2c9ec82181a92a3b86f25a048d0257836ab8b2b441bff186215f5cbab8e3a33c

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OnlineFix.url
Size

46B
MD5

59bf167dc52a52f6e45f418f8c73ffa1
SHA1

fa006950a6a971e89d4a1c23070d458a30463999
SHA256

3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
SHA512

00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
30	discord.com
31	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
3352	msedge.exe
3352	msedge.exe
3168	identity_helper.exe
3168	identity_helper.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 3352	1656	rundll32.exe	84
PID 1656 wrote to memory of 3352	1656	rundll32.exe	84
PID 3352 wrote to memory of 4836	3352	msedge.exe	86
PID 3352 wrote to memory of 4836	3352	msedge.exe	86
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 1876	3352	msedge.exe	87
PID 3352 wrote to memory of 232	3352	msedge.exe	88
PID 3352 wrote to memory of 232	3352	msedge.exe	88
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89
PID 3352 wrote to memory of 5016	3352	msedge.exe	89

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\OnlineFix.url
1⤵
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc64b46f8,0x7ffcc64b4708,0x7ffcc64b4718
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:1876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
    3⤵
    PID:5016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:3424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
    3⤵
    PID:2644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
    3⤵
    PID:3484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
    3⤵
    PID:1716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
    3⤵
    PID:4724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6452 /prefetch:8
    3⤵
    PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1256 /prefetch:8
    3⤵
    PID:4320
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:8
    3⤵
    PID:4164
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
    3⤵
    PID:1980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
    3⤵
    PID:2600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
    3⤵
    PID:3680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
    3⤵
    PID:1996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10941281420876761610,6369606636409760332,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7024 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1264

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x3f8
1⤵
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
ed7e5bbbaa6537e753047fad40e88341

SHA1
1a234e40d6203167fac96da55522b35dfbbc3ad6

SHA256
c6116a20e37ae1032b0c3f9e46820ac12d100111282b8800414149c8e9ae57af

SHA512
4ddbadbd9c83c858c6aa5d077abc1f82110ccfff33e6fe69099ffae199b97933a0957ebf4e9be9d0aabd0afbb0221dcb3751861622fd5cd92004e1e7f3941d82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df90f73fcaab7ce2_0

Filesize
20KB

MD5
3247edb8672b6b46f13337ece987556d

SHA1
347171cd79d274fcdab2de29d50f43dfe8405d9c

SHA256
c35d728215b1f7d6d61723e8a252196a5722a07952993912f52620bb075ab13d

SHA512
e5f3f4dd8c03556d84e6e2209610d81c942809fc31106746e8aa5bfb41cf11c4ff14df54b0fdcb66abe7aff9c3c8cf57cef17213a37867778a503eab5e7fe893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
62b15d5373f367c6366e861049e9652e

SHA1
52034a5bdfd0ed35d220bfae6e8c9245fa318ce1

SHA256
86fed85a5aee948badcf37a5cc935b23cadf18dd56aa90c3b4403515900e2715

SHA512
1c66bafa097227c6ecaeacd7893abe5ac508bda17d89fdce71c045edfc646178bacc47b9805765171a31daa696ea2bd65acf7ec393adc90af3d9c3b97f9c6661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
8c56a3827e45174afb5e4c8663bbdaf7

SHA1
0410f8b4ccd2ec9edee06b47497d5ccdfb422ed4

SHA256
f743b4bdd5d62f9eecee6579f6c336d59f69eb18d2b003c4bfeb9cb5cf242abb

SHA512
9b1ab172c0f18e386fa16a644adbe78bbcf2f300d074b6d26baab47d94d5e861c658acdda5dc3a145780bd9938bbe3170e9e189153f4481db98c3cf85a552146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f5bb43e6f713f1b9d47f084fbfe12b01

SHA1
ca2f09b372050bca42a08c734cc06e6dcf078ab3

SHA256
baa1c9df5423b14837ddccca6a028177c39ffdcde069624a3d7daa51b341eb6f

SHA512
ee29b2fa254752987151604883b80ca71bab9ef32a6dd063ed65df7662ac9606ed1fbb25d56b87f8d050e9b122cce8b03da63088961cfd9ec9676f1c8509aeaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7d9c0483c561dbf29e6f9e069859d959

SHA1
b87c43c19000dfcde1390328d2b006cfc9216b2b

SHA256
92ce27e9990a9568cf6eddecfad0d0eac83e1289378cba92779cd8d287eb42dd

SHA512
6e28d2c41272ffc49b9f341d29a8115e0d4ac033e3abe1a6c62c9a2bb5dce4a7786a880ca7bbe45e60051e79cb2e20af77fb51b9f5314cca80b627f36712e940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f8bfd2867f8f00ad1262f7ec8ed93a19

SHA1
8b6223ca5b0b04f911b7d618f093301252839413

SHA256
5170c722154336d625e308e7352808bd468659aae7141f86e05cd490100effb9

SHA512
72dbccaf65a32a55bb0997b68487a89511c47de0be8c581d7ca3f0d08106b6c18d1fd4e6be0a212883610865d1ee3c6f1414f3541910e5f704565b0babb3854c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8f93ed3da0db17834f575e91c0c0bf60

SHA1
bf0b885213309a6037c9cef0446be10466deb7b7

SHA256
fb1465021b343b81bddce00fa3dc17c6028e6d1d475a64aad252a88b3558e65b

SHA512
4f6ebe4a5b21cfcd394c78dafc7140e090bb4a71ae44c3847a59caaf722b5c21acaffebd381fabe5e165a6c71ba4b9b20842d6e5401955d6bea8152c908b7c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3ed67442af2222690fe6ba1447e99cb3

SHA1
6c583c8547d8be9380637d23ed4252feb526b52a

SHA256
7a62f0bf2774c07bb9019d6b6e7fc42aa4b2bfb9b73bfd4e5987778bf8fe1b2d

SHA512
b7c51621f0a4abfc8acee09117b2151924f593e2c67e5703c7d57c7dfac3e096e9132305c6a11edf9c09157027a335b4d9b100a644590a08fb9374c402b0fa2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d57b86172a7ccf99fb3e4e221c5bb823

SHA1
5d70be4e9d6d2bc8572a5dc090cf3cde8e63c405

SHA256
e566578aa1e96e1836d9559eef4758c7b1f01ab5a0e4b85b58c59e846c42cbc8

SHA512
afb13c64995c5080b14021cd3b45f33442bc34fdaf44d9a0c30327882fbeff9631880d8d3bdf3e8f90417d41e6e9b4e84945f2c851c3a23e3f92b952f8372121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4f06a62cd6702497f836142a00a65bf7

SHA1
a0c64e656a904ec33f33f8271c17d0d122c1c760

SHA256
35e93a7b9f1b65f419380cc43b1d9666f1a1e972b6a10ee7ff3a32a5667d57df

SHA512
be74a6d4f70d01d32337413dc7e7c22a637458db6847ae7191e13bc735baa3175df792f26c2830fa4aa80b3a2d039e831d75e283084fd15fe6b74a58b96c37a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e148.TMP

Filesize
1KB

MD5
d38bcb4313c6d836a0b1ee0519668993

SHA1
c8a415518078be3b8d92b5017151737f594d5486

SHA256
181eca73aa84db3a64caea1e3b15e6847c4cd353b1954031f852615e17571910

SHA512
990ee2d428e0d33a977da7bd7156d1aff44b525e05105c241c4e04813bd50f31b8b49ef602bd0694d3c4fca5120781459e37f7226b5553da4ea97af3359d516c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ef0f0d1a-32f1-4aa0-92f3-cc941e34da2b.tmp

Filesize
5KB

MD5
20599be1bbc1b426599fd03ffb33ccea

SHA1
7d09d113e65092978025c86b1ca4b196e3806e4e

SHA256
e4f96d2ca9bee0d0bb00495fb8de40dabba4498fe0803a06eeacf2f0ee880e49

SHA512
8ad947ac7d81e6b28f5348834da6cb8f25acc20e9ee64688bb94b1a6942a570c02c9b3b515af6ceb8b027a497b66655d0096b19c06ba9a35d6efebb913be4951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4724ace00c9bd30095d121a4bcf6a335

SHA1
c5e8ceb092530dfeecc823aa39dd9c2a8c7fbcc0

SHA256
670625bfbcb793b671a0cb7a052e333547fc7207074a11dfdc0e0f56fabff264

SHA512
df6eaeb292bf78d1b271b041f6bf60e027fd466b2757483b795dc3640c1a36aa350ffdfad6541d9a3401161f53806b9e69e1141874dffe65dc448646ee7f5ab0

Download Submit