hxxp://app[.]connect[.]awspls[.]com/e/er?s=893759278&lid=110677&elqTra

Analysis

max time kernel
145s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
25/03/2024, 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://app.connect.awspls.com/e/er?s=893759278&lid=110677&elqTra

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
4616	msedge.exe
4616	msedge.exe
3476	identity_helper.exe
3476	identity_helper.exe
1580	msedge.exe
1580	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 3968	4616	msedge.exe	77
PID 4616 wrote to memory of 3968	4616	msedge.exe	77
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 1120	4616	msedge.exe	78
PID 4616 wrote to memory of 4668	4616	msedge.exe	79
PID 4616 wrote to memory of 4668	4616	msedge.exe	79
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80
PID 4616 wrote to memory of 3896	4616	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://app.connect.awspls.com/e/er?s=893759278&lid=110677&elqTra
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffd2eec3cb8,0x7ffd2eec3cc8,0x7ffd2eec3cd8
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,18304842760454649801,12525754802264473554,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ec7568123e3bee98a389e115698dffeb

SHA1
1542627dbcbaf7d93fcadb771191f18c2248238c

SHA256
5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75

SHA512
4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
197KB

MD5
5e28e72b443ded036a4cf369d0dda3bf

SHA1
0500de4480a54243b12d096745c6ba04c9479e66

SHA256
15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e

SHA512
7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6b3c3d39f82e8a0f1abcfe6a9f36c0f1

SHA1
e454a1e0cbca2027d339ba4c7f53b1da57fcb398

SHA256
d32cc3ea497635c3f7e98337eacfedeb52cb3fd8af748d4f5e466e7e0de59bf3

SHA512
be1f9b0fa2224a9d5f052582c574fa3ede0a9424fc8a77be131dfaf25901fc660497201f0ed6843196ffdf5ea3702e7bd7b7f14bdf18ca94428cd2c718a6674b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
2d27fcc0627bceb4b0bc35245b69039a

SHA1
a66bbdcb79600d873b0a14c39932d7fc5fb4e448

SHA256
dcd7de4d9eb09d18b83b2318ea775577cd2f2d00cc6708752f14a3ffb133a199

SHA512
9f178d61845b01e45924a464730d09952697b6ffab5085007c8a3dae49318337735f7b6fe622ab63696d0c831e48530c578360fe4ff8b14f74ec1de5fe8be1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
62f4283409598594a81a8caaa039aaf3

SHA1
a920968eb69c7fa2facda6dc0529255e82e260ac

SHA256
f06875aad75e2bf2584de1d0708b30ccf7fd713ff4b51c0aeb909b8fc102be9d

SHA512
345476c8e3db2275451cb6a4e327adba9eefa0f1474a3a8e26ca9e1d6136b6b50d6ee6e3024f0c858ac9ba1f559320c3eab06b5f9ba746ac200f8dc2a7dd45b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
15f9453ae73f399c4afcb1e416f0488f

SHA1
30b821bc2060cd17be6f1d3fe9dd428edb33f75b

SHA256
9f3a8f704575d61403b679b33cd7169031e89151ac7377041bbdc5c883679972

SHA512
08c43178b2a57fa56447acc5b4bd9513a0ef41c433739372882de25aead1b81a2bac046485c3edb008f5e4f43fe7bb2f48560026a00e698ab2aa6970ac82c39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
27fa4c20cfcc4c76ea977a51cec1bb91

SHA1
82fc89562f01fb1c9032880f9e45d1ff02592ff2

SHA256
5cc3db374415e6b47de72d945a3e609f7a9ab96c9f31bd6ef5512e52730bfaf8

SHA512
739c4699fb9b1be9e4bd6877017dbe33a41e70505b1fa6b0e0d9a7becc8a7c36278ebbf6caff2bca27e0b0ad4047694edbca84a19868da5b358ce8bed05986ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c848c8c08474581fa813360232b59960

SHA1
b899f83c968c8b776aef46ab65f1c93073b7de90

SHA256
12b6e69493dffe5c51a39ef9163775320171319f9ae64e3a51f35b0592227664

SHA512
8577e3efc5ac41b7ae7ad7e5de4d7c150cb9d37d5ff66be4c44ba06c952dea83f332d536236bea269166e17d6b080cfa74e2c7b333653518e98977e3e87a1721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
286b87315bd1a624bc093656c7f1a57f

SHA1
01071ee34ad6adecc1aa0413d3b7e5ecd97e021a

SHA256
beff20ab5b3ad43522ce5730ed964f2ab025d62dbd4a798922c9a3b4d19c97f8

SHA512
55a527d488bfd0eec1f611ece8dee2d80244289146a6256850ef4165e97b053dd435c036c154ff7f28407d76b19af7f236edee8b9dc440c916434af0cc0d76e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3fe2b29174146bdf9744c1902a34c6f4

SHA1
e3a7b4a65b79f9964fbae5e872140fc4d2ece709

SHA256
733325aa61425c6381318b66f7f026457b6ef8d2ab89298b6292016726798a77

SHA512
47929081e2d2deec5f0759ec295f6f05ce097239d4fe43005e1a8c5efd8bdc05dfe4e4e4310077d10f164d739d26f9a673077bd4a9bd18f441cfaa7716ebb73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0ba15f72ffb0a37243558588d3e78221

SHA1
814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0

SHA256
3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a

SHA512
02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
71591372dd66f396c5f3a20a736f636b

SHA1
4df0aa345dd9f6a10282f726dd1d057e35addd88

SHA256
5ea65927c397d80fc7bec19100988d5da41f4d3b37c5d5700f30da25f5ac5273

SHA512
2375825026b1476fdf83403298725f5295fd39f87f1bf56040736bfec29d235adb0d44153d0e7ac4130f93f1fe0d292fc2baac22a1f7bd6b2e07a4db7bacf48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e4c29d968f92a70ad93011671033d5e4

SHA1
5eb6bb8fd07eed12c5a1c9cd0c8124349f968cf7

SHA256
3ebfae3255a4bdc13949c7263680782a68d59e6b08eb78b78a243e644717d051

SHA512
c8c4304a532187b0e60a6934b9a3ff6de29b593e9befb6bbfed719922a531021fe1c90ed897bb3a7b5d0330f409992b8e1ed2ce8cc77da40582c7d4a8136434e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58772f.TMP

Filesize
201B

MD5
fca268e202ab6a09ef0162121f0ed42c

SHA1
c079a027ca195faaa16e4737b7a681001aadbca9

SHA256
1e6952e4a0bfef9f623572956776caaf134c616857d49b85d90a82186e7ae187

SHA512
a4fb2c6c3d9b6a0df09da615512425f68048563f7361c255b30a0244d1a1cb314289b388d0b9ec089d6957c37f62fc0f7148514dae9d70365caff8b0ca54653b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
76cf8c0d37c791f4346bb25e8cafe525

SHA1
d1c72fa41c500f56268d9dbdde34ad3ab1e4a5e5

SHA256
cf3fe44d70789c0eee115b25607426148b2b85e2d47ce299aaadfdaae2c27529

SHA512
a455bce5b3d86f9530f17ca9b4f2904af839013246e0e3b974d064456bfdb3e5e2579bd2a772f1bba15598234989e590d06501735e75ecac39c95308d1f4922b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit