hxxps://www[.]essentialed[.]com/start/wcc

Resubmissions

14-11-2023 19:48

231114-yjbfpsha41 1

14-11-2023 19:44

231114-yf7dzaha3y 1

Analysis

max time kernel
325s
max time network
331s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
14-11-2023 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.essentialed.com/start/wcc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1548	msedge.exe
1548	msedge.exe
2112	msedge.exe
2112	msedge.exe
1004	identity_helper.exe
1004	identity_helper.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2000	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2000	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 1636	2112	msedge.exe	87
PID 2112 wrote to memory of 1636	2112	msedge.exe	87
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 864	2112	msedge.exe	89
PID 2112 wrote to memory of 1548	2112	msedge.exe	90
PID 2112 wrote to memory of 1548	2112	msedge.exe	90
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91
PID 2112 wrote to memory of 4212	2112	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.essentialed.com/start/wcc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe0f046f8,0x7ffbe0f04708,0x7ffbe0f04718
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4317853844838453786,1425550209210992610,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4317853844838453786,1425550209210992610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4317853844838453786,1425550209210992610,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4317853844838453786,1425550209210992610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4317853844838453786,1425550209210992610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4317853844838453786,1425550209210992610,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4317853844838453786,1425550209210992610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4317853844838453786,1425550209210992610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4317853844838453786,1425550209210992610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4317853844838453786,1425550209210992610,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4317853844838453786,1425550209210992610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4317853844838453786,1425550209210992610,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5272 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,4317853844838453786,1425550209210992610,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:3544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3396

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x454 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8042879e-f633-41c6-8066-083c30962c3f.tmp

Filesize
5KB

MD5
e5c8fe596ab2811cfc85759998e278d0

SHA1
55ef10e131c3c8ae40be892ec50c8271e7d02774

SHA256
72bc79de3f841273b256bb30b1dd041171c4b20217c6d8bac42a64d86ea1054c

SHA512
de93b0b2a1cadd53aec1b8ee9f14a15fecf00f2e0e5c2e58024c2b428a1486363b1f43e3b6e7d67c9a27d02324176405dada535b2d19729442954958c5dfa3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
21KB

MD5
cf9a4dad38739404473a87e2ea45c732

SHA1
36a04130c49eed599a96be2226e74b9cc727f79a

SHA256
24dc4a82ac01bd871672718c574746dc1cd0d63eaef5fb795d125b6a20433296

SHA512
2ff575610281d856090e0fb87a2d0578813ad97f201f961eba16d93c54d8b2f80f2fdbd65d0324fd4b4915f25e27fc10be80e5395316e0fa9f49851350d325ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
30KB

MD5
29925c711e66f6db46f59ecc813b1647

SHA1
89b3c0f32a681730a2a06e7884b00fc42168c8ff

SHA256
c14224a6d9277938beec7bb9406d51113cda82f591488ca0059e1642ddc73119

SHA512
c8394858225a5d1f682f1090a34099ea7869d04c25e0c0538b0240641543a14505cd9ce3718e49a0887ed56f24bb2221dabb7c870e6297a65146f532d557cf48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
211KB

MD5
7d83a64e3c9a5f23d859a7d49973c4d7

SHA1
0fcd425ef5199f12afb3e6a08200392daf422d37

SHA256
15c26e8198eea8e671670d91b49b4284dd95244eae943e5199eb489e2cfff6da

SHA512
a407bfeca04677af658b25876a2e00e01e0f49b4110735c301edffcf6419646fadb42c64713396e657dadd90f2e6351061835b2b16da8376c448db616c1af4fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
83KB

MD5
65b113becbabe1f509bdcb5ba12a0603

SHA1
46476c21a6ce6e97b7b3e5f26066d12be4edeed8

SHA256
a5f5291db4cd2e8b9d67466827ea110af025bece5a20990a99547b6b5d147426

SHA512
5b4486ffa56e9d80ae366f9488ab6d0f3c3e4293a196e9bac3b45916fd1630690ea40c92b9e2350ef8c9dd669f7a42ef93efa21871260b31552731abc14431ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
388KB

MD5
d3dcbbcb83848ea03d0e73ace5c377ca

SHA1
98a66483a5cfbca150984590fcdbb3949cacfb54

SHA256
233a73d339a21a585b65c00118414828c1fe34661e3e4802f2a1872c953c461b

SHA512
7feb7167308f032c65d71d44c207ba481976b085e4d1c33fed9702b9cbe63ffe8a30b8a66f312a75a4942a9fcb22bd82c985974f806445dfa4d60d3352c1516b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
42e9b0ce1fa8aec0734512f5422aa540

SHA1
90d76dbb52987227b9868ec68f34bf094eff5e21

SHA256
6738fa5c3fb28c4da780ef59df2e1e200c838938061bb632f6eea0be72e27dca

SHA512
17104c1a46dc86c24751c8319ad2e438a5681d4a616b188d841a99b1beb6b6e1b709197a1682fa86b16f4799ab7de44a0f7406f0ee00e40e766be08469799cb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
8e7a0c93745c989b32db093922c533d1

SHA1
3ad759d2b514af1e461551f7dff42389c0511015

SHA256
4bb1146f9205b2739eb64864ec752719b89984b632c58be3f231e9e1ee42201a

SHA512
07ce58b08e7a62ff6356cdb99fa12e0c20906288508db986a10851ce7b28fc2875493257de6980b51035615a22260e1618c4de0a13fecec7184e4883840c472b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1c03621ecc154c2ff8779d54b0d40c20

SHA1
4ac0317d790bfdeb63be86143ca2b879b99037f1

SHA256
ad225b8e8f1041919299cbefb7efba40a0a40b60efb83b9d3e40876b64a1d715

SHA512
1cbad192de28d7ade7b52713f9d73486a859109e014c451561151c65517e1a3d060097b2a692da8715ac444c91e5e460a32790c849a07503856a266f5c652401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
aee3ebc2506fcf17bfa7f9f7cfa69b9a

SHA1
a587b477aba71c1d720532e8b97c09fec2842e41

SHA256
043cbd1f066d99cf8faab65893aad9f8b238a880ef890044bd71d42885a9d3e6

SHA512
26e963dd5b9063642025cdc481adba2400fde44618e8a69bfbc3eb9c437284a105a76ffd1c02f84a464fc14855db427308ef1a20d689ca8ebce14bb5d5e97c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
254B

MD5
8b61c1cf464c5f0b5e7d8ef069451e24

SHA1
5cf96a32d0c1961656ab2be1e26c4fcca045fa22

SHA256
a9354c7f766b5e50c056113ef1c31e350c027b4610404e77841e6acf17b1a600

SHA512
c8d0e5cd0f119a5145d95f096849d6a4eda0e74f4f344f337c6d0a1572205074b1e4f6bee1437a3d16a37355733c1eef360d6f0ff7ecdc7f5ff7708d93445546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
334B

MD5
89d07c92c5a19cd13dffcd03dd3deb69

SHA1
5e69d06b1baf94ec04cf9ccdf41756683bb41381

SHA256
c016289c5d3de0f3efc6fb6eb43682a8f0bc6dc178a1cc44b29daa702f6a7561

SHA512
1af13fa0c9effbf50f66fddd3aacd75f58f6d3bfc653d731ce12c045bbe6a643ed5e310acf537ac9c3650d666d33594f5d2b92e949dc45b5e24dfa7993c5a62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d4485ada280129c5db4d69ef327542e5

SHA1
aee41fb098bf315ddc751a96c53135e25b504d5b

SHA256
0a34a502b167001b6f83d5d19e98ecfe7b71ceb36f96c385f82e4eb565c52b11

SHA512
9f42e6568a1da250cad35bfdd4572ba19cb4eff311ba1e12a29217ed8d66cb3cab210d1ed206dc059e5ed9ed1e382ceadd3d31775044476f47b7652789954428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e2cfb7564da447394c32cff655a07803

SHA1
319e831da0270c63d3bbb96ce419b341ac7c62bb

SHA256
588592faa4e769d35ee7eb4d7453af3050b468355b1896877b0fb99662c411f9

SHA512
3027bf58b77d1627fd7a53ce3c30ec52beeb718f67e9c81ae9bae90ae5f01c24c27a3b935e3ef2d1b4228816cc0659b602dd28f3a5148bcc80b072e64d94ddb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b89d240704b02e620f7726eb2fb2078

SHA1
78d9280a524d0530097a828d1831618341159a64

SHA256
4d039dd00294b3b0104172c4782735301983ba92ce0da6a305855ee44195ef42

SHA512
0aceaea4d6129dc993806cb2259fd5865165b3735e1b25af29cb01bd9c7f5d9ce85d706879073edf668becce9a70fc5f1818e0621089a8350d1a801c835fa383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
11e026104d83e7ab73d1ca0bd11136ee

SHA1
19672a20995a367bee0e5d5bc6ece90615df72c1

SHA256
0b332a223cf303529ef0f773f380160bb48d346798e09b5a2ed5c8f1f6c7d3bf

SHA512
d552f2ef045d65bcae2cd6626f6287152b34b537841a055bf348a717f874444d70a042cce1a3e8d8d0ee2c432c45a780f0bdfdfa32fcad163f971f0892c98da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aa237041f5af810a8c7a856cb6497370

SHA1
b40b0248d2a00516a98cfc0294437d88f9f85b22

SHA256
821d521e239c8c8c6690202d8c9a22b4cd45c12a77ec9c7f5ffe7b2c6317cf51

SHA512
c89893ec537c5f96c8203a3a1732a2bffb2efb3951528a721f509510a41efaf79d86c7216be62f5f4c653582691d35cf4f6fc7e66910ce0d882ccded4228732e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0909ee429f6463b616694715ed971361

SHA1
c06ddbcbdc92169656fac54493adaebeab712515

SHA256
124c2558bef0a373d84df9c95e1cf13bc1c2622033d58c9af49cd8e2f864ef86

SHA512
fccc48975935bae4630e894e3cd39ae07fbddf7d32a9026f625f591fdc19a790f04989836d86edbf7d03312500f4d28ea2c347d560a48d3c7402450b19ffdaa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
71855079c9340df16f02023d51ec1ebc

SHA1
35f1ae66cbdcab8412e9ca9d60185e5141ceb168

SHA256
68807a3d0408340eea447b2d0c263027266ec713cd63a09d168c1655554dad63

SHA512
73e67186be5ff25b5de91428117a4fcff2c7c040cc88c99f581ab7e06f9f49f959d43c428f27d480ebab2a1cdaaa59bd941e84cfbc7577ef025d941f15976d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
798b02b119f62ae89cb62ce096e34642

SHA1
8bcb27e8fa17d9663806641d72933145fe888f4d

SHA256
d016f02ee5f668bf768a082f7108651aa6a1ea6db2c802f7220f6eeaa1e1b3f6

SHA512
3e0e91c214d21ff299ba6a62b97a8da594d25fe64f04ae05f7060ca5aff362885dec92f9a3ead4cfc25741bfb56ca252541240ed513bdeaa690bf4c868b84d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
8e2a8d101a24a236d563846e13568718

SHA1
b0896e343db4933402f5a074b15cef44378e5f0e

SHA256
7426460beb3362e517bffb43427e7036386e76c19163d7e5c240daad0bd0de2a

SHA512
81a16921eed3084483d48726da4699bcf9a626ca5e8cbf0e408a248dc2e67678722ba857b639368cb491e11385cbae69db9ea69eaca13ac668d00a71d1e6ca33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
fad3f629b9ca89d2111144eea2f5e04b

SHA1
d26ef54776b0902fde03f1c14a50700bd9d52465

SHA256
a2ed5a1b46bc9152a749c590933a20ae6c581b85b5b8923509418a279c40c14e

SHA512
8812531c3535216296f3b1d08ad4ff7dc16c6314341063107a7abef3cb9f4e1d1e479774cf40e78a7f5c3a4b620e62ae6da050358c28e117326f8efd9d1e78d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594b38.TMP

Filesize
203B

MD5
3f0febfafc11468768392d65b1c04b9d

SHA1
966b3c8b3f7c2a7c5f47141701f8b434779741d4

SHA256
f1869980e12487e17232a33e9d8b42c662f9756e9790b6907ebbfc3d746b6d70

SHA512
e5a7fdaee7e81d75b072d58fdc5535bfb3ff08a09f7e3e0743615eb898ba3d38efe1140fc86eda28a817c699c21cc4febd59df14772c955949150874f025e021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1f3b14eed431b4f5ff22a8d974116a6c

SHA1
5967173709a07362a9954b45af4dd89bb61c8de5

SHA256
292153ff42fbe13701b2c3c78dee9919c27f1b8358254ac255ae9e55646ea9db

SHA512
a72594bfe0ad6f239580d30b06dbafdd07c21bbd3b7898685886e565249c7d1f81b1c61ed21e8af291e62acadd0b74878bf9ad5b268f9d1d8ffd9a18dce7d806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
826bc50843c1fcc787fc423c7ec62053

SHA1
76b5960de9d5894cc6f3a204c935c16c864c95ed

SHA256
01cbb79d725f112c887ae7a4e74471a84ef4a29c1343480f36fb138fa01b9fea

SHA512
728468c5ab1474dbbd16c93b9ab822e9ed9a89a32d795daa36739bfa3def739f1e31d0eb526a474e10c1878d3818f8467ca2b94fcfb07148a9ed228049a200f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c3996cf6-af2d-4d6e-9072-a9bd9e145437.tmp

Filesize
10KB

MD5
6993bc5c1c2222145d689f68d4013ba0

SHA1
8f53c86bc4e5e1832ca1a5f7da16272c2be955dd

SHA256
cc999691aa1a79dc90e4bbbf31fcb539fd139dcf7ed51ac1190476c7e3377c14

SHA512
fe9bba2dedddb6b386cd503721a25df663b2f2c195054aa57a976118ae030ef59b1038af54869f208e69c614bec88f387789afb5b0fa44535d90b5cbbe60601e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit