hxxps://bloxstrap[.]org/

Analysis

max time kernel
59s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bloxstrap.org/

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1472	msedge.exe
1472	msedge.exe
4816	msedge.exe
4816	msedge.exe
4092	identity_helper.exe
4092	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 1080	4816	msedge.exe	83
PID 4816 wrote to memory of 1080	4816	msedge.exe	83
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 4624	4816	msedge.exe	84
PID 4816 wrote to memory of 1472	4816	msedge.exe	85
PID 4816 wrote to memory of 1472	4816	msedge.exe	85
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86
PID 4816 wrote to memory of 2332	4816	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bloxstrap.org/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe661546f8,0x7ffe66154708,0x7ffe66154718
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6596 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7176348624135810881,13870965537448134521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
63KB

MD5
a2b03561cabc0d346e9a6be3f5b11b5e

SHA1
ba0aea2acc1c20700c4c09c5b2b8d0bfbd33ce6b

SHA256
09588f4db755d8d88d9e521f5189d97c2ac781ee7ad782bb0c644eb9f69feef1

SHA512
3602c58bf569bbf22d2a559f0a62c4ac8d6c9868dd956cf0d75d694d104eaf2f82d22c9427636a46ec82cc24e758ad1eaad75fab771ce843308c1b2fe57c6ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
20KB

MD5
e9e58e168c0232394ce8cd2d0a18944a

SHA1
9b27cccbb34b3b837fb52f355f1a2b823fb975f9

SHA256
2c09714f6c24f22eebead7e80a08684778895f7b6c21ce6cdd00fd220aa4fbe0

SHA512
d9ef910c9df9e70b02220d67cb24e501d7068968cb27f76f982ed26e5649426d89559f3f19ab01f445cb2c2ed3cfb3d6aa2e6d06af9c5fae9dc920d74d8b5221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
63589649125b92f6b2a8e9b411ac19d2

SHA1
316f99bdfd7bfd7ad45988b49ae028c3be717216

SHA256
370ac3a8bb006b1eee91a79f3c9c2abf225da7141c0f37ba24f8518316ae8d62

SHA512
a7ac210893c504fc90a59d8fc36f8951d4c9da0a8d20d71c3af768aecff10e32dd8d625d1f19a51cfb92b4e14689d1c82e50bd22d024582c488bbe003c25f7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e278064843534842bf24c4e6dc7bbf42

SHA1
b1c45d5c4fe0447918ad4c79b2200dcf5f81c071

SHA256
c6477e44bbb1b46df5df816e1de71a3fea4d1c4762b8b6d72d2c5257c7426eea

SHA512
678ab175e4550d85f576e54486bd518fd45c0b045247e2bd7c8d531b6688486298020e43bf41984606eb238413575f182c12bb08ef73634f7cafd6afdda66d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6a984cbf4173a824bce66171bdf8997

SHA1
3c8c4f311af2af098fbfb43d11eb165346e46bfe

SHA256
f191075519b127007591e197ad086b64d8ffdc7e241cf0dc359a7ee4c7cb6e82

SHA512
7b4fb2898a8d3b22844998ef776b3f78908ee227db557cce7802cd90a52bc510dadb271936aa25a543257f1e4e24daad036dc7e23871378433861c6022ab07d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2e420840ee956ded46ed98d6b03c805

SHA1
68454080c71fc8ae6aa719a5b815f5b07b23456e

SHA256
89d61f519f764b10fd372101b4e56581bb41404dfa250351c0fdfaf9d24df154

SHA512
2fac6a85058f5c03c3459cfcb5c038b900c4d7298942b67b3fecbe3ee62882f01c77386345be5a7b10c4b22ec268aa1c2de4782cb6b9391f3181792b25c7f86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44cb80ebd204f74453f675713b0188be

SHA1
b78fa5185764e369008fe058c0b813ff70ddf5a2

SHA256
b4517368083fc8b722865ecd7fbd6d2af9910e701fdc5e6504328088df828587

SHA512
9f7af910363ca897f011c257a8f84631f971d197e39f18fa240d64d1e5d31b68816cd9d45e3c9dd65389e9a561ba81eddc67514260193a2b3513baf26330fabd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
432eb64b2d8fc7e577070dc779be9ee3

SHA1
7aa45ce5a5bb0b195d2c49f720b19a78ec92e293

SHA256
abbbb1e80b292fcdb2822244e7933004cbca095b21a8e4c1ce168ad8ddd50c0a

SHA512
f0d2b1485016be0558550dc1c76363766c3e897ff51a58c442269d3d4edeb4820032e28d6d0ed2c941c4da2fe31a41c6b970f5bacba2a41425e8263568f9af64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
c2fd374229982650b4b8396659d8527a

SHA1
93555e429257886482934e855e64da9bc35821df

SHA256
fc368f828ff7935a03bf2627f913e4e26a7f32599f883820aaa9255f4546b25e

SHA512
329c5bc29d3b3ac960dbbfb37b9f1a2f3b7ccf65c8947ea0370ce4a3c5a2d78a2ddd10fdd951f404132a6293b194fcd9f2d8417b193fd9093e31f12424a77651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581364.TMP

Filesize
204B

MD5
769dd5c70351e470c5c84f28f2ef7b23

SHA1
6fce68ec5610067323d411dd1ae9d7367156d8f0

SHA256
7ecac7cd65cc38092dbd276375a9b1c3004a6a230de2fa2189cccced7a8e1f9f

SHA512
7c6f6096a860104a7a9ca97a462a839c7cc6c9c2389a5d611fe853756fb8d6b87f037beb7e57da23246c0e0f37fa8338c59cbf46f70d681cece716c116c58190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9669cc7f6dbf60ba3550f77f080102a6

SHA1
1c0c7fd6d984a7cf773927254725143adffae1f6

SHA256
fd3122cd635d810a6a14328d0f226a1dc57bbd9e9fe0c6671ae73a038ba41aab

SHA512
7fbff5efdbee7e608aac8e7c64349128193d728605a2def2c2c477ffe14aeec7dbe9eaef2ea13d8611bf1f68adfc3ff9b92f0f29b78eb43c6b0d1fa1a1c033e2

Download Submit