b6004b18f92bde9f665246f2f9f9ff

SHA512
5aeb348a01eacffcb89aaedfe42a4856c76e123dd889227a44cf84029c275c84fc7a0a727a5fa4fe6a609929a5350278be20284533651a2074df5891185f15d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8570cc7e677337d50d42b415b7eca6f3

SHA1
79f41cd39884464039f547e0409d612ad41ba817

SHA256
5cc70af690b7159029e32ceb78f20724e68f413473ac72f6e1343d1260e72833

SHA512
67790b4856c712270cd9c82b4d29198c3d4534936fb359e48c1d6bb3937b370d9451b49e289930167e4720aa290505cce2486c0c4dd97cf491eb42378f5b9d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c502e11be51867cf8fb47f4e8a0a980

SHA1
331b0b38505d057cb7e33604597ab3caaf35450b

SHA256
27b66372a5f4b664d46295d07386da66d57eeef03b20d7e472e7953121f409d7

SHA512
3c6a8abbc6b209021a308e267fd0be6c54392d2cae5931f0110c5d877ad3f1171ddbffc2f415f16b94bfeab33c839e35bf7ff88d0d95f825d48241f623665a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580a4c.TMP

Filesize
539B

MD5
c5a85ceca6761661881cb7d764a2bd7a

SHA1
18a0da09547a7393a02dce5253e3bab227d8d29e

SHA256
94c52b095b6e635ca936ee0ceec3d99cab18ff24fe6853206f5fb4a0cd26daa7

SHA512
be28a0c32dcfb0b118329e321a4fa1b1e945b8788f46155a65af92e7a7055616efb261fdbc445735a82e4c5bd7609d348d8d8d77efa2303cc5094677ac38a868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a33a5ae8-ee1e-47be-b4a0-7cb25b043ee3.tmp

Filesize
7KB

MD5
21d5104c9d7f0bd7d2769961336d03d7

SHA1
d17e672d403b6d99238dae69fe4dbcf8297ff964

SHA256
9a0637695101557b34b14c39b0b7fda032b5c78c25c8f87e65facaf7e429404f

SHA512
1f54841dae03d5236ac9449424f0598a84525b117f250ff669411e8cb4193e1b3853e9fa13ac92c4cfb85b9ceb023471d85723642b0079e7168a4d2bb80ba8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c13ae5ebb743375e658c92b5d2b5df48

SHA1
d13bebba663b8c18b496670bb6745f44cc0135e4

SHA256
cf8a13f770c0f0532a6c409584baae7d16073c420d8f19d2bbd4a17db9d1f29d

SHA512
201ca09c55485481d8d8acbb676870cc728e5a775fa12f578806a9156c52ded99dc23d452320c1577b76f471ee216afd7ba5dc8c0e721a88b36b96977629e89f

Download Submit