hxxps://producetraceability[.]org/participating-companies/

Analysis

max time kernel
360s
max time network
385s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 08:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://producetraceability.org/participating-companies/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
620	msedge.exe
620	msedge.exe
2928	msedge.exe
2928	msedge.exe
2008	identity_helper.exe
2008	identity_helper.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 1880	2928	msedge.exe	82
PID 2928 wrote to memory of 1880	2928	msedge.exe	82
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 4236	2928	msedge.exe	83
PID 2928 wrote to memory of 620	2928	msedge.exe	84
PID 2928 wrote to memory of 620	2928	msedge.exe	84
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85
PID 2928 wrote to memory of 2868	2928	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://producetraceability.org/participating-companies/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7e3f46f8,0x7ffa7e3f4708,0x7ffa7e3f4718
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,9108907936227414701,888355188899052721,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,9108907936227414701,888355188899052721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,9108907936227414701,888355188899052721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9108907936227414701,888355188899052721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9108907936227414701,888355188899052721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,9108907936227414701,888355188899052721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,9108907936227414701,888355188899052721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9108907936227414701,888355188899052721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9108907936227414701,888355188899052721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9108907936227414701,888355188899052721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9108907936227414701,888355188899052721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,9108907936227414701,888355188899052721,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
d9d6502271f49edd900974b2a624f278

SHA1
1a0b0c11876252e427315d790f98639fc1630820

SHA256
4ef48931d3e5784b14c3a9c2a742ae2cfa1cef987e95b8aed7ff1b0d020ffeb6

SHA512
cd8661149b14bc506c2d84b9bef7c36b3e414d4f5252d208af92d122a868e36b5dada99f6c0b8f92b30e1dd7f0ab00f99582e4e497941f5cffbf8b32b0499b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
44KB

MD5
8873820f1342e701cb4fafd8a9eded7d

SHA1
17e0fdee7329059bacea7f5ce9e36b2c6d9a222d

SHA256
2d89e7f63e52bec8887444046465c98938b6872a87ebffdd4e79780b83bb14d7

SHA512
f48eb963346a0227d589b2fc7f7b9691096951ca8c42e6c53a468292e9eb039782b8fc09a48fce052e0f7347befacb580c55ec2ce26472d50ce4e586f52950d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
68KB

MD5
686bc2122c2755346d7297a48ce83d83

SHA1
2ad753e0682e61aaa337a8f0d3557d2029394ec5

SHA256
2e0c62bd3742bc2fefa94c48977b2b5ac617803a3e2a367e0a26936ff1ca97f0

SHA512
89f939e5dd608b3b129e609e009d89c0a739a294192da7ef248d6d6140cf0113b1eca21d2583a42d82c758e5a382be7d7c2c26af7e95a217e01c890d0158f9ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
241KB

MD5
7777437efaef75067545376327e0bf11

SHA1
d9e1b6d91c98f608f6dbeaf2953ad0ec3bbc669e

SHA256
7fe4618fe2d8cf7c8aefdef9ea0aaa99b05b6644bdb2576308964ab7c7504bad

SHA512
c823c0217c37669b5ccf086dd5b945a98cb7df0aba1fa67449c9e2bd87bc0075b339d5a34add70879bb76dee78c79fc24b34e2dd2e2204b5cad41b01b4eb74b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
71KB

MD5
7d9af5666f62fd93f759e5d5a220de19

SHA1
0f42356e6b4eac9cf1d23d0969d365cf0ac7c770

SHA256
06fb74d9e1b89d4fa76d6de13d0bfdf6a67c6bba7958f8dce8e89e1c1a627dce

SHA512
c30567b4cc721f48f0ec989a7cac01a4e2d8beff31eab6db2b3bf3394942cd11542d9b61b67fe2180cc2f8a3e67b5592ae6a20047c4cb43a2c65f62d16252ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3db18e8ccf7877fd_0

Filesize
20KB

MD5
cbf460a846359766a47c5c0ec9daec03

SHA1
d34fe6b533cd10641cda994952ab5c95d39ee3a2

SHA256
df8477b003b4b17489f8269c1f1ff5e298052b18464ddfe5c542e44f8f53f262

SHA512
c6799607be78b0e8127745691a1c8b0ecb94906ba58ae75463a40852cb0c9d6e658445c0b978eb70711f290f8bb974aadfc261b3951e20639f27a4e98aff0c3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86742f3e55e6f450_0

Filesize
221KB

MD5
df004a4d2514de3f82f9380a5dfa7279

SHA1
127306fcff1024bd6837aa5b0bc7002d73db5d29

SHA256
ef169827fe481d7b7eeb4b7628643467a6d0e8254a0318d32a815853f07e6e24

SHA512
355392d0c661262292695f7e8ae6526d68f352d4e214e8e472fe632fbef788437255b8efc1b041f83ddf828a9cac7412e962d59a2ce544a01d225c92486c5b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b62b8959ac1766b2_0

Filesize
388B

MD5
a1678fc6a1515f626458f51308caa0c4

SHA1
806caff02c8b69998a684735ee93cfe4ec659d96

SHA256
4e5323e24129d3d13013b995228241459a17392a637b90d3d20e7fac6cbd6a00

SHA512
e7707c3eeae39166099173bb437aa427d4228beee74da113d3f7c96d71d079d0c5fb82519aafd41b2175dae59fa40100eec545377a9fba3b08de24226a7ce3f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
ea873af06dbdfc02f12a09df328edc07

SHA1
334bcead4b46554c5625be3e6f8e0b3b2d9faeab

SHA256
ccf28797f77b43a30a7b607d0d90153f413da3af3f94602fc6203db9d1ee34bd

SHA512
cb8ad910d23d86df606cd5ed4b757b830e0cb7a2a3d24ad2cc7f7206d590e624aecba9d9ae6d45acd6138d5b22713ae38b349df88fa34e8ec087950f2315fda0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ccc246e584dc633b5f32317ddcb1e833

SHA1
736bf93eec5698eddc410517f34b7a3f3782405e

SHA256
83ba22e1e265830c388e4c5b2e7df36009982d8b17fc48043c4fd66fb66fb6ba

SHA512
a5908e42dfcfb210045f2455996bd060a557b66414ba74855dd96f72ef68d593c2f45daa169ae577d28961657bbd60cbb4663b26435104a0470a4a7936699c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8de78a09da2fdd28ce5d40adfe63db22

SHA1
95fdb4cd87ff95f1945866e337ad5e6d2dad279d

SHA256
14e7d39e2ab7e35e5c25241f057900e28cbda29926ce675c14e9d08bed101c50

SHA512
71356688ed22ec0f6476213f6b3aedb7a5cda7b278e97143bacdbf084a6a2b3fd9ae69faeb03c3557f6c35543d5bc7e55979e30692c47546a448c748ed36b680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b4dc43f0b38f69cd104ed0fad1d1830a

SHA1
c043c8c1f6d8b84b4999f749f1e00c2e41764336

SHA256
ce95be0c03489989620b866a6f0d851e8db1ad2e607a7f95ee8e176df4e951db

SHA512
8e5641b16c7b849a13cb0fe2fcce44d30db7175aa06b4b777855599920421855e2a1bf4173dbecb31af8c220771576e47aea33cf0488ab805afff77f42bf138d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3038a7248d7b8f3262afbf5e102cba0a

SHA1
8da2a8cad8f17bea11b97b0bf157e67d7d1308bf

SHA256
893ef13671fbe9cad7a5f52216b8705a3258341fb25b3dedd42a0fc9a30ecb0c

SHA512
e2e2a4b7132d288910aa89d1205aaa66073a9e8907431d3141247d38c3230731078b4a51ffdc4d54e3a72514744fa5fb926268c578754c2362b875d289920438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b1dbad4cba0a935817278c14bfb2181

SHA1
41beea56c8f07db487efd0dab43719b26e3f5540

SHA256
10fd34d77b1280d65ddd217f9ce5ee23ed1a8e1d9d2298b48e381eb02a368206

SHA512
1bb1fb61b053f56a32b7c6fad58dd44382c2dbd66d703d65a820d795ec12c46bb4ff1aca2f24503a90d6eda5a4972d364e4ed2a919c1a9bc1848b9c7e6f47de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6975a8c0232c41dde1bbfe15fda6ab4f

SHA1
eaa1e2373c8b1cb98408d87c9624d1dda35b8376

SHA256
2d58d5e1d15e7d8d85a58a39d7dd46758bba56b7b65e926431fff80bab8e0323

SHA512
f249b971dfa955e291397cf5bf78732b3d878c6fe8e18219aa909d73d980f72a142c42ae9ea07d0e3df71bc7bd619ab6880bdf7712c1f7a39cc5e4f37b245d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
69562a62c183ae15b113cf6eddcd66a9

SHA1
15993a1c3b97790f037565c9b34b9bc5e0212c81

SHA256
2c303456d5d944f7c690bec977cf42cd5be3e8d816bc6185e2f4245707c04cf1

SHA512
e28ce09f467ff477b248cd321460d3f9c87c895f055bfa28ad52d2179c0b6f23b010e2e01dc53204c6c0106c4a874ca1c4973119dae1488d45e4fb08c44fc8a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ec1ca0384dd38cd863fcb8d0416e2cf5

SHA1
33c2ea85c5efb3ebad04ef0a9dc3b8a011928948

SHA256
782030e6eae4996feff718c7a5cdc109f4597588f21982d4b6e33e25286c0619

SHA512
0af983e1ffd50849df782584ce109b87cae6cec2742f81736a151803a98c636ee190ec96d9541b28e6c52d152b2f9db7fb489c506ee365085dc74a9998723d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8209c0c40de68648d56924953fa43938

SHA1
40a734c870045c1e7cfab8ad528ee71fff2b18f3

SHA256
1b6ceae72d91fa4d6048c495922222a56f5e453bcb68c297e3f3c39d4e9373a1

SHA512
c103d309374442441467eb661c1dd0490502cbc6583fcf56feb3a890be2bbe5885119b9ef7239e7d25d1b1d5190e72f6b29b7054886491715221b0b4ce5cebbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
1fe9a300401b1af0de4ccf93dae77e3c

SHA1
8bc5065f913e23e934f4e1911d4479adcf57fc97

SHA256
4a6747111dcfba7292d2f4868c393a6625868223d0f168aa5750f35bb2412a3a

SHA512
8d6b5ecbe784147c2b30eda546fb2d4405b5ec6d206d2cc51d2a164a15bd28fecb7c4fac05143b122ebc57b41ace0d5a5c95dad640db29f457bd3a5c823d5851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf94.TMP

Filesize
371B

MD5
ab4dbd07c3b7d61de3513cbe1c80001b

SHA1
7ec2d85b15cb5a57f1f1d399554687f51c22a2ad

SHA256
aa92cc7d2c3e3a8ecfc1f7486a867cdc922ba15cd08b6eb0467c0570c91d3c8a

SHA512
2c985480ef961cd6a2aaa2fb510a24e3fca5cbe8a39dd5a96f078d976cd57a09675ce4731af0243477180edda6a11e5f22512cd1956e887ee41c29a54eec286b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ace81e20baf7b72daecbf4ab60b774dc

SHA1
20ddbb30d2c9b0954777d4c2938394c41ab95dc2

SHA256
b24eac1c74b172e50abd2e956c122f0159765f110b3e9ad12d373bd25cb6b4fe

SHA512
b7aeafe20692d46dca6c2c9a7224797898f6f105997ee5d8b5273d5cf142da8ae58eed408d99108e5e98c2bc746c39dc105fefb7bba522afbd87fea787b326ed

Download Submit