hxxp://9ps[.]ru/JbMcnp

Analysis

max time kernel
1048s
max time network
966s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2025 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://9ps.ru/JbMcnp

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1816	msedge.exe
1816	msedge.exe
2208	msedge.exe
2208	msedge.exe
4996	identity_helper.exe
4996	identity_helper.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 3592	2208	msedge.exe	82
PID 2208 wrote to memory of 3592	2208	msedge.exe	82
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 5076	2208	msedge.exe	84
PID 2208 wrote to memory of 1816	2208	msedge.exe	85
PID 2208 wrote to memory of 1816	2208	msedge.exe	85
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86
PID 2208 wrote to memory of 2748	2208	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://9ps.ru/JbMcnp
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd56ce46f8,0x7ffd56ce4708,0x7ffd56ce4718
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,647855362502825985,16233235157008192653,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6240 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
dea5a04ff7bdd9fa3773e4d5b2381dfc

SHA1
d19286c99ae66be8709b6bca42452874077657ac

SHA256
b64fb832d1a65670fcdc07ad7a8dbaf70171476e34e18793392a31a800bfe3a7

SHA512
52efebfafbfc994e39209bc345a5120f2e0b7463b7488706ba5de8b68bd457073c8b0075c8cb4db1e4f5b32df07b92a3959b2b210aac137677f93ca95608916f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
823B

MD5
ef33c90d9d5dc35a1f60f5777a6922c1

SHA1
c1b1069079a9d46607f1afc6e20261414d80d894

SHA256
e134f98be098e31d5c48bb8f02e03aec175e2031278a020833cb1f55fe815fca

SHA512
3038bbd5708ce0b1fdbf9c2e937e42d7cdb4942fc73a448b6da740f3f3f260db5dbc07118b173cae2416c7da11603f24b87ad91ca1d17b023f83b2aa7f193371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
903B

MD5
e48ff6fdb9e19c203df4243387312e17

SHA1
51e4e44ea664f50af741f7faec6af6bd5a3253c1

SHA256
e83af53d878271633f2c00567f43c98a96b406df3bc979779ae825441136f3be

SHA512
947d7b609e695c72b6b66ef69b8667289e7c1f0a863e58576eb22a2ceed2f8db866a625ebcc16e3d2e9c592868847a3663739766de2135d0b26e7e9fd2ad0384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7617453ab25b233a4465752e797c8573

SHA1
ec61bb692adccf383fd6fc54b293cfc69358d0a3

SHA256
4bb603a754bd2661bfb2a383d999b7ea814109ba374fab9ebaa8982474ca4f21

SHA512
05dbf2e459f5f8a50c74fb1dca05e4662b2919e0c146a32b8363ee6294deb8d4be7cba4150a96e76d70b54660b0a1489ccbe86988d7fbbc70019814a923d772f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3b8ce743f2cdc8e51e9c5ef0c4e89813

SHA1
871548c921501a622810c978f772af66bbf5f28e

SHA256
aab22c075a287a420fc17e0dcf050f941c5ec8b65f815c7061ff99c7db4ebbf9

SHA512
57e402a672d2b04a26d379ce3bdce293bcdd3121c61651ba8bd17e39f7e490164ca2b1d3194d7e0506704e590ec2bbfdfded6ab8d8f4c3a2c5f5d0c7a9274eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6b1f117c92f4d51e176e66944c160817

SHA1
252011cea3ec972afceae2c0967a597de827a674

SHA256
b518c77d5b311955112666d846d3754a7e2a0d417529fb783e4937553953cffe

SHA512
818c5e72e973616e3af0040b9f92c79ef532d6cc6ce99d042b25275c7fd416544b23a9e2c57fa237b760691e82781b97cc7d6bdcc229a4750ab9bb89e0957dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
6d725e41806bdb5b25b91eb6bf920190

SHA1
395610b9ffe350f56d4f9a8cb4eea0564bc17c3f

SHA256
90f0c1fd39ba523a46b3b6ddf0c13a35411cf63c0596b8ee307533ef27df367b

SHA512
db0b105020d7ef8a444cda7936c7ac7b30d1a2d6f5926c6bedd9ee3d7dbfa1b747a16604cbd345382b96b028be8b1317f5091529f43060a6d99612c769ea23a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f5661975c1903618ce90543832586b96

SHA1
2b78f3880eac824977476361a9d74bc4c42e45c7

SHA256
773e959f2d91acf77250442011029d4c97e51082cd3eab063b46e69e59a306f4

SHA512
22810c57ea9aaaef52ae249aad651aeb54ccbb1cb43d85cbb965fb68eb16b3076c2c602b60e40883aed7106b1fd510527e7525eb0f220f52b54725c06dce3fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
581216bfb10aca3eed09ed0c960795f7

SHA1
3a7046299a98f02afc28b1c2cee87fcc94b954db

SHA256
655737ccb311538b0bc4c1fa2b65758f2d937f27e9cb5641da332c9006116129

SHA512
796037397e7b1c436c724f53756edc92d466f1cd36e876dee72ed0b73e49ebd3cca6398a1beedf17967b36dfac64dab7d126e0fe3cc10f8f8f09d8d1953f7b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bec72a8df731badde6b9aeb6d98a2da3

SHA1
e725a5b21591710f41911b9209fed603d9456a35

SHA256
d94eb2864ed3a3d5ca318e037dff1ef4b0058f2fe45ccb5b91ed920505c36398

SHA512
9ff0958b1e746c94ef061d1c92cbdb7b09e6c3197daf74e88d30008cce7c79d5ead0ed0d6edfd4a7e1cd780b7eadaa7657b768a56e72117bfbb3a529478a238f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f971132d40c4dc5cc84ff092ca6ace5f

SHA1
d3588cdadf3a27a61195e6f56ca0a4985d798222

SHA256
263f90e0b5bc9b7dffcbed6a88de7afd9c282d88f1ea14a33b310b74d4a1eb08

SHA512
6e62be2578195e2bdca56e071993e740aaf38b15a9df025462e0234af97114405ec6b59b1b203f282f521fd6e881bc7e14beb45ff59fee271050b9847b084bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a78719f89ad8861b93b8a1f6f5b5fab

SHA1
2890321a30cfe7bf7a1ad8a67d40fa8a975a9433

SHA256
16f748252ab07559fe2f6a1345a01a0c3407a00615517bcc96e9fe71b46ec297

SHA512
f84d95d0ceec0c70fa60c3c3a55478760fbf6cdd0e9f20012cf23af4be73b48333f597979b714f88e1171c6d12d73309f072aa85ab23b0cb10b70c5e510bfabe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c09c140504e25c9a9085b2075a5ec268

SHA1
dfef3bad8905461c39bdb5da7f875e7e6c9fe2aa

SHA256
60b21572096f05012233234313120c5162db915dc64a62cd7c9b0da8b33150a8

SHA512
4d92714f0da17ee60440dcf2e87534a3f921cb67bac95f7295e4b6a854f60be83dcaf1c78d344393969349229d67fb95648ebd921d71fa3080e9f1c8165ee9d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
baf9e08b82ad049e43f573ab7ec9178b

SHA1
75e97f3dc5663d14c8e2f7ca7e9b901ffd2d31e3

SHA256
b86f4e905a3d2bf2dfcdc539f58df3e32a1e49efe9d4ec373db62fc57a5a3e66

SHA512
61b1022765762b85061205a758203c64a6a820c4cdf4826e4d9cf07fd8f20bcfc0071047d2d0971074adac7aa4c85ba9923c9af903c156784c34756e1bc5539f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fc006d0d7f3e811b0e77560eccc6ec32

SHA1
d01034afe0c3c57a63391f581b0d021d814a7550

SHA256
6b0cd541a7ec14c56895f7ecb50a51236cb1bcef84f528ade5ef5e15c112790c

SHA512
2b316773976284d6d23c31794bd4da707203d594a879a8ae386f5ba0355354811375ca628fe4ba7c2fe4fa0295a5e75d3101155fde458c0aecb544f07cdc9fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6741f2a9170eec03afc6b0e683e279e7

SHA1
884f4d5f1bb5b8e389cc7e060a7a36b4fa707aee

SHA256
8ca2142b2223dee239eac110336e151ec14224fc2b2b15c1bbead79ddcf76073

SHA512
96d254b4c5cd61c1ad38eedbfd82f8c5d8751720bb42e2305e69f4af271361502712b8f56aac311a2642831be3f4c4dd82ef16390a22a4656b50887241793418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e724.TMP

Filesize
876B

MD5
fa25ff75ca936661bfa1c48c27fb20e0

SHA1
003533455a1c0d9fead0509e958e308e99fd202c

SHA256
9d275b9b9d7d1de59178048ec4fd347b96eb68ef79cee7d1f48867a579c5dcd6

SHA512
2f99ad5a220df7ad540f9e0b946b4cf59f2735a84b5857b7e96b67aed863ebea36b67bfad4810781b5068d89b5df9b57efe7efd2a14c196c20d3aa9de2543a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
76c53c333b7498f2567518d3ab88908a

SHA1
2bca234e730a2aa5ef16b52eb3d2c15d5f0f357c

SHA256
9a212410f010087e9c06b401d787c314983557c0c5321667498f8ecd4952b99c

SHA512
a0c0cb123e3a1939aa221bad715dfc1875eb8375a3dc3e7bf57a55395d678069c292c7653ba4af53a28ee59e5dabb9fcaa6b8071bb292bc52c47ee0543c7a712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
971c2636d08f9c1491dd9af91b43051a

SHA1
f7f554d511ba9cd261033f8c8e888f3030aa0330

SHA256
da48b42b1114e342e422e7af952e7b359676ec869431855efb56a800ce4b2407

SHA512
e5f2bb1e8654bda98ed7a04a7ed838ba891cf6a41798316a2daaf5fcf7aa6327de65df8a1c7e3e053af8950357f4c5e9b1b88a46c318888784a9a2d832560016

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit