hxxps://click[.]my[.]3plearning[.]com/?qs=cc0fca7339fb906b1127b94a078c3da8830455161d071fa16d239a28a529c4128469a9fa7539ad51d6156c45bf09aa166a41c0fed6c7beca8adc5ae0707f7186

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://click.my.3plearning.com/?qs=cc0fca7339fb906b1127b94a078c3da8830455161d071fa16d239a28a529c4128469a9fa7539ad51d6156c45bf09aa166a41c0fed6c7beca8adc5ae0707f7186

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
1060	msedge.exe
1060	msedge.exe
8	identity_helper.exe
8	identity_helper.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 2988	1060	msedge.exe	83
PID 1060 wrote to memory of 2988	1060	msedge.exe	83
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 4392	1060	msedge.exe	84
PID 1060 wrote to memory of 3768	1060	msedge.exe	85
PID 1060 wrote to memory of 3768	1060	msedge.exe	85
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86
PID 1060 wrote to memory of 1052	1060	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://click.my.3plearning.com/?qs=cc0fca7339fb906b1127b94a078c3da8830455161d071fa16d239a28a529c4128469a9fa7539ad51d6156c45bf09aa166a41c0fed6c7beca8adc5ae0707f7186
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82b1346f8,0x7ff82b134708,0x7ff82b134718
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,14695502017940147021,6690871655172991933,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\65140692-25ba-469c-9aee-288c1ff69912.tmp

Filesize
2KB

MD5
9a3226ced6fff74d73614de10a62b7db

SHA1
c6765c6f998251125ace7ad982e1c8e6ed8979dc

SHA256
baf7419a92df2234867a0cf8dbd5a81d9692b2d2bbe71bce734502f740bb6f53

SHA512
8acb7dd84d51ec83b7ffa3f04206b5da2e2036d8ab225d7d7d11721353562f151187d373fe29ac1b78302ad21e6fa9297f127ab87acff413b082ec663c52269d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
888B

MD5
9ffa6ec8f590c3b2428a4d4eebdb07d8

SHA1
1c5a2ff651241f05e91392a5fc633d20b131f13c

SHA256
6eb7ae255337740e7342bfba938e7ca73cd954df239193bca51442c9098b338c

SHA512
886f60f96e4879f3db756011e12977e088ec0cbce2c084bcd9f66bcd7bef1405329c7320737b8df8884c1c799cae5f671ba4f0a54f06c071b2ce67533e5b488b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
dfc35840dec7fa71b87c417b8d218b0e

SHA1
4b448cb0dbfa6154f6a88f67188ea2f4ad110fdf

SHA256
0e5f72c9a8c543bf998d1269559ea74cbd9da3bed1cbe0e693c1f66bc3b003da

SHA512
1caba84d736840c929316f90e8d6626ad74994c91e8196967c2d0558966922759373ae1108aaf024ca0faf06a220ea1bfd8d81908d2efb0ecda81cbc38f5c23f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c586e030ec70c2d8cf5e5386c874e4cb

SHA1
58bbc68c01a142769d9689372a6809b42a6f48ca

SHA256
7784fe0676b6e076910ed6d3771cd8cdabe9e9b57d47843a36984eda278e0ccb

SHA512
a3f2949a74758ad83a099b18a200dab1cb6076dd3cf220a46c33625da9491db51a5879fd10ce123c4013c58113c71ba046e604b70794f1036b1a575c3c244e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
58480e6d55b3e9a340463c90455e6446

SHA1
97476e93e792c9128baef75026afd7013fb50afc

SHA256
3e92ecbb6b27f91bdf1e39d8fc5ab99704e32cb3b9d4f041ab3d7d8aefa539bf

SHA512
073b37a255cfa9b29cbb8810809c8b86dc00876860ece48508137b773052df4bcf309a4cd6cebb06f2d5a7d05fd5a8c1d858a249b11f9c7c05bdf3da84042a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
39018475c9e63895d45e99beaaf079fe

SHA1
99f19702fc19b02aee313a68f6aabaa6828f366b

SHA256
f5a00cf4e608ca2fbb91171af47c8d67b92cc5a55b844a55a11027683051532b

SHA512
7a2a86b681c0a673b8eb4bacaffadbc2e0342c98d937ab4d505bdccf1570d1a5a916df7e206cf551d2d90917e5bb97bb309ff26e65585123227f7b1852c222ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ad7d62be1c9b484feb526d701aab74f

SHA1
732a71c5469375307a5581b327c4741b41211ee1

SHA256
f248d63747fe438f23cabd5c22e875d899493f0a41426723774626848192c446

SHA512
3e1c6076a21f16f3d3136f93212b7fee9123098d93e86bd2eb447bd36da77a78937af4c79463514ed278f6b523f07dbc4a7ab1c66bb73af120dd3bf12646885d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2de73c7d7cc64ad7696b8b799412e75b

SHA1
7720aa5abfcc074aff6170004844859dc64b1565

SHA256
ad815b8232346e97398d92bdf70f9bbd877ebc88d4f15fd3487a8142cb091ac6

SHA512
e84f143ccbbc9965ab2c28f25d37f43445d0eea3cf1f0af2d3d5b0eb037d18571c10c25731a2eb4d71d3b8083ca53338a46947b9b0ada66b8c02f734291e1d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f4e9e3928eafe3eac960b3c03bc027b3

SHA1
9cecf87e913154ae090d729da8f3486c345cc306

SHA256
53b1b6b50e88f4c03a5222497e3c0959fb4c5638515e943a2bd320d304dd6b9c

SHA512
df558d1c80f891d4335cac73c0004ffd4b0f67c9ae7677e795f4ac98b0ddf67413c2273bddc004e4e4f75fe967bcecc16d76a0003ec148ca2b39deecd4201df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ecd1.TMP

Filesize
204B

MD5
83f21f6ed32a107ba61aef97bbaf24d5

SHA1
ab9a74dc2e35d75e5642700eff6fd8de0c6b93ad

SHA256
ed8ea2725ee0120ff59b595c1f011bf93fad593e3ad313b18514b9754a30f2d4

SHA512
47e5fe4212684e4862fb1ff853fd2393afbef0ebeb825b81fb5d994224344bf4691abad662512a26dffb4f43e357726d9afd4f9bae193ee6c0ddb87c2ea43058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e4a770659ca0da7c8fcb8adf58a9bb5b

SHA1
dab64b64a967316c80d19295165f0cef30ced74d

SHA256
9e9fac9791fa9381e84739d1b37980162bc345ab5a21c82c3ce12156a4d14fd0

SHA512
991ac3617de364b76dc39462fca1c1de9a83c12cdeadfb06839df39ddf87c55b6553056dff16621cc57ce1d3e66c737f7f20dea0d5bf642a9bb5097b7d622c87

Download Submit