hxxps://aft[.]jhahosted[.]com/human[.]aspx?InstID=6154 )

Analysis

max time kernel
73s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aft.jhahosted.com/human.aspx?InstID=6154 )

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3172	msedge.exe
3172	msedge.exe
3336	msedge.exe
3336	msedge.exe
4608	identity_helper.exe
4608	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 5024	3336	msedge.exe	86
PID 3336 wrote to memory of 5024	3336	msedge.exe	86
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3524	3336	msedge.exe	87
PID 3336 wrote to memory of 3172	3336	msedge.exe	88
PID 3336 wrote to memory of 3172	3336	msedge.exe	88
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89
PID 3336 wrote to memory of 3288	3336	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aft.jhahosted.com/human.aspx?InstID=6154 )
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0dc446f8,0x7fff0dc44708,0x7fff0dc44718
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5629165336760567814,3856483003210488708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:5864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
24KB

MD5
fc4554b60957dbd1b1898b04406b7c4f

SHA1
973c9227869ff4d2f634f817b8a2be5c11164ad5

SHA256
bee5da047d0c354292535b693af6cf605cf4e1ff75048781002f1169b1c06f01

SHA512
a7947a9a34dccab65fba9bdca7aa0d2a030ba6ad48498ebd6863d1909c4e883837390b2d57b5b0140d63b4faccabb3a9d5248bef45b8245f96371d88915b48ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
48KB

MD5
75c63a258cd13db65fe08e7f32a91ea7

SHA1
1935b609acd18bb7309360bb30c9fed5d0d3164a

SHA256
fb665cbaa4cb53e9dbb21d695c22f580863d5d39f7b3c93c8d005419bcf4a0b6

SHA512
5503b47122aa5422b8a0e9ee613c5a4bb2a18662bdfd87bdff8f16c3b95ba03ca40fc89f20b253fa74ee359db3ae74d33fb997361ede4319926569c5ff62196f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
106KB

MD5
2b321864aeea4fd2ec909c4134c6c72f

SHA1
ca8cf2b272cc26193cfbe12d73ce4a2f7c8f4b85

SHA256
e9a267b26edf5651b31d2e2ad3327958242133a12a8c5e709cdcc429b66779ea

SHA512
233b9791ec3a355e03c759a2d0bcccda677aa17d69c5f22d3711e0652d84e76e3af2ddf963840ab3294d6e5143a9ef316205d2b41cf1403b5d653b07b0d080be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
5.1MB

MD5
51a7ed32f383dcdb83259c42cb3a0a7c

SHA1
15e7b144a78bd3fe15c12ecf10be16a9b71a3d95

SHA256
6d72f85a38cbe972b78560150ca8bc3ad9b2c96ff55e4897bc74a39906b629a5

SHA512
ee1b80250c12f1e077cf83648c1c3bb45712d7dd5121dff98c08b27e943d9b9b6c353d44b61c9e0a4a74267b09b3380c567092e0b03e02217256042e67b87267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
1485d9fca9c4950a2421b2a5b5da54fc

SHA1
163e6bb3773acd2b36fbc850047a1c5b5c6ac641

SHA256
6a37002c91115a52b007d95dbc4adfee4f189adacd5ea29f8b20e2207558e93d

SHA512
996e9ef8c97e93355bf267a06280949ab673f1ab61c83f44f85f29771a2f0385055be292ba0b7a2c002376c98cb8ef38d5960da052172e0b4553a826a2ecd618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c34320f2eb0fb9bc5f05bba1ab04db3f

SHA1
d0b42ccb03cded2ebd891000e2e9fc04113e3eec

SHA256
8cd6d870de68c5ed9e86c95def54bbf16b96530e8a544c36b3be3c9719feadea

SHA512
2115e3abc251de1bd0326660224f2ac10e4a3a4bbd0af96448f58d6e41a0ac4b95325f6ac50d996033d839fd36154cafdaec6dbc8d50e436f5fa5bc0579d7203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ddee8b73bc26c940b31eb50db1427cb7

SHA1
284d8da596756c1e518ae40d2f9b5907c1065be0

SHA256
56a5d35ffff242c75b67eab743574a9c5a6946535ba1d6fe3d7e57fac34b76d5

SHA512
655aefac5991aff27b1aa376fd7aed47a4c3462267bda5a3b7d5a2b7d9181960896edfe6c8b2a4e450ee45649de880aae48af5b45a4d6a2968b8dbc668298697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef098b72f7b9c21ea825062b384e2bf1

SHA1
03b69871b7309b841bed676e00608ff0bf330344

SHA256
5ccfb407dec103e76de27c85d1f67b906afccb07a8b41902f99bf9fa3026dd15

SHA512
0d5f87a10b405f78733daca8e4479a65f71b2b4034438e18e27495f9b3b076d6f0d77b0e2b2a6734008b9dff2b89969a44fcf46caf3e3ddedfa2a36084502b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
eb3096410cc70a754247bd45edb5f522

SHA1
4c10974add764bce443ba8fc734f6544ccddf5b8

SHA256
6d592218550fb2d09b74975d42897a01d3439d3f88d81158cd46615f06c18167

SHA512
e72ebb8f3d5faf547a8a807ab9d45806fb734ba4881927977d4279a6c658b64e81699ce3e3ad894c502ac56bf335f0dda7216735ed08be7db1543fe05150ed2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b7fb3adbdb17fde66e92fd635a665f4a

SHA1
f437f69df3554a0c355800f6f656b19d7cc54ac6

SHA256
652d3fa0235a3d873581ccd3309deae9faff6a70f535f87ecbe1114d99136e4f

SHA512
950e79b32861b5a650c73730a38e05720f379de6eae813bd5afaf050253b860d103aa84a8665d6a8971df3d1259b668633595db25947e6ed5ea0016e45d07309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e8a5a8b9798a990cbe66aea13e57b2cc

SHA1
d150221a70eadc65385764d8d1162626e3d63769

SHA256
8723af1531e538a416f66302c11eca6a8f68893329c9baa4a81c635df3baa219

SHA512
4a4077b518fb00fcd4ecd0aa851b132b9f1f0fa5936a36d594c294604eb8268f123cbb177c0f0abdff6b501064892eeca7f04b88d827d9187183cecb64c3a05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
5dc1d69aadfcb2fc590ee11b32be83ad

SHA1
972f49761956dbafd856a84eb97aa4b8be6f7079

SHA256
37c0ea09e30dd63299bb8da1c6162db239b06fbef1c8175af9dd51b553c5456a

SHA512
277e867d06483da852509c717454e48d2aa18a9f6a74ed7950f3477bc0f11198e22dd47917d0dc63e4457b33176e4acac6bc2ea798d46a6f596ffbc639859608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
7f4f77100ed4367e0c92e8ede442f780

SHA1
077180639aed52b8fc5f736f686df4fa787a0cdd

SHA256
b5def4d43af8b596cdf0fd643cd0b5db3304319dc1f22a505f2b77e8efb5344a

SHA512
13f50df4e61df60cedbe009ec8ea26c530dd0b94f3cb5e559d24e85d62a8bc3e683328edf92f03c419b4c7c61cf5846bdca0162be08147795f348662360e9058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f944.TMP

Filesize
204B

MD5
32a9a710af7d0e7c6f3ebe297e2bc1a4

SHA1
faf79899a547f2e6f9f83742fc773f152d2c09b0

SHA256
3f4ee6f95c550a01842d30a1a0951f14522351a9a91ac16ffaa7c4e13a622e1e

SHA512
d96cc297deceaf89350b7118eb9f34b0467d8cf420712aae8a956659bbfd882d16c09cb30ba56514aac73558c4a4b975a78e6dc9bf192999e07f3fbd582683d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eb1356533528e884490a52f0827937f8

SHA1
cd9bf7e4ed8d073bfc2a5774ef5abcb5691fb847

SHA256
7f95a09fabbfa2fb9fc3a69d036bdf98d7c76f5bedba300afd6249cf9e7232a0

SHA512
ab4bfa853ef50ca5b604d3cf8be7fb5b4750058bd23cc26f9eed549dc2ff37b5b231a335a98c992c93ea1cd0b36118b085969bf711282a255de4f2aeeaa9ff66

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit