hxxps://cloud[.]letsignit[.]com/collect/bc/63ea7e4610f0bb2ebf2ab929?p=EGf6L-_TO5Ll1JbMMaZI0zjUgVis4Ptz2E1sjWgApg6ZBahB0N9Dn563XAmsHkiiihcSutVJMn0Rnta9q07_QWO4Wb5FeSm4adJOCGhdy5tEz_xJUoYQqa6j1WOskSAyZMiWUwPo8UJI3EZeqfCz3AVHpATwLnM5FeMIHV_ejTM6rNkd6DqVKK15R0_k_GnM32vBxQ3l1oJ9--hiY8XclET6LsnIADRvVgADXmZrfNRdeajQu1rS161FOyrpDqV3tZEQESktuzYv1q2hMkXyag==

Resubmissions

16/05/2024, 10:12

240516-l8w3gsff3y 10

16/05/2024, 10:09

16/05/2024, 10:04

16/05/2024, 09:46

16/05/2024, 09:33

Analysis

max time kernel
181s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 09:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cloud.letsignit.com/collect/bc/63ea7e4610f0bb2ebf2ab929?p=EGf6L-_TO5Ll1JbMMaZI0zjUgVis4Ptz2E1sjWgApg6ZBahB0N9Dn563XAmsHkiiihcSutVJMn0Rnta9q07_QWO4Wb5FeSm4adJOCGhdy5tEz_xJUoYQqa6j1WOskSAyZMiWUwPo8UJI3EZeqfCz3AVHpATwLnM5FeMIHV_ejTM6rNkd6DqVKK15R0_k_GnM32vBxQ3l1oJ9--hiY8XclET6LsnIADRvVgADXmZrfNRdeajQu1rS161FOyrpDqV3tZEQESktuzYv1q2hMkXyag==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2488	msedge.exe
2488	msedge.exe
4432	identity_helper.exe
4432	identity_helper.exe
5620	msedge.exe
5620	msedge.exe
5620	msedge.exe
5620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 3296	2488	msedge.exe	83
PID 2488 wrote to memory of 3296	2488	msedge.exe	83
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 1512	2488	msedge.exe	84
PID 2488 wrote to memory of 2448	2488	msedge.exe	85
PID 2488 wrote to memory of 2448	2488	msedge.exe	85
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86
PID 2488 wrote to memory of 1572	2488	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cloud.letsignit.com/collect/bc/63ea7e4610f0bb2ebf2ab929?p=EGf6L-_TO5Ll1JbMMaZI0zjUgVis4Ptz2E1sjWgApg6ZBahB0N9Dn563XAmsHkiiihcSutVJMn0Rnta9q07_QWO4Wb5FeSm4adJOCGhdy5tEz_xJUoYQqa6j1WOskSAyZMiWUwPo8UJI3EZeqfCz3AVHpATwLnM5FeMIHV_ejTM6rNkd6DqVKK15R0_k_GnM32vBxQ3l1oJ9--hiY8XclET6LsnIADRvVgADXmZrfNRdeajQu1rS161FOyrpDqV3tZEQESktuzYv1q2hMkXyag==
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb84cd46f8,0x7ffb84cd4708,0x7ffb84cd4718
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,14155756003547593646,15998986210248509993,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
537fc23d5e92ccef303420d55772ce70

SHA1
401d0cf049c6b9f7266320712ced92a875613d86

SHA256
44734ec2c85d559bc4d218721bc486ae45bd44df28f5716f2d1ab48ca19a8f96

SHA512
ae56820a65f3b2b529bcfe006fa98abe7e6556fea21d78d058819240ff165bed771b1dee82819ed0b0fca8f553f59f03b8b4ac02ab43190dd63f7510a46bff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
16d22196a8b47212a645fd67200e3996

SHA1
5fffd3f43ea27d1848d59cd592f87d1b192ce273

SHA256
f1f8ddd17818d1b9debbb1ea62ccbd3ece63ee67c0ea29a94748ffb7cc389ae1

SHA512
9dd03600e1aaea1edb115c69bac3425677071daa5b38e8868f89c5b2090c797e06b1204cb9d399ba406ffbcc23642a724479088a112e7164eb9117fbfdc32f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c9f1c6e6c366e73e03d9e22ba00c5425

SHA1
990fa044817ec5f739ea5e22bceff9ed852a46ba

SHA256
495cf365dd12e32eef35350f662d6cd99d12111962be3567227478de3e9b184a

SHA512
76c9b73bb64c6a8c4b5dd3276c29f3b6f11ae2bba38a82e03c418f8e5b048b5972d0f88fd814fcc6b054d5605a6878484d609e6dfdc16e992e26256817028a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b49888fb88ee5d8060e9df91850d29e6

SHA1
3cebe2a14c5529d143ca982c0606f715b3d74816

SHA256
f3e34b7f60e0795145275eea0d322a3409e051ca3efb0b2aa9a395c5a2294883

SHA512
a4522204c0bd7f63bec727ebb1c16fdb5cacac2f4af7966bba2f90db40e5faacc5a506da3c6b4ad8414b5362e9f2ba18224a0035c41053d854d8d7e9435f0003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3465aaa5181f30fcdfa8432fec43f2e6

SHA1
2a702457f9025ea3960fcf7be127aaec8e744c98

SHA256
a04c349829bbcee8c6811736a8049fe090342b1b68938bb0e46fe6c560995578

SHA512
841896b5fa37da481ae5507bb65edf8078da715be97c3a78c60a72f9865721323b29abf7d40a68d939d7889d1489378957a985f2311935d8b4604eecb2fa5fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ed39c791ecefa09f64bea7047ed73fb

SHA1
0923984d1dae15a74149b004a67a40e6e3036e88

SHA256
dcf81f7b8950a623fb6ffb5d4749e1cddc0ca7924723005146633ea1a8529872

SHA512
1fe5fb5e5fd365250cc19b847dc1c0e6bf4bcd1c4a9551e2c3c4e3312128e2c07665c72d292354b8552f4a08161f5851a494936366b0f40ed808162f23874568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
9341f1dcabea1536aa6994a99009e023

SHA1
a0a3e4356908dc350f9d94ead8630e91cd02025b

SHA256
d6a557240ef8ee3839dd76cf2a10be2e771e2a69f357f8267b96884074560c9d

SHA512
57a1c67fd5a17cf18df76f6baea888dbb60c0237f8ce4b6e8aea134da063b40f7d5eec7006fc2d1e938107b2a19d2fd89109a6a37a3e63582e898bf3c1736ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
470ef636e9d594b72cc682d02fdfc3cb

SHA1
e4a8bd13496d6cd8c31e6b327181606c24f55fee

SHA256
964960bc8e560faa95c2812bef9ca5af8d802fc6ec0e1d8669d248441b336bb6

SHA512
42f7283aa176b8990565aaf1ad16f144a2108abdbc6f7a97c4fd3a8bd923ae8a574c246aaae472829322e0778bd727255caa05b25e4af79e4bd852ea2ca03030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579fe9.TMP

Filesize
705B

MD5
4ac653782930057b97602adb082e47f6

SHA1
bea01bd64f72acc1dfc8ad90f158d790fd8c118c

SHA256
ee8089b740f0eaf51f66dc39d4c8b45ff737c2846b4194ba2a9a70bba8b4a367

SHA512
5ee918adab9f033641612b49891d54a670b65de9f04f03e6c0bfef524b982cf69409ecdc76f871c30a4f43b8adbc829ae3ffe457b8e2ee2e420cb9f9ce6897f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3ac77e70ad5e37846897217bfc633207

SHA1
89dcb52e471f26d6682dfdbfbd7272aaa895ffbc

SHA256
fb871d49050f717406cb3fb530484f169be47ce0a9c687061d7e27fcbefb9147

SHA512
48e80d8244d7029ff760c256052be526f1c50c8ed0c3b8b452a317f41235e4ec790af9328ba05789832099cb0237db4e8ed8ec8670d1ee40e7473778fe37d5ff

Download Submit