hxxps://www[.]rhythmsystems[.]com/e3t/Ctc/OH+113/bLYd04/VWFQ3R3YlVPvW7VnPcH7r6NPGW5GRJ1L5lJTNPMrH-Tb3prCCW7Y8-PT6lZ3mqMtTjgHZs0WsN6_gH9PZstNNW51xnjN6BrJHcW8kzXVx2K79sRW5G2qyG2GlmDNW4w1qg13yWmDNW8yvf-y2gYHsNW4rS62P6FZ5sYW34RGNv7Z3kYRW2Nn0d33TMj-PW5PFNlR8R5N5CW1CFyjz80TwyyW802jF94Jyy3HW44St3V7Yr2_3W1sw3Vh3p0TBGN4z6yrMdSgl6N471VD5mdvkkW7n5pNh2hVx89W6vqQQV6z7jlWW9cbhzn7--n9DW16XbC12PRWKdW6-LrHs74lkB-MXyQ1NB1qVYW3FydB68DTc_1W3d-Bz692ptCdW190tg61KXMGCf8RyVKM04

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 15:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.rhythmsystems.com/e3t/Ctc/OH+113/bLYd04/VWFQ3R3YlVPvW7VnPcH7r6NPGW5GRJ1L5lJTNPMrH-Tb3prCCW7Y8-PT6lZ3mqMtTjgHZs0WsN6_gH9PZstNNW51xnjN6BrJHcW8kzXVx2K79sRW5G2qyG2GlmDNW4w1qg13yWmDNW8yvf-y2gYHsNW4rS62P6FZ5sYW34RGNv7Z3kYRW2Nn0d33TMj-PW5PFNlR8R5N5CW1CFyjz80TwyyW802jF94Jyy3HW44St3V7Yr2_3W1sw3Vh3p0TBGN4z6yrMdSgl6N471VD5mdvkkW7n5pNh2hVx89W6vqQQV6z7jlWW9cbhzn7--n9DW16XbC12PRWKdW6-LrHs74lkB-MXyQ1NB1qVYW3FydB68DTc_1W3d-Bz692ptCdW190tg61KXMGCf8RyVKM04

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
4252	msedge.exe
4252	msedge.exe
1268	identity_helper.exe
1268	identity_helper.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4724	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4724	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 4624	4252	msedge.exe	82
PID 4252 wrote to memory of 4624	4252	msedge.exe	82
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 232	4252	msedge.exe	83
PID 4252 wrote to memory of 3968	4252	msedge.exe	84
PID 4252 wrote to memory of 3968	4252	msedge.exe	84
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85
PID 4252 wrote to memory of 1284	4252	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.rhythmsystems.com/e3t/Ctc/OH+113/bLYd04/VWFQ3R3YlVPvW7VnPcH7r6NPGW5GRJ1L5lJTNPMrH-Tb3prCCW7Y8-PT6lZ3mqMtTjgHZs0WsN6_gH9PZstNNW51xnjN6BrJHcW8kzXVx2K79sRW5G2qyG2GlmDNW4w1qg13yWmDNW8yvf-y2gYHsNW4rS62P6FZ5sYW34RGNv7Z3kYRW2Nn0d33TMj-PW5PFNlR8R5N5CW1CFyjz80TwyyW802jF94Jyy3HW44St3V7Yr2_3W1sw3Vh3p0TBGN4z6yrMdSgl6N471VD5mdvkkW7n5pNh2hVx89W6vqQQV6z7jlWW9cbhzn7--n9DW16XbC12PRWKdW6-LrHs74lkB-MXyQ1NB1qVYW3FydB68DTc_1W3d-Bz692ptCdW190tg61KXMGCf8RyVKM04
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90e9546f8,0x7ff90e954708,0x7ff90e954718
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14691674504911954976,10545535489052912133,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:532

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x408
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
816a00fdfe9a1b9c6cf2144b6fba4c43

SHA1
045a9c65455a5f3f1849801ec515c174ea2d4e09

SHA256
fcac41b8353ea6cabd90d555fa7f14b51c4a000ec8fe2717659b08365adfbb6d

SHA512
c1f74ab51c1fd01c9d358dfc5f885ad4a1fa50d99a367cc2eda880f56598396a049c0565312d8116781dab8273b8a1aee46e2c435eb52a8b622af67063da4118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0b25cae8049bf54ac20b5e1ff9bb76b7

SHA1
477c00c958ae53970fc7fef87085282bec357e9d

SHA256
db5a784e7fe5f2f0431b1d1bda03ec8bc1d4b0d7e730fdf9c2f6eb695806dc33

SHA512
f5236743c4b6cf864659e5372738025f8bcba5e25ad9fc23a6f2139b91742cd440325094a50878bdfba7071971d4b91ec9fef9fc3bf3dbeebd35b6fcff1e17ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1e11da2319ec737564d0c1dca5f3336d

SHA1
c5dea7f963df5f99522b7e0e657bc8a585cefc81

SHA256
193c454d449d2ad21c31d863f65833f70da913eb20f4325515ae053ed80811fe

SHA512
18872d01a0ebd00181b1f7601633aac59d781d94e45cfa9f4b9d70ab60c2efb6018c367171b44ee59bb9ec9cefc13751a97aa7bf21c7c52eea0d366c6bcbd940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
33589a90dfccbcb2ec1e2a09be6f9eaf

SHA1
62eae89cc4b5f39a9b5972213c21a5a79046c75f

SHA256
c932e131d88df9dc4e3500eab5cb41256c603d8b9556494c33171cdf8848938e

SHA512
d9b5377c37529ecbea11733acf6986b3bce55428c6bcbb324ae9a0f7b17256d9d13bb712509223680d57aa6fa04552ddf97478099c62b6a4b3a56f23a1cdf074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a55e514014ccdc90179d460f4253e3c6

SHA1
b9e4c8e32c22ad919f8fbe4bc4292968facfa3d5

SHA256
6e459415138893ccb233e25b80460c95546c0a2d787095a64dc100db61e412cb

SHA512
323fc97dac64ea514145ff898984bfa8e0d9b17cce5e7232d1051fe439ebb859fb7a739208cda6a28f59a934b28ad9f9312b70da6aeae08199d0667ec14035e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f0a4a237b4021dbabb5f6bec7c553364

SHA1
58e168765758007c4207b5410466fcca2c338f5a

SHA256
9c1392dd33217f442d8adb2b03fc427d5deb3a78088084f53b6f4df921380e14

SHA512
5c406ae6960b0c41768617c7f3cb3162d867e95d6f7cb619bb9712acdfab2dd97f6ee472672bf4d74c18203464ad1eab67d8be2b5f047579cbfeb3e34d6efd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1ee4163214d5e87ccc5b73a195209896

SHA1
f2c7dd50e9d285a03652712f9fa7392ab850df23

SHA256
ebc1450b237ea728261b5a372bdeb1ee87841b699ad6e18221e9e930e639d56e

SHA512
840f2586d81d7ea3f9625a0aa0559ffaf9619d502cc3dbee1a4e2226a92e63f64ff5c01de84c512bfa85a0c8e453eef6c9e21207c732d68ce39512fcacebe139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7a596b1c34d7d15d2e80dd3dd0cb4a86

SHA1
9e1c0e0e3a3ecbf17b38d6c794e99f9c99d8f311

SHA256
80b2e1b231f1ac48c3a9ca2afcc8d09520fa363708bbf127d1746a05b878a1cc

SHA512
cfd95c86f86238280520893e03bc4c2097a91de0798ca82e0bfc32ad196ba5d5f53fbd72fb7f814e5c189a51de73416c2c5827db6a7975b94f571a2c33a61a6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
78e4b9f0829889878cc50b556f9f355d

SHA1
f475fe0dfd8072bb79da1e1eb9b7865b441d8c3b

SHA256
7a5e5fd3360320feac012738e5e5c5cd9845a4c1c2a1a5081be832758eb7ac68

SHA512
2d0b4df0e931e8d3b6cd6795b037c5cfdfcfaddcf73b0251ec2ccdbc9f043d5829a9655e55b7a3577d165131b74608da336c0bb5a853d8762bc88b179ae494a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c87fda4ef09e5ca909d9867ce5400722

SHA1
1f15a4795d34da66b1236672c73b4c244ae2a2de

SHA256
4b96019c357b3c10a0f517461a6971858e053171fcc009a5a29ef9c639e76ef7

SHA512
945a249c8a3b1cb3ddbede34b26f1025b8b4166a9ec68c6c204950a87294e11652cd0d7bea4ecda23948e86691011d9fa6694e1efcf3f95d7a3e8252984e0344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6932c5f1b3a4687c725aea8d459d331c

SHA1
fb2d80d9ce17ea3f1162e476583d61b04c858c4f

SHA256
14ce4b904682973b571a7dfe3fd12a958ce2ff3a1f3b4ad1d4e8266a3acb0e8f

SHA512
81aa21f267d8ad039fcb742db9089b68e361fe85d1b4897ed1b966ac3bea0605b8ca7476b45cafd0bd8a641be002a97ad94ecaa1978425b2dc179b18d08e6ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b865c285084006297b63d7837849c671

SHA1
cc20e74c8a23c188fbcace7b13364e4e57fbb889

SHA256
0f137756cd69960d4ab5c904b3694e910ec638982d01c41472325b40189e5dcc

SHA512
2531d91eaa40360878768f006dc38678c341201abe27018d4740ec56afbd8c044cbb9dc8ef7f54145f1087e0420a2cf7b1209203222c69c6897dfe8316b10312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
88ebfe3d0473a61ec40ee67ab118569c

SHA1
54eb9a324c281223a7f88c378de248e041e6d761

SHA256
1575afb18b57fa47f74e0ee65fc9692adcc434e4d79f3d99faaaba6d27d19655

SHA512
c9eb704cf5ecafb928a0cb0bc9c4bfd0e73cd47d08e0ddf438f6565e25cbd1cacfea408689624dbc87c8e1d0ac9792aeeb3f3abd792cdb9354c1588fbf681805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
12a32906b024c82480ae2806d46f1343

SHA1
54b6ff676ffb7006752e8841130115c4b49127a2

SHA256
29c853fde71d741c594df73d6550f932dc86dbd0f8831cb871a69a45290280b8

SHA512
3ecafacb8fe4fafa26476575dc4531ac3e2cec1cf07600c8467c3858185ddddb53c103e2eac1c97c1deb18a66a8eadc3d99dbee3634788040426a9af84577d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d99862f4706b2a7df6c8fbf9c51edc00

SHA1
c85efcd6233c6bb66bc1202d7c3e6b416a6f23b4

SHA256
3d30c72f1edc09a790d2b1896d7288050d42fd0d53484a3a33732fdcce209c0f

SHA512
796eb09ab58b36986645dd6e896e61a5df4747971bb42d91f86ac1cf619593a539396603fb498d892c32346564a0722a71bbc00e164f19edd6dd88e2dafc1471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
977e224b056792a59348294f7ec024b3

SHA1
87c2e1cf2337342e16cf76641392414ca8a3bf89

SHA256
ed8b4c7997a12cf586cb9748d9b9bc51bf7ea36e8e4a85fa736b921d9aec9c01

SHA512
90e353ff62185cbbd4fc68fb575eb9b0cd4db56ee50d235d21a4c47c49b1b6ff704c480b0a06b97fc454d794a53a2d453a99cd174e87eca0829a1a29af82ad52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d198.TMP

Filesize
3KB

MD5
5351ec13e906377059d62c52e262592c

SHA1
58013eab9496d9c02def7f83370dc5b07ca2242d

SHA256
0227a4ed3df19a0e0c45d5b9889b49feaaa30af2d5214b54b1f48ca46850fd82

SHA512
d077ee8781b9e3e54eff5d1f7d4359da0a1a87134edb6d5275ab98853257c1132304aa23c253321a26c6e0d8ae7a9122e67b40c17fb8fa7f9a59d2dd6a84e3c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
11c50a3725156b81e7298b55f04cfc24

SHA1
d626ffe838a7eb28975e906a7f43b3a11fec5e84

SHA256
d1ac713d5a0232f371732b5d6b4d72db677ec58a1f43eb6bfcc9bca6a837b916

SHA512
9b00be87b834804b394cefd0a530ba2d30e439fd690606a3e10d14e6c7eb5cdbd031f2f1028873160a0bb05af0236817ef053e0ce2f6ea343077a76375039d33

Download Submit