hxxps://www[.]linux-live[.]org/

Analysis

max time kernel
1801s
max time network
1807s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
06/03/2024, 22:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.linux-live.org/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
488	msedge.exe
488	msedge.exe
2824	msedge.exe
2824	msedge.exe
2020	identity_helper.exe
2020	identity_helper.exe
2724	msedge.exe
2724	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 4752	2824	msedge.exe	80
PID 2824 wrote to memory of 4752	2824	msedge.exe	80
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 3396	2824	msedge.exe	81
PID 2824 wrote to memory of 488	2824	msedge.exe	82
PID 2824 wrote to memory of 488	2824	msedge.exe	82
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83
PID 2824 wrote to memory of 4796	2824	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linux-live.org/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8b04a3cb8,0x7ff8b04a3cc8,0x7ff8b04a3cd8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,152452388190738854,9013099580686848815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4672 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004C8
1⤵
PID:1520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaacbd78b8e7ebc636ff19241b2b13d

SHA1
4435edc68c0594ebb8b0aa84b769d566ad913bc8

SHA256
989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a

SHA512
c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c194bbd45fc5d3714e8db77e01ac25a

SHA1
e758434417035cccc8891d516854afb4141dd72a

SHA256
253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3

SHA512
aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
caeab714868ee6fc5b4f6973cf76825d

SHA1
e09ae251a5fc29bd2de3ee470bf7f0411a003fb8

SHA256
7427b1462558dd5a0acedf3daa8b22de6ce315e1226fad64f0ee934729e8c8ba

SHA512
902bba9642506e7463740d33c3677b5105684817edc3f95b38098d31584d56112be76bf5041b114154573cada472db93be4c209abe5b80e263a11354334a20fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9cf861b26b7142c46011a64ec7c3754d

SHA1
829d8f8f018feb5bd6c15169af2a170ad28ab0f1

SHA256
4799d187a2097d941b1f1ab2b2242ba53a3ed3a546e7a9da0c902a96efb186dc

SHA512
c89ff487a6053f949e5124918177ed6408dc9e9787a48241605bb60f9f3effbdcb84955da4e21ae826c0a4ca840ca7877d98b425e34543164c1b42ad048df032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ae8070c96c056c3f0411828f3def355d

SHA1
118f894fb073bf3800a77fe7f8ef7dff0147c76e

SHA256
79c229d69d03cb1a19e49d398b6446b4a2c1e224c15afd4455567eab3418e7e2

SHA512
e981f6c11b818df8ebb83d6f89562ad6bf256ec323ea0a3b2f59f10ea2c1132c9a0024ce1f5a91340070a64f34c518dab29f94ec41366f40f798704f915b2d5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4b7cd6dd1a9bb57e148789e7bd42e3cb

SHA1
a762f5e34398b97700a0b0ce79892cc5672bbb54

SHA256
33e254653ece5a2ba08855666583f84a6740cb89968e3c937a47ec0c9250c9d0

SHA512
94281cc38fba2f45f1a3a88f71b57e4a5cb225c812098ada6588da8996a0b2f994a3316da300ecd2a1c0fc1f6184c5dda45785dceab4e63476fdaa61a01db8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1114f9156572a3551697d9e5541cc9cb

SHA1
67c7d3ca051317e156605d1a12b937ac86c8383d

SHA256
0655084823ed2d516954b9a372fe30471634bf2e1974fc91d812a035a90ad823

SHA512
e53bd128ce85c3b87d611a88002473e68ac67690d5fd530451fbc9a7ce97039ec0507bf5b335ae313a2dbc97090fcc14563e764ec94ce177fd496e00fcd72628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
efb5bf19e2ca508a3a30869de837340c

SHA1
60f8021b45409b118b3481d717140b2fbdb90d38

SHA256
ff2383bb5c70ff4cc269dcbca2298b605ec8004f0fad2e4a1fc353eabe7bd3a6

SHA512
d30b12075b9dc9075c0fe2cce3e7087fb43f265026ea1acdd2162a0efd487c2fe71d3ff84b807680e9d79dc6a4151d99031d171d5ed6d264db8bcc2c862b2b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
25d9b6f61ba366fba1652ba7005bf648

SHA1
3f395f89667e692cc3d7b9e49ba5701befcac373

SHA256
73f10ca98f08d69e2710b54bd4688a9f061e378dadac27d0ee5fa9e1328d28f4

SHA512
646bc2aae1f6f183c44011b3c2ae38492b933b5c6c622f3cb7eec2491efba006ecd73d5a68f813aeec34601472239a4dc7c45f125cc8a7eb7416023307b08bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5e23dc5bacfffa5d484dcc7ae55e2c33

SHA1
8c2f7b04218e636b8b7ef122aa1382464a721599

SHA256
a4af1c5ead68cb0537e6604dad8e6dfd1d65ca870159d7cb734348119ac7542a

SHA512
2ad95d71e644edd5b21e1d232ef49a00dd5d61d172196b962818b5c653c3169cff9011da564ec9bcabe02278ded8e0bfd2d59cbcbae587d69e3155e39ef44851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
630de2a7a035c5af3d0daf7523840c4d

SHA1
a069dbbb8663d57837d5dcebdc2fba7f52ddccb9

SHA256
9f488148213f004ade1cbc3c261a8bf6fd3fb61fea077486a0f1270dc08ffea2

SHA512
b586c9b4d4a0951d8d962388719ed8a95f5f434cb88a12c8075a90dcb324637a66157281f1f7a420dc5df077c0368dcd046f1e984b2248d0c05afc5e70a6da0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
efb65390ecf391e0560c2e83e943fba2

SHA1
54be8e556ad8ed34b01e61a0dba5f99e39cf6086

SHA256
717a4000e9154828256df772099529b09c921346201e24371236c13384c64370

SHA512
c772871aa180f91fa6a774703c95802617548b0ef1d212fed2fdac956923de7c0e663242269cdbb15cae4d3e93c7c4b5dd1886102a0248ce382305cc8e0b094b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a71c37bb0ac0c69f3900b08d6a4419f7

SHA1
d5c5082236baac0f6b4f3542126a831a7e516673

SHA256
2042c06de6d2b441b8bd8145bbed404a4aad7c0cde25c08ade1a12095957c2c9

SHA512
a4f1175a706f6d1ad38238b39a8797c227997de36d6dffd7460b4b8de7bf2879b7bab4bd71de83841445da592b501524d5be5945d89fdc9b6c35632dc136fcce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
19546a1e3ec5642849fe6647bcd0ffef

SHA1
4174b413e25a8759e00c12d435bdb847b0a04c03

SHA256
3e4a0e457cd3c83512e6f4c3d5ab074ab8afd74ab253f627aa34804cc83d4d11

SHA512
dfd54c3e0b74afecb8f8b8e70722ba1aec4e04ba7449aaafd69f1ea08f700357cf5e270c9439ddff6d9029c95a97254c570e4aebbb7d333e3f6552078ff4db60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7eb19bc00e3c0180f873db42ab3bec79

SHA1
dfe77d3e9dfe371f9c0a9bc58d294bb18fab2d34

SHA256
7ad7c9e61cdd12680487429b9fc8081bf0538d6d8c79e7c52c06da74844b2015

SHA512
64c9dab250558e0f19eddef910f7e677db7fd20aa2fb9e535c00aba406ad57ac258980718c2bd4bb79a8ecc3a924174c4fd207828a0c98e98877d1260b09dedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eb283847951300a396ffcdd0f5f748da

SHA1
5cd60c60d517e687f2715cfa364a2de3e2f807d2

SHA256
e99db96b1e0d46cd67fcf5f4cfb1be7e110c68da57666e17abdc468c27651e11

SHA512
851721959772041e7c6420c662177c14abd31238e812d77a4f987892fd40d06a4801fc963363bce7c70d5210449f479e1b67fed60cb1cbcc96a85790a88762d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a3d694a269a53e1b641c4e85f429fc61

SHA1
dca7fb6f3f09a285efd3ef45f4780fe859c354c4

SHA256
e477c3e948285e5251394c7ef76a1d0e6224beeebab65cf3ec7dd89ab1571ee9

SHA512
47369cfa1e7523a39d690e75775df307c6a8325f6971dfd9b0f757a4d4908bef95cc90b3f30bba7424d7f7c4048d76ab5dbdb3bc0cabfa458cdb8cdcb31f9d49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e89c5349b12092c461bf038f34cac4c

SHA1
63c9672595cad27ecd041437516a16712519ec16

SHA256
92cf622773979376d76bae4cd4eae7341944866a022ba2c5e6be280ecbe968c9

SHA512
a470ff390f6edf0ef3f87fecee7eb8c431f562a646b9c41213b91b6db2594c8dd14b191b576337197722de8fed6273d152d0bb08d45f1f3d807ba2b85ac56d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ca836eb3650decf0bd22c8460e0bf73a

SHA1
0eb42177505029f700bff1474688c49dfb0cd21e

SHA256
cfb0bbda899ec3bef169702562c1b4aa41183e03b5848ef012dee2ad5c5d8bd8

SHA512
f474a2b50f7e030ee855208a88ccdcd67e2136cb98177b19f840e0e511e2d33f89c027f2d5c7648248e280380c26b6171cb50e1b9e760ed3578721d91d68118c

Download Submit