hxxp://sparkelevate[.]ru

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://sparkelevate.ru

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
3968	msedge.exe
3968	msedge.exe
3636	identity_helper.exe
3636	identity_helper.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 3872	3968	msedge.exe	84
PID 3968 wrote to memory of 3872	3968	msedge.exe	84
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1004	3968	msedge.exe	85
PID 3968 wrote to memory of 1660	3968	msedge.exe	86
PID 3968 wrote to memory of 1660	3968	msedge.exe	86
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87
PID 3968 wrote to memory of 4816	3968	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://sparkelevate.ru
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb96746f8,0x7ffcb9674708,0x7ffcb9674718
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,5281294492429321393,16987661214229052018,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3164 /prefetch:8
  2⤵
  PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
30KB

MD5
744eab136a51e0c34945c56ef5509d09

SHA1
4740a7f88adcaa3e0759443cf29ad873aec971b5

SHA256
b7841398054beb5a55270f0c1b8ca3d6ba2f774c09c2fed1019e4e76bb956c24

SHA512
4b0ee7f0ceb2e77a05bc709708e6e2ee3d9fab467f13903017c078161693164937012c90c171bba1dc5de37519844edd3e676c970692edbc33342d06e45fc9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
43KB

MD5
21736558598f8db19875d1aa80efa4d8

SHA1
0880d49da1a52a6c89bb569a379589e5fc889063

SHA256
211c51897638ab0eb1bafdd85d0494b687696c1232f715f80c039e6ebd0ec8a7

SHA512
c5f0a0402632fb010d189eeb823d92f074332c6c25bac3b8edbd5a1c8bf585a88eedc24b0a0e9fcd552dd37d3ebd923b84c404cdcd180371bd2588b219d81466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d719237b1698a5b1_0

Filesize
3KB

MD5
9d95be0da02a4e9970c8f89e4be0d3d5

SHA1
e8394a34ec84c9f60b0daf005a5991ce48675c19

SHA256
d085cb1ca43a817d309e5ba42eb9f20e9887646b5721501a48a61a1e63a4d5b7

SHA512
136f6e85607c1d049c8d9a0a956c2eaee176708fd882f7b9b651900ae1b9482f166739a9edd944156c24233a27bd8d28d22e258882c111b200688d1499994cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
03712657f53296cedc1ac4140ecd4a25

SHA1
166ef254a93a7423bcc65eddd011d08edd04f01d

SHA256
aea927da5251c82c4120d2a2d753f931630cbc987ae4f0797421c32ea81cba79

SHA512
c9a4dd38bd895e2146011e7484f99541112dfc0a48047ba552d0c5ed17f9500f0f2c8fec30749edc09cdbd6be22ef86ecc0cd6f7d3d7ac045205c451cbcd426e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
894B

MD5
9173ffe2d4de58e611759b29c72d2682

SHA1
3288fc49c0e1a4d1927056d81804f193f3bbaf3a

SHA256
57cb3465af722650b90685aa77fec433d8f48e034e660544b84d91c5d2b03819

SHA512
9ee818d092462ea42904bbb841684a829a864c98481cde82427013a9f74516a6998b1eb8e6a00345a8b5c5fd5ebb106a8776c01a6ecd788b5c56e390da1f67b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
284cccd21449360db8db13e67958d394

SHA1
40fbf932b8b1608144d81f6f64cf5d778b5e664b

SHA256
c42d292c3ebba638df103a20a5da3e8f808e07a43d3dd610d645c741de66e366

SHA512
5e99569722870536a748f548597ab9f27d2bb76253f850598d0a8ac6f11b0d1c48da502f5c03118c12c76c33397a7219ae80a5fe9ff87387cf52c6771b118202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ed32fa55f555fe490540a0e05ed249e

SHA1
b9984abbca582509d7309114c67e507cd8221e1c

SHA256
080ba7ff07b72b95f5870ac41779c7b554e2e248bf77658efa0f8ed03e4ad2f2

SHA512
f59f811b228a61a237dfd31b63dc16d14a51576688d66a7005679ee5943769c853cc7d9f12a8737e2673c264ce33ab24c369aa341b594ead2fbb13efe8fca4cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc1861a54f259c7bd0b0946127e29794

SHA1
bf79e9c7ec39c7988917dfbcedd56be8276c7499

SHA256
ccbdc92c1ec5501272cb87d0de31a3aada960229e7a16456b1aa5c1463ab2cc7

SHA512
53c8464e4958b32b595f7e3f6c26e438f34e2be2aaf203dbec4858257aa35394e0beee12499ddb6d48a6b400e1782b26c629c5e2353959ec023169ac995dbc20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e863dde04dc01588584f83ffcd8982f6

SHA1
4f683cc926cf378af5d599944ac1519f5738a6b2

SHA256
6c05477bb6977befc66770c14f73037e261947044767d3ae9fd76614f056f807

SHA512
2d723dd479151d46bf163ae2096ee56573fb37b57f2f6460850aceec5a4bb4547121d8156034f7129de65bca134671db0b3e4f9b13a00956cdd486346a6d1e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8647fc19b1679b552777083ccbc57f6b

SHA1
6f757eb782f782b73b806bd7368b189bc512424d

SHA256
30e72656beb0d60cab6fc7ddbbcc4c158bb16467a5d9024c6caffa4ac2cd88b1

SHA512
85c68f32c68ac30c88fc3b408e2d65d64779896ebe7b4ad385fcdb089fa1946198e2c7cf9dd075bf4f860b12e054d126e729132fafe0fbec2550cc8bf69e8df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5459883f3c4aca9cf25bc7939d6c3191

SHA1
f65ce5f7dbbe9d8789fe323ee95262ae277e0602

SHA256
a6e0437ae3597f8efd169f1db824aa4cdbd8a59d918468de26b2bf2997cd9793

SHA512
3a33a05a51ab067020eab0f714345c15612b930431828a09adeb246787044b510a01809463a5d745fb4d0c5f836b6e43067125c85b9291450499a350b953742f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98e598b63ae2a2aa60c51c60cf8d3f54

SHA1
9c2faa3f118abc074a9e74f60bd62cfc34cf2151

SHA256
2fc962c6f4a699babf85a4b7fcd467923f957a79febf720a2230889eb14a4a9f

SHA512
fdb8f584b80e512f73c414b3ed1c1a9a8dbd31bb8a6eaa04f44b69a8a38fc0464d778d5e779d34d5cbe12f1cce2aa4a257a362507db65aaf007a804efc1ae6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
54d5971eeee30f8aead515b089d37871

SHA1
5a7fe316c258199f6ccc95cc45efc99bd251e6fd

SHA256
91c0a3e76e5fc1353ba1a5dff87306b3aaecda09635e5a6e3ce90f46424af135

SHA512
7c5cbd2b0bc393ea4edbb68eea13a4c7422c615eeaba76d3424afa97c4c909e0ceb0b4d594a3607909bf044e85123c8f08857a185c55e04ab16b06fb7d860a9f

Download Submit