hxxp://s[.]promptit[.]net/

Analysis

max time kernel
160s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2023 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://s.promptit.net/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
1120	msedge.exe
1120	msedge.exe
4136	identity_helper.exe
4136	identity_helper.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 3288	1120	msedge.exe	80
PID 1120 wrote to memory of 3288	1120	msedge.exe	80
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 2312	1120	msedge.exe	82
PID 1120 wrote to memory of 380	1120	msedge.exe	81
PID 1120 wrote to memory of 380	1120	msedge.exe	81
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83
PID 1120 wrote to memory of 1364	1120	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://s.promptit.net/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6bea46f8,0x7ffc6bea4708,0x7ffc6bea4718
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1792,5480033156450993475,11506476484975779961,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
c8e52b39ce063cd763379450ba561c76

SHA1
9ecda618c4e1472a1b89c76bd46e0022a79679e4

SHA256
039ff5ed1408784fc32145c115096874779c725a24d9ad06a22dcedfc752e2ca

SHA512
c08479f612da581e3d71ebabb796377244d7f50eff1c10e94c3e401ef206cb8a8a13ac95e19d4db5d6536a937846780f1e4d101398182e55fb267a421940e4b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
484f46872b374004673bd4dd62876b90

SHA1
b70594997be68b4a99c4ee1f9dfe23fc85684399

SHA256
bdde816c0d3afd11b517ea877acd92eb9bedf5212155ddef16d4d0811bfa1e6b

SHA512
58b33f420571bad33ced13c359ea4fdc8759e51671ca0c67ac5739a80083794ae0bf8b7088383a18714712e00609c888765dee448af791c7d0ab8100ec613e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a2768e33f0d74f09f4886d2c284df22

SHA1
2129e8ffa5054a64c933765f8966a8ed2a735f83

SHA256
d2f9055fb83ba80ade139d3b39c25ddd4ef450255c260598c306b5fe98bb2333

SHA512
30efd9147e057ecd266f8ff45f488a26f0faa62d44b18ff58f10a5324481f71639f0021318e4a10ae7a4fd41392514103c1e4f57e6137eec45ed1cfbf0633cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ff7fa83a924c03690ebee2e4ee1d3ce9

SHA1
dbcacb64e3434f9034a37c88d8217e49d5e36ac7

SHA256
e35e09ae951d22fbfbe92a2ec5d00aab96e4f9e329b242232d9e7eeb973b1b8f

SHA512
9a26d882271018de424244d21c262669f3d163fd784644fce33b16dad01c13cad31237ac62849391b1de1b3c0a55eccb2f17ae21453f986f4e4a9798f7581cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a407fd6485d3951525ba5eed1cb2de83

SHA1
28ec3474bed8c1f519059c11686791491e2e025c

SHA256
6bdb605b4ab0faad4aa138faee1a2203d3d9bb5c4d9d2aa7073f507ec4acf6c8

SHA512
25627a9c8f1e845369ed44e82f5daf5dd330e7699a9b0135e1fe54120dafb9c27cd1f5338b0325b5c054e926c54158968a31ea8e608a958b145dc02401192b19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0408bebeb595acbb86e00b35a3fc49bc

SHA1
b1e744d7ea3b4c88d133383e4547d1d44d21899b

SHA256
7be301bba38cf1e88252d27943b2d1d3f0e92d74a6f9a1e8479fe23893c153fc

SHA512
25554aa865660e12a53f5c4fe21403f4dbb81b495bb24c7bc61989f9f5a0d2a1860d976825506d463b86b18a6e8e22a559b243b604e35d8715811f7ca8a3ca24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c7e44559efa752ae9bc01df8ce26170

SHA1
d92f600adfbbf3eb41a998b23f0316899c4f6988

SHA256
379279654af7f1243dd11cbb450d5f0ce134ed683965745643a2f350bf39611d

SHA512
823683bf0aa3afde7864fcb2e23eb220de0735dbcceaec50fda416997dac3006d51e2d00fb5c6b1caf06d6fbf623ed50bb2cc6c402508a9bd2fe629a6dc7f1d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0acc0ce2f4654cdefd59a4885298c6db

SHA1
38cf121db9ff5531ef260f855b94fb283cf09822

SHA256
e0b40aacd8da8873d0bae10f80eb7afca577a7f616535be6fa6b6ea34065b276

SHA512
20259c49bd027fcc02f83d258105eefc29c13b4238d1d613416f0b61ef16cef57caa75f9bdfd9596530501382e4eafb8e91591d196b7bbfd83868d046ce1da91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed6c06c263764e304a83ff4dcc04990f

SHA1
a5ebcb54dcfc847ea405b655037b2f97d572446b

SHA256
7609618ec36c68eb43b722f260c928482cd6df39d6a6049ae7dae50eb4a8a731

SHA512
1cbed1070ce36b7a3927c37a2e30eedf2bced4816d709e109e949b30a6689c3bba6fe21cda011444f2d117a1f5bfdef43577c99eb6549a7d439dbd3873ce9ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b62c.TMP

Filesize
203B

MD5
def3b2a6f729fc1c45a9810102793706

SHA1
f1e26a1e9a1b111661527db24f342b9ee20c5b33

SHA256
9bc696aa8923454627c3926dd503c632084c121cf3a9f6f3442d64a0aebe0246

SHA512
d39932bb9b5a2c59a9fb9af9a3783c9891386527fd46c906350c57ceb4ec69792967701c33813555d0887d4db4347459cdaaebea4dd254e52752809d94de2b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0792b0ecde578671edaf3525a6ba9f20

SHA1
a2773515ec7e57a3580ad798270ba7fa1601ba2c

SHA256
77c4fe0ffa97177167d82a4ab7480f8118a0e0122ff786a29f2a7af65c010632

SHA512
c292aa6637fe963876f906f87f29af59f631dc0677fba713bac4309e6d70399c836bb3fab91a0d6d1c884dd36e65b362af1fb1b4239aba58b88de930ce17405f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9c79b211c5e47f842378f2f36384ab45

SHA1
a72706907b82f620008276b741612738f1df60d3

SHA256
20e769add1369366bcce9e2a7827fb27d36cdb3a13a9c5f11ba89460a290cd69

SHA512
b2452590dc436f1358be18489f8696e959ba0b109d14fed4f759a8ca0682b782a880f6f30a7116dc0d3f3081e0d423a417b7ae53baaef90faf8c6e2cc11c3cc9

Download Submit