hxxp://gg[.]gg/1aqwvo

Analysis

max time kernel
147s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
09-05-2024 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gg.gg/1aqwvo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
2260	msedge.exe
2260	msedge.exe
3792	msedge.exe
3792	msedge.exe
440	identity_helper.exe
440	identity_helper.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 3608	2260	msedge.exe	78
PID 2260 wrote to memory of 3608	2260	msedge.exe	78
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 1776	2260	msedge.exe	79
PID 2260 wrote to memory of 4764	2260	msedge.exe	80
PID 2260 wrote to memory of 4764	2260	msedge.exe	80
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81
PID 2260 wrote to memory of 3476	2260	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://gg.gg/1aqwvo
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe7e8c3cb8,0x7ffe7e8c3cc8,0x7ffe7e8c3cd8
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2504 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,4128797369565968744,2650242451810697272,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6876cbd342d4d6b236f44f52c50f780f

SHA1
a215cf6a499bfb67a3266d211844ec4c82128d83

SHA256
ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e

SHA512
dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1c7e2f451eb3836d23007799bc21d5f

SHA1
11a25f6055210aa7f99d77346b0d4f1dc123ce79

SHA256
429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800

SHA512
2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
9be780bc06907ecbdf0320d88e6da1d7

SHA1
5af34c97da84ba9319b4b8d6e63352eb9299bead

SHA256
bf111ba484d1fe1d7ebd0f2c1e3e61a844008abb17383c81610efa5f6ceccc3a

SHA512
ffa99bc96551ce59af822011cea136142aba10ea600760012ecc3bc5391dbdd3269e365770f4650e9de12fae39cad2a6f11d2e70a8c3c73ef17cdd93b2fb1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
54KB

MD5
3d43ad52a5e97214b6780973a555d0c1

SHA1
ac5dcc5dbafe9781453c87ee892c8769cff3df25

SHA256
2760b7d22f5936561faebf3afcec848f31faab71bf5c95243e36908178d33342

SHA512
e117dfd48a35fd897b052e4623449bceaef0b9d9742ebd078b36d6029743598e1a91c81c0f984f0b3e2b81ba02bd6613c78db6f477ee202374ef94bacf48b2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
34KB

MD5
ce56f347e642788b0bb63cb1a5246116

SHA1
df556d20a18bbd63a86c7aea1979b6ac597df25a

SHA256
b55f429e38dea85f372243e340d0183a2dfd071e744970125bb53c4cb7b51b93

SHA512
1ffc229e4d4f969d964a998c42e59b25251bf6aab7e49f5af388b36c2ae5fb4a4b54033d75c41db20c0f74ee3b687d5d0a576ccd7de21049cb34d08876fe4b90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
528B

MD5
e7c9ab69be19bcbea064d8a27c2e9a1f

SHA1
2c41a81ba41b4fa7b23a71dee64581a5dbe02678

SHA256
8edc3f860667c290a0fdad3494b503f6675d1eba91b94302ea3277f432145dce

SHA512
a2e33164e8ede4be90f64d81fde5e8c207b30e2ba90bf981a08aee52a979019d49251c74f962f48ec0b4a46248aaf617b3c63c7610896c691a91d7ad402a1d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
9de4b873e377b560c3a848c4bb5a838a

SHA1
2c4cef465f0dc2163738cf24fdee9f1505df2caa

SHA256
803b7902aaae23deb09ba5581e0bbf8b4c0f4c48b4b5b23df6e21a27f0f41874

SHA512
118124f73bbffca37d9f4e058336a70fb9232d7e0fea1e935e4bbd537359287b0c826c1c244012fa2d8a5f7203478652c4db556440abb6d216735445c29fd4c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4ffef11ff5142dcf381581d120e2f35e

SHA1
3fac73f337cce39d7a0d30e03166dde6a91cba71

SHA256
b52489cc8af3907eb656d896dd06e0b64162bd900e9ffdd679aa763c34ec2dd4

SHA512
6a7bdd0212b7b9abce1def5773c302586da09876594dceb340b1e90aa7b70c28c33e5bcb61d5ed6c904c7d42af00e7ff8d1bc348571a4eb8808b2066db226761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
45aa20e6197a42e5b3cb4c7a3ea126e7

SHA1
c043f4822e1e998f76b221bb03e700c147f7a8af

SHA256
a72748a4d34d8a04b16e1856c9498db005cccd9e51721ba08753509f22fe3375

SHA512
a36806feacee6897e458d71dbe25623555622eb0ed28d1145817d224bcbdf2b5c0c4a9186bdb4355f306292762a2204d93a65641d8c8a04ed86a9efdea587d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6cfc53db8c253605e9f648520f0004ca

SHA1
38b4888c8f47398dc82b88ecdbec437588def20c

SHA256
01dc6f1b1a4be48f4c92d3c175958243d8c82ec49e96fdf67f0f0775b54fb549

SHA512
152005adc4b92724c61b0f939adcaaa449e56ead9c44a61193e38efc0e4d0a2226e3477705bbdf068d50f903a5cea00bf42168c04ed6f0d1df18aae411411ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1598eedc7c29248fe4afb5e117b9152f

SHA1
5f1da48bc967e827b0db6b3e7a315d73518c331b

SHA256
d4f6cc785972a6ef09ac304a892c2632de4fd2c1019bd1e2a947a56aff30019d

SHA512
918f915c11cb9c31976a535a841def608536e8f6ea92560198829fb421a8918e5c88a263c34d6212c08940469376805599f95fc482d1d88b5fed49876f5ecd56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca268c787a6f26ea7c6c345a194dc2a3

SHA1
c3b2a51c3124e2ff9ffeee9fa3097ca5f2ddc305

SHA256
2478a34219cb47076646a78e33cd078af8f02d4f431edda86e38aaba3440086a

SHA512
e6abd338cf1f6b96daab8d316146aa52f7da6a0b50860acf807fb22a2d555b2c4f2f5bbb62faf28e93cbe6f4d496d4a90155754525253ae421c44f142319a082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
7e8f7d218701bbb2fc74356ad6c34376

SHA1
b61c3a83e4d8a75f9cb15e5c2d23d462da4e9f5c

SHA256
7713b8b4f49012ba426300fc5a0da4a454622114e1f40fede141d6020abc44ce

SHA512
1a2947989317efc7bf712aeb2c887ae9421909881fd91c32b29658502d694652f31b49c0344da8258ea947b1ee588aeedcea5cc5a20c43671ab8cc7980b50473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
20fdf16dae7a5af7c80ca33f759e0fc7

SHA1
d62e2e750df410f203cf3f1736b1e02cdbc80e89

SHA256
069e22e1d19f4f3e773b1849836d01ee29888cd71c5d7910c06abe1ccfb0cfc8

SHA512
4ad6562122cb9a2c7fb468ca8e27eb2db50c91f4463cba35c4dc5f936764f6155e88a667e5f5e5962dac3d9c1c4870539fa9bac3b2dc4e2dc450eac7aef73713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5812a8.TMP

Filesize
203B

MD5
40f943b433562d225d0249acee5437fd

SHA1
fcb8ca862211eedd066a3aec9960ed89157bd167

SHA256
0f462f29a6c21b7de08748fe03e6ba03e2cd17c59d186b1adcc7cfb4ec6b842b

SHA512
dead9c2195554ab3ff7fe2cc273d7b6d98bc95ff7e703b9b875ecc7948d584db74f65046bac284b5c5392d77809b546391f07f79891837c83462fe6e9459adc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9af184523d839b11f56b35c63ee452e9

SHA1
efcca3ac9d3b7d058b5ead3b32fa1f243e92c829

SHA256
67d435e0aaca5ffc7153c0391b6bb18797946aa401db13cd4bfd620a419407b8

SHA512
b973be659df470ecb08d3dcbf27380632d50ab3ee83cd57b5f280e814d459d77a2b1eb49eeacdef815bad31fdccbd4c8dba295763d1bb022c86ebe3c4f7782c9

Download Submit