hxxps://www[.]mimecast[.]com/lfs-and-sm-privacy-statement

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2023, 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mimecast.com/lfs-and-sm-privacy-statement

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
2104	msedge.exe
2104	msedge.exe
3508	identity_helper.exe
3508	identity_helper.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 3792	2104	msedge.exe	84
PID 2104 wrote to memory of 3792	2104	msedge.exe	84
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 1952	2104	msedge.exe	87
PID 2104 wrote to memory of 4320	2104	msedge.exe	88
PID 2104 wrote to memory of 4320	2104	msedge.exe	88
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89
PID 2104 wrote to memory of 2376	2104	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mimecast.com/lfs-and-sm-privacy-statement
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc69c46f8,0x7fffc69c4708,0x7fffc69c4718
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13071168337920995484,9163205205306578767,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
428ca4165ab2f60e0314536d3670ce82

SHA1
aeb9095e5355a2d1fcb2a62aa230dffaffd7d522

SHA256
31a9e3dad82722a2ad4501f72c804ba79e69dadaf2de34fca58ec0f63a6010e4

SHA512
85e504fbc8126ec5a06015ebf13aea707305cf24cf23a0494e0be3c4ce98318291243cbbf050eafb5d68de9674d550142f240fb073ad350c4666b7a4599e80c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
961ea77abb2f136bd9367804ae3badec

SHA1
d59471581400087a843efa9e58d60385eb324c3f

SHA256
23a24c6bc5e08522c471659bd53beccacfac0c0bbfe6265b92f86440062f3ec3

SHA512
6c7cf741d9e522e0026ba99a23163b6673c4c91e9ce6802424f606dba879efeee0e0ca966416b7e5064d58cca0276e4edfc3216f3134837e2e869ddee6c4102c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
06eac5cc2726b2e0911d2a1c180671d4

SHA1
4fe23292c48ef108d78a6ff2a13517122d4be77f

SHA256
61f62983009ab51a6d02e4f10420e5c9d51335d8c1766672a6b4db6bdbd028d1

SHA512
1b80dafcee9437e9c3f7ab053e32f24c077e0dbe40daea856fd0aeb36038601df2cf7a12e1abc2a154f962a8ce80c77cd5b24e757a69932a5214ab98a8f7f3a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
4672339599d463be3cff101f29023578

SHA1
119e30a2f5ef5ebc1fd037dc4cf3746ef2b2d61a

SHA256
80c037942737606049893bcb1d30ecfdd51576c5230eaab67a2ee4f27795fd39

SHA512
24c103d78b6de9bf89ea75b9a24a9839d210fe4ed3ce5547953390abdb8186c4f7a8d339f7d3ffceacb5c727b3ba4ca47ea4fcf7ad892b3d65b881bd42c30ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
dbba33702fec862a67677962252b1248

SHA1
d1cc65f4c84ce67d7b8f40ca51b5cbd66d60621b

SHA256
5dac6a2ec3300359a5f6d0b1e9d389cf7bee7bed95eb06f7695dffd4f46d6eb9

SHA512
c80f8f42a579979ec8f935ae5a8df0840e061955531129856554c8896f1f93077cedf9be029df197b3653b0c0267414a4fb0e7b64317a427411c3bdd9c26385f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
710d07de1d40ef6ac4cc8b426111cf74

SHA1
6f3ee0686586cc23bcd3308da5cfdba7da87e1e1

SHA256
312a538eae146ed34e3e1f702290557b9a54a45d2e265b8f25689f7bdd206949

SHA512
00cd18077c4a4bce703d1003460a09af233ea4318441eddf5a2c66d76d643ad8e47219bc05cbd6f3ea45ad1d32b33d9a60254ccbe41882a60470ebf7427c0267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
301a977333b3d7acf245c87dd6354bc8

SHA1
9d9a9fd4b3e63c6aaa4dd7e5b47c2b19708fcc03

SHA256
878845ca93ec61245b14b4fc5e86fe46f7af3cd31a5f162b91447984bccfc54c

SHA512
51d3277ad4cee47fa247dd4b258cbcc89955bedfa09183db952c26591074583bb35f2b6b51f08245f7b912e20e596f7627d27849f1e9a53ecffaf7c9270395ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7bab9e9761161205cdfa6b86f2f2c47e

SHA1
086dfb6e3bc4644292985a9cfdc1ff24496e05f9

SHA256
c6081c3fc65c0a40d095794055e83c99ae6ecb2689f6a12907aec4106fd8b3d8

SHA512
88a2bf40ae03ce57006381ce0856deb25970a6667697c5e34040c3561e16b7cda88d7a45c2313379565a34aa955e9425ecc4887fb7f75fce7bd71bf05d47041a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7cb4f2b6b8e56972ecae2aa44e19c455

SHA1
2760a781479c41e4c6d1f64ce0609c75fb03b549

SHA256
9241b843879c3e11f3079690ca3a3f03162d0595d16d8b2804a90e3efcb7b260

SHA512
9ea2685ae7619d6abdfc53c28458a85bfdc601d32752414efab21fc4d133936997e131668d03149255123f60d2bdea11306fd8cac4acaf8affbb2f71be49ceca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fd20981c7184673929dfcab50885629b

SHA1
14c2437aad662b119689008273844bac535f946c

SHA256
28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

SHA512
b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
34bf2a962a2505cc91da23d4405e28c8

SHA1
56381c397b36ce341c2c80717cd4b21cd8415f58

SHA256
91059276ec4175da11835100be9dcd9f87199c658a4e4af93e53a8e5a2503de2

SHA512
519827c9577063fb5e943da23f19910bbd25124675463f38edf0c599fb345e96ca41aa9d96a565e051878cf94882e1f5480c5ee763664a9490d0bc6eaa79b22a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
04f507803799d2aa72788ec832b9d32e

SHA1
51acf47eea0de24a2c6806abf234b02f8ea94b65

SHA256
fcc800e92671a34d30c7874e593c0fec698553f3fa781e0cba1e934ea4fb71d3

SHA512
73b1ce4c7fbf4d8b0ecf6e3253fed822f6daeda0a0e3a3108413fd37d59524abdb5eabf4693a69392ca7a4b7ded14050d36512cd7450432f36a360a79db0f7ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1ec830e571bed8d0792068cc6ae6b834

SHA1
60dce51b56d22a078228721311943fae87829a1b

SHA256
2653187488f9937fe7aa444de74438079c0a11054118852620847f1ac44e15bd

SHA512
967b2595af5ecac6f4c27f38415279f48807b0b76c677b628886982d5b9a9938737ad0d8ef828b38d9c5d5ad2959980c87efa546a677762059eb936cb6f562c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8806ac2ba89eec0f65acc5c686f900bb

SHA1
01db5bacb5a19c4b1777157a124bce454ffa5b24

SHA256
202c91eef8edcbbeff2d9a403c5f2ff8869f2c8df272272cc1b5b23d8bf3a513

SHA512
24c952779ceaf3aa5c7d15b9aae09c5c3bc93dfcd3ec1cecc6fab924951d07cae60f54e10d805d03a8ee084b2f991de31340184ebd5de4feb7ea14cd443690ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ad451dfca89948c959bc2fc29a96c136

SHA1
162e17783685bf2847093ca62cb8c94c0a8b5862

SHA256
6c45005128542ea7ccc7ceeeec2308ac40797c73877df93c34007dca46ccbaec

SHA512
22f0302034e5d3011229ec982427c61206a7c4696b4713edd6f435a63a5c3a9fb790155bada9c997fc625d422e61c51f5bdd0546f0398800e98e5586ea133c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
f2980c16a6e27e604f1261c1aca68273

SHA1
e40143b30665a81f2128696416a3155742955d62

SHA256
c45d54dbf001c7a2a7590a2772d34eef11b814025ff62027759d59a5d3d2839d

SHA512
8d7a539715c92d2785d52c799dea2726fda228b3f0b1d29d190fc51ab2b00e25a69fd9f87f1da6e08f42193ea34eafb7b2843087ec2534d94e64c51862881cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
507034d59414ed35962d5b7172c518a3

SHA1
568744e3f93a28d43226bdf4f23aad34558f9b85

SHA256
9ccfe35abc8cfe70ad899f2e62990790950c382dc792244cc91c773f0ee13c43

SHA512
48bfb187f3112badb57f47a3e01b4ab394563b8d0e3719ba4ed54d039a4436334c8633b1f6caca1d5a9ef9fa62cfa00fa1c493a0ce1292ac0dcf9e03e40755a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
28ab959ea21ff92b42444a25a781c2ca

SHA1
8f494c0deb1d0b85a3609b4c6ae81e28ef7260cc

SHA256
af76cd97a10c6b45e3130eadf468ff8418b69287a1d6eaddb15af512dae89ee7

SHA512
699e8484072572e7b2ce131f43a315c64577b0ed918c9134258dce9286aeaa7ea085aca744e9f8d68f768a153ab7a7ec631588b2b6409585913aa79fe42920cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
966c56ebe434b5c881e4f9c31b13b57b

SHA1
6f5f930a1b71097da76ee1a775f9b67a801db98e

SHA256
186941641bff9351fabc5dce47a06f7af28e0b156ba9044c118e109e64fe4c06

SHA512
838c6774cf5e43a223f12acaf8f2bb24a48309407780ca6cd70bfcf1213234e4dc5b53cc47aa51ee919bc458022014f21b935e9322bf19553533f6d7fc72cccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f4a1.TMP

Filesize
872B

MD5
db1e55263b2557af90598d56a1caa00e

SHA1
fb7909621f2f41badc601cbf60dca16836bc199b

SHA256
debfcebb2418a67d59a1124ddb2ec5a35d28c7574a181e64bcf9b5fabd851526

SHA512
e1c1be4e991f1645bf0a9753068a21dd08196252bc33b117c2d3e540eb023d5f2e2781f95ab0e22cc64ed078ddeddc97ea35e755c4ca3873d77e74a6392ec3e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8c3f2b735cdce0d2d2615a8d36d9f01c

SHA1
8b3da8d07a7ed9c09b884afc0afe4609d847df7b

SHA256
857a652a6a12a03cd4fcdb6d1075248a13dd3209c98b295367b60f16e906a570

SHA512
ff7b6d930ba25a85b9522d1c9bd32bcd24881bebc2013384e33e304880258e797ee441532a334f143bbc93ac87a3764571b972cae81093a32adb91dd9db28025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0f4dcf4473261931779a9903b0b95eaa

SHA1
379b2cc113b6385beb0c5afda2313f3ee5bccb98

SHA256
2b9d12377cebc5a0f2d1ab821876ca61dc244b3e3ac99450de3e2a2a756da744

SHA512
ca68aa250b7541e4da763e31e1b8a54e9e8ff4bb42c66569fe9096befdc77a53c34c160b39f64659a1b2f33cb70629c936a13216996f28e2e99139ea893f4697

Download Submit