hxxps://fiber[.]att[.]com/?source=ECBB0000000CG100P&tfn=homesolutions&WT[.]srch=1&wtExtndSource=S_AIB_IPM_Fiber_G_FIB_SEA_CRS_LF_SALE_GM_ALL_OOF_FIB_NA_BND_EXM_SEAR_NA_NA_Prospecting_NA_NA_NA_CPC%3BGeneral+Prospecting_Internet_ATT+Internet%3B700000001889173%3Bat&t+packages+internet=&ds_eid=700000001889173&ds_cid=71700000060044898&ds_agid=58700007972218069&ds_kids=p74305571038&pg_var=NHL_EX50&gclsrc=aw[.]ds&ds_rl=1295680&gad_source=1&ds_rl=1295680&gclid=CjwKCAiA1-6sBhAoEiwArqlGPmKAbn_adWGye7HPeU9AX6eRi-LM7QBs07jMDWHgpfQ63IMBPI0bLhoCeGQQAvD_BwE&gclsrc=aw[.]ds

Analysis

max time kernel
210s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fiber.att.com/?source=ECBB0000000CG100P&tfn=homesolutions&WT.srch=1&wtExtndSource=S_AIB_IPM_Fiber_G_FIB_SEA_CRS_LF_SALE_GM_ALL_OOF_FIB_NA_BND_EXM_SEAR_NA_NA_Prospecting_NA_NA_NA_CPC%3BGeneral+Prospecting_Internet_ATT+Internet%3B700000001889173%3Bat&t+packages+internet=&ds_eid=700000001889173&ds_cid=71700000060044898&ds_agid=58700007972218069&ds_kids=p74305571038&pg_var=NHL_EX50&gclsrc=aw.ds&ds_rl=1295680&gad_source=1&ds_rl=1295680&gclid=CjwKCAiA1-6sBhAoEiwArqlGPmKAbn_adWGye7HPeU9AX6eRi-LM7QBs07jMDWHgpfQ63IMBPI0bLhoCeGQQAvD_BwE&gclsrc=aw.ds

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
4748	msedge.exe
4748	msedge.exe
3108	identity_helper.exe
3108	identity_helper.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 3856	4748	msedge.exe	16
PID 4748 wrote to memory of 3856	4748	msedge.exe	16
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 3256	4748	msedge.exe	29
PID 4748 wrote to memory of 4660	4748	msedge.exe	28
PID 4748 wrote to memory of 4660	4748	msedge.exe	28
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20
PID 4748 wrote to memory of 3412	4748	msedge.exe	20

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd092746f8,0x7ffd09274708,0x7ffd09274718
1⤵
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fiber.att.com/?source=ECBB0000000CG100P&tfn=homesolutions&WT.srch=1&wtExtndSource=S_AIB_IPM_Fiber_G_FIB_SEA_CRS_LF_SALE_GM_ALL_OOF_FIB_NA_BND_EXM_SEAR_NA_NA_Prospecting_NA_NA_NA_CPC%3BGeneral+Prospecting_Internet_ATT+Internet%3B700000001889173%3Bat&t+packages+internet=&ds_eid=700000001889173&ds_cid=71700000060044898&ds_agid=58700007972218069&ds_kids=p74305571038&pg_var=NHL_EX50&gclsrc=aw.ds&ds_rl=1295680&gad_source=1&ds_rl=1295680&gclid=CjwKCAiA1-6sBhAoEiwArqlGPmKAbn_adWGye7HPeU9AX6eRi-LM7QBs07jMDWHgpfQ63IMBPI0bLhoCeGQQAvD_BwE&gclsrc=aw.ds
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6868 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3891432107102517420,3203334985717405496,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6604 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1436

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x4fc
1⤵
PID:1368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
75KB

MD5
fd27de860ec3133b51c5a68ed41b46cb

SHA1
9fc200955a93812b0cadd9acb7747bac09ed289b

SHA256
010b4600930fed2b9c65420667e2557bd687e8625540a4a38adaf64f94a821ea

SHA512
22b3c5c6ae079fddfc363af5a374895ad9c57828175ca445f5533f0c2c8aa9520a5ff24cbf89934f4fb98205a500e91687648a537e598dbaa46c4c35ef22e82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
a5b8e56b338664e769c29150ffb8f8f1

SHA1
90bfad43a8364c952f442d3fcf3bf3c815bd6009

SHA256
0968d035301d2f5003f5296f10cb73afbd5c66e4479c23f58be0745199dede9b

SHA512
7f2883f0838bf8d3477701bfc9e0407548ad943105e0a16abf028e429fca4d7e09ac72d1de1bc82ca77e4968c917cf18a021337b21c742aa9ddd95726eb66df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3c49b795c8243d9c7fa6ac782eb4b9cf

SHA1
8f739d42640274c8e8281c7e1d9329e29d537b32

SHA256
14bced1773080c458b2e41bc1cdf0deb4939fd74634f141203428d70e6afa172

SHA512
a96a611d5363b1c36e8c53728f6ebef83980346bbf8a6cdfe29eeea9ae88a9df3515211715111a5518963daddba7d926d79d3a5c5de354cd6ae9637e4a344cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
05d31e27eb05cd55f9d1609f30f53b30

SHA1
743018e3e7f305a2c9dbfb6da418aa28fd1c9bae

SHA256
088cee18406159865acd4f50f8998360494b5a46dddb3c88e129a0fe86d92e95

SHA512
797783627d6636e5aa24b828fd24af9238234768e728350abc1a7ba198434538fdc3a2047d2136e4ea531ff2d1a2d825792e2074f59d50e3b6dc75f71ad1eab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4a556d50afaa111b2304f35583a976b5

SHA1
189a868f4963aa5505a8b51d59921c168408e318

SHA256
0a8052f183e97b3c16dec41b39998f23b8e6a064c7735f2dad88b0874aa01c89

SHA512
186b78a4a62694ba26b12b569691f78ac4a6d4d5b9b222e669604d5b3254ee580ebd59b1c478d18d70219b079298e5f68eb01cfbdbf6a262633874fe3590d7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
631cf76e4775bcbf0397e4dcd69e674a

SHA1
d5810928b773bfe95f5e8e69ade6d2133df92097

SHA256
bb01da25560a14069391baefff8e6af9bd88031b4a14dec0635bf1adb119ef68

SHA512
260c65b74f01b7ec6d7bed0cb8b62e9fc74431f608a8ddbd9e23620ff81087d3ddc7cf08e6d3ff84a8c65e9f53798772b0d33a75c428f4e5588a21fa6448c880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c1f18388843652346ac0b3bd4c20a21e

SHA1
e75f6d1f6296b2b37d055b67e5a34fc35d160726

SHA256
6d7defa48c1780bb1b2fc893f350246a60364f401fc1ec817987609ed7032e40

SHA512
5891a1d93f3e9481aa6444e1c34e46336665908aec84b8711014f0566d2204440d42420629348f099af2dbe15cadc91111332461ec4e981f80ffdd44b5488fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7213ebc62065f8a3f33bef9f9ab66f3

SHA1
7f8557fd8bbfb0be113418de81dfc39ad7c2c705

SHA256
973021ab683d7a5d001864ab37cbc91ec1ebfee3025df91006980e0d2b367b47

SHA512
85989177de2aa02fff69e0aa60009fa75ac5495ed1d4a5256be074d5ecb1d3145c5609e118dd5f39a50f724fc8817bdba2da74c66af40010b14628041b27d7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
03780d6824f62e7dc5b5c5d66a5c20e6

SHA1
5ffee1b241fcb4b01df021c1ccdcf56ee5858f5f

SHA256
417aa997a21bfd6581ca8883074b3bca22c734ca1a6de32d4fb979390dd3cfbb

SHA512
b010376b7310072bf573a36f9007a0f17d7689cbe7c6c4755c249dbd06660858c600912e623ebbf1cf3f7e2a410b2146129bd8975277224ae712fa89a48dc0a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
77b20ea320f96db0c606e6ef8f2b6b7f

SHA1
c08193c92431b54d213edcca84df7fc9b3c64c75

SHA256
0f98a4bfa3776659413a1e1b35dbb681185c04ef195796642ef8ada6287a9703

SHA512
618357eb35ba3748375c558e8113c8c2e6af1eb80e0b46ab2fe5616b2d48f240a17df7452c23263f2d5308e7711cea171f870a0326fd6f8ea15c2b431c5334d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
072ebdad57979dac5411f4b0e101ce81

SHA1
51586e01ba930963b838588384a49b1ee1336659

SHA256
a4b6189cf31ba77317f6e2186472e7769dfde155c14749171b2407f9136f83f2

SHA512
7e4af665806a10b3f92e663653c5d7020a5929eea1582ceee292015fc5a13e0df7537ba5ef8779b8f6a2553cbbfdcab98f5cee1a8594bcbd09d2d914c404c747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bdfefd127330ff822b347d2bcc7b8c18

SHA1
bf48839690d8548842e0d76554f781f72d925611

SHA256
d0fa9bd41c20f463a9e4683f7dfd51a5c9a28fb5503f169828093b4df1c3fefa

SHA512
2650bdd770e93be96c3491593f37f2592cf4c8c425d7977071c100147ac26161ce529e9f5b60301cfd9a5ac28ce419f1684102ee76d53936d2688afbb247c690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d6a3667e6a6db867fda5210ae4fd48a7

SHA1
a8df3c9faa8ff523fc217d1785721bc8dfeeea4a

SHA256
56c7d47b2e83490196305be6d321ff122aae1cc48c65d821b3bec46569be3022

SHA512
b8411f98b30f3d65a5487b934a1a310a1ebf3a8c3aac94546fea5422500781c39d2031789cdb0bd83823113ddc623ced8bdfa5ae92f08432b994344b4f98261d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
48876f43a1d806f252738dcccb02950e

SHA1
75042c39e9d1c9d918c26f3267ccaa631f39e3ba

SHA256
7d069e2e04a35b386d37401f8fd9285463f63a32005cb33f74079f1e4dedf93f

SHA512
e5bfcecb6aec2ed516eed57653736017acc9a1e0824eaf5f00fd7a4675f4e63ff1f2a9650829cdb2dcb12e902c298f95688614c3a88adb79aa3a7dfcb3b4e302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c6d72a52e79fb1b992a5af9e1db16099

SHA1
37ccccead6a5de4ba8bc57cc939b0151935ce687

SHA256
b32798d6839aea830d4a8d065a8781cbd58d975307f84d5abfeb3422a4a9094e

SHA512
1314b7d9111ef50dbcbe2d8ebb579ed4b0b12ff7f5a887c0b38dd6d67944c62a51ce8e132e4902eb68e4f2dbb693fd9c6058a6b0e4de9b424b13730b80219bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
03c1cd56030b9f0ca8e4d60f4702c4f3

SHA1
69187e455dec4598d0de40b619da615448a27cd1

SHA256
e133e6130cc9a8f954f61201159f7ea50b5166d4a2268edaf100d53bcf460f94

SHA512
8f2c098c7b13f31c7d8c4d8d0383dd88d35ed4d4ce3c68b9d65c52d6b9a404223d7071ece7b87262ab96c626db3cf3f162f1d966e5b22c047ddcabb9860f712e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e2326ad8a343d230dd0e1937b043ab3e

SHA1
2e4cc263229eaaf779d5519bb8e318b73e85fe74

SHA256
bcc6fa5fec123fd0e6b73a78a54066388eded6e9a0868aac6fbc171cc34de7b0

SHA512
d1ef0a3a67e8abffb4545527d53853f2f087a7c2babdc9f30552088fe1f85917cd6866f2f9e556d67a7ae1dae7741c9c8fd829919e3a8d700727136853f55be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f7e330d32216985f6827539b695c1171

SHA1
5d5f1987ed36356d60e72ca66836a972a859407b

SHA256
87efc7df293456b9cf356b8a18b7e393b21bd6a849f5beb9ee46147d50898d47

SHA512
425a03bf82846393dc7031bed275aa67a938df65babeff181eebdfe836692b31e90e1b0a69f29984aa2c4fc07cdb9c25320b18686408ca0c89116e2318cd3c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
dbf80881c2fc2d9ee65a4d56f4b2cf28

SHA1
407d1b39cf974de08deeb6f5d3426b8d7fdf8f70

SHA256
361cb0a774ef65f071f09096f085bbba4851d4f4b1ad9fd25febc9660f534dca

SHA512
5a780975e08188ddf30a36dce75c49d28bba37aecc0b9858e78abd889fee7a2dd26ccc44b13591723d1f2ca10401337ee3aedff8698eb91baf7ed3ae7181ae81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
76e5660fab14fe69ede03b03a671633c

SHA1
ce45acdd420e4d34b22d6fe51c7979450a1e2086

SHA256
ae36b53c28cba726884f4cc6b4b20c206f54993c16506493ebeaf1666e7baa82

SHA512
6c8bd85d28419c392a49ea472d7fa2630f36a777f059fd1504c5db7e7b15d5a0c220a3248bcaf9231fbfc453037d4802596b13a402582e10a8cb975775ece5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3bb56b2a2ad4cddcee38eaa83f3ef637

SHA1
e47360c5371393b0913316b96d44079c992426ae

SHA256
13fe80e07664446b092ef6de786e2fe20d7ffa13450cd8a3b23ae90957ab87eb

SHA512
54fd2739330fb409850bfc8c9760034442dacc8ebd8e176ebd1f74db9871e5bc29841afc40d21490a9a68af2ba422831356d6d7c59ccb73655297ca101843b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c13d.TMP

Filesize
2KB

MD5
6f9c80068cedcbb4144dc11d06c5c044

SHA1
c8d5a80aeac2458c3a5d5878b3879e5d89e3a2c3

SHA256
71282e58662a9b6823a173e2c38593592aff85365b6ad6b506e413885895c8b5

SHA512
7140f848e6586fbfdba13a8517adbafc815bd79e7796dfd802deb6d347dc92057608e3ec3f40731fdc41bf4526f4f94b0e0b8c401ccc7cd56d77712aa8e655f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
909e474fc531521542d88f2c52f16ad2

SHA1
a8a8a252ee1940ad8b30eeae3db7924f1b1d6538

SHA256
753e448e225a3eaec665f853ddce7816475e55b7e8454eacb3aa1d63b84a1212

SHA512
ed3ca3a6281f59edd0a65b2f0bfcd058d0e3e1ca1fdf1835145146849f7baa52fbebcc79a65ea5188d83369cdf1a12ad9b70d824cb86d454a3a3dfc4c3992366

Download Submit