hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

19/02/2024, 16:03

240219-thbb4aga25 10

19/02/2024, 15:59

240219-tfg2vsfh53 6

19/02/2024, 15:56

240219-tdfe9afg83 6

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
31	camo.githubusercontent.com
37	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3708	msedge.exe
3708	msedge.exe
2216	msedge.exe
2216	msedge.exe
4320	identity_helper.exe
4320	identity_helper.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 5076	2216	msedge.exe	18
PID 2216 wrote to memory of 5076	2216	msedge.exe	18
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3924	2216	msedge.exe	28
PID 2216 wrote to memory of 3708	2216	msedge.exe	27
PID 2216 wrote to memory of 3708	2216	msedge.exe	27
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29
PID 2216 wrote to memory of 4700	2216	msedge.exe	29

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83d4946f8,0x7ff83d494708,0x7ff83d494718
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13863178747269082630,14915291543714768477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:4732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
876bf818f33e2ac8121f93d1d191659a

SHA1
b007d7e0ed147b24537a9d7fc7bff6cafe4106c9

SHA256
0a6142ab49d8ecf2a5f3213abf49ccd29ce2a053f1e67476b21042547a0b71d3

SHA512
8ea99a6950cedf6b776c3b950a7604356886704162ea4238f2c19b452b86fae942cd357436f925f6f2b773fdc98608861967734a47bf0a322f65ed885f3b710b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
657B

MD5
713499c420e833ac3b5c3f4c3170b085

SHA1
8b41d3133e8b5cd2d96f767be3bae77aa70392e3

SHA256
d4d238d51f52ef437692ecc3da6258e82e5f8ea54a1557a55c7247391e1e9e04

SHA512
b9250cefdb00170deadbb4045f7b31853bf31a351b7dd300335218c5fdb3ba84d3990c8438384b23b512e5b8b61d22514b433515acda17349a068ee95e3d5dc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f1b1250d31eb8443f52f47660b27b608

SHA1
958e77b1a589f9ecdcf6b56259bf442f832de48c

SHA256
4bc0bb323ab6c22e3c4f9bb2e1f1fe6d3542be6d59cff10ad03a77431872cce9

SHA512
e694449dd93faed7faa18f5858151e6ebb5d008f51be275867c6c985088e063f83805404979029318f37b6d3aab84a93df72898c641813802f141d0aa0f1cf37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd21d8468d06178e6a893026a7f74265

SHA1
44011034ba5d679b6198778583691c06545cb82b

SHA256
0aa72560d808ec66e5f27c55a054fdf11c339cf552a652111e36bc65d686b1fb

SHA512
eceac45e5025583e269aa9a07f944ca9c6dc6d9d44eb59ec79a3523ff186ba0ab3d5da42072d8560a508a0bf55a6c9e59ff55a08110a51160b7b3a566b136901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1fc10ede7e5d18ef3ce0dec571604114

SHA1
0993b50abe87bebfbcf41513f544f035c246e924

SHA256
7bbbb7491fbfbd36eb2f12f9e025b1375eb7794ba51cee3ba6f04e32692a1b63

SHA512
185ea3d6f712959475a68e8288f938a26cefbf7d37f24ffb882089c40d08e26be4d9431464d4e41d644f039017bd3c38d46104da7ca33e85fb4072e7c4c0f0c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c28a097cf72c8ac0b02a75c805f3f59

SHA1
6e8a640ccc8d87b83154719050c12a055954f204

SHA256
9a787a3d711f73c9cfc698e6a33a35750d89a832515fd03fa2c13089901dc73e

SHA512
a11a7a88d3ff9d13107dbab4321399d2fa73a033e3a69aa12358428e74c32ccb7d586f3f6466201038e88176333add754162bab7cd2301a62a70b4f3a056ac06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c56445605524a3be337265b65ce576c

SHA1
1468a65c311f6212ca0877af4118b3cacdc818f2

SHA256
fd2796c29d444ecc021efafaa253264290c18706faa5a4ea7150bb68c9d67dbb

SHA512
ccc9c15774f166d19173d814754ff885579a16e194f2efcaeff6b9b46a27acffe54dc752f0a6f2df000682a59bd325a58135302a93632753a5722ec60815610f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
afa7eac5cb83b36907288979e67268b0

SHA1
9e5eedb6611c79044eaaf95cbe8583f0dc35fd9d

SHA256
96eced728b80eb4aafdc41fdf35402c78de1b7539cde390ca6f1404dcab47a42

SHA512
fd46b440d25d092a641e46c0e7198de0e134eaef5aa3b15b80b5045fbbcebcc30046e6d98948d678d226d473dae17bd05f4150ff149a8afbaadc84f5a0edefd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ea88a460f03f8e5e83b6b9c2c5f55a1e

SHA1
1aaa42d6e83deaa94e787e2c2d0d5605eb615e31

SHA256
3440706090b4e254819ee5e89fc8b863f4e920d6db9b93629e744077ae55cac7

SHA512
6f6f4a0db8060270398d66e01863c024424c5639c3f7e7e020e60453403f0741d150efc5f1f587252ddf6b2cb5f0082e6ef75fbf304c41551be5bc31dae5ade3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a141.TMP

Filesize
1KB

MD5
79024c6cbbd05707b1c1a1923544b14f

SHA1
18ccca81fdd7a75faa28d0ab6655ce414375499c

SHA256
079af3f873042be9ef89cd79751fdbb24e33a81ba34ad947c3195bd1c33f3dff

SHA512
e3c5766123e58cd5a77d514bbbaee160afcf4f6f99d3ae2fc0c0613c0efc1bf87567a9de077b48af1414d738613ba458adea5e6b22c71df11c6d55ebbf686bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
097ae525d08c41d3e1441f98185a7df0

SHA1
6137c64e30920923418c51e75ab9f239f0f34e7e

SHA256
940fff0b367e3fc84e1ca50680bace1f6630ae94ac6dd34f836ff0a79b83a04e

SHA512
f926479c2e500259262dc338c4a7692bbd5122c72b970520633e956499658c4eea13f4bcf47f0ceb3ace537d5efc25708707ad3d88f12fd4990fae04a217d363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
78bb590eb733a4a215072a062e36d449

SHA1
deae75fde717b89c51e37c11fccd467bbb6ea62e

SHA256
1439d55d2c2fa80769d9ec1308fb72294baa645269c980c9b98fa16d3a1f1cbf

SHA512
5e76bdef33d9bc936a2a1ed9cd6d6922a918d9580179bb6a47165161dd6483fb91ef103afbcb67539a0cd803d520d8950e4f62fed30adcd20d96ee8d426538c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21d26767edc64adb3213b120e439b303

SHA1
9cce18d290ff57557cd3140c38b6fefbf5438d97

SHA256
faa990b1d931d619cd56c111305a32fcf24122ad1f65e124d90879488b4ea01f

SHA512
8ade2d46602d3e15491ef8a1a21cbc755157c5ba06d7b8a727f8228e3a4006001167afeb9f6154e8e1dfc4f7cc7fcad3a4ee95f75bb1f75f6d4eecfdf2064d93

Download Submit