hxxps://nihrio[.]sharepoint[.]com/[:]w[:]/s/NIHRIOEmergencyDocumentRepository/EbxZ4FkO_xxLiJi_A8qU7soBDiAcYnUXCY94Mg-WoVvpCg?email=konstantinos[.]kipentzoglou%40britannia-pharm[.]com&e=JTSpUz

Resubmissions

14-06-2024 10:36

240614-mncc1sxalg 8

14-06-2024 10:16

240614-ma61gazelm 8

Analysis

max time kernel
424s
max time network
448s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://nihrio.sharepoint.com/:w:/s/NIHRIOEmergencyDocumentRepository/EbxZ4FkO_xxLiJi_A8qU7soBDiAcYnUXCY94Mg-WoVvpCg?email=konstantinos.kipentzoglou%40britannia-pharm.com&e=JTSpUz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4240	msedge.exe
4240	msedge.exe
1200	msedge.exe
1200	msedge.exe
4092	identity_helper.exe
4092	identity_helper.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1200 wrote to memory of 5036	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 5036	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 3940	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 4240	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 4240	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe
PID 1200 wrote to memory of 1204	1200	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nihrio.sharepoint.com/:w:/s/NIHRIOEmergencyDocumentRepository/EbxZ4FkO_xxLiJi_A8qU7soBDiAcYnUXCY94Mg-WoVvpCg?email=konstantinos.kipentzoglou%40britannia-pharm.com&e=JTSpUz
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe706746f8,0x7ffe70674708,0x7ffe70674718
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
2⤵
PID:1204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:4024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:2844

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
2⤵
PID:2540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
2⤵
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
2⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
2⤵
PID:2564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5404 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
2⤵
PID:2948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
2⤵
PID:716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
2⤵
PID:212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14586642286848103639,10253624493845753069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
2⤵
PID:616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3280

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
1d981ff2508396047f0e4ca4cb936817

SHA1
18f0541665547581b451cc5ddc1fb387b5ad8a6d

SHA256
39ce0dc8e1a6aad45b942c2166b214339618d2ba886ca9c8eb74507fb6c34f8f

SHA512
71efdc3ece1eb16db8c1ccac9fc4d840e223ee2967c4d75e4f48d6c346a6178f616bdefce14a40e207544699dd68a4bedef109ba3024f18767a25f9f115c1b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
8b9904b77f2c67b3fd9f396a4c9ec48a

SHA1
becbe4a99ae7c08a9ded237ad4b79953ed259e96

SHA256
5685dea106345b33a3286706729a90eb25e5be65a491e301e17c548e1a2d7435

SHA512
ca7c03d60a46d1fbea2b1d3a668ed5814df5d458f696e30e9db171ad304b7f6c15789c11f22253943e19b7d457adf31731c2e3fef776897afbcf1ad6c63205d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
c11d763f34eec822d7168a7bd0674138

SHA1
b3b0f7443dd69ca27cb770a15229f8698ddffed1

SHA256
5f119011b771f007ae06fdcaa520c9c04593c2e800d68277223e6ef9c00485c2

SHA512
33f8ef0c3ef8b05c62715b98ea7654541513f2084c3ebfd480b8d2ec33710821753c006bb57f1121311cbab00274ca9c499447d9fea59b94853cef926330a4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
355B

MD5
3db09c402801b76ab951bc981abd1070

SHA1
d1da7aae9bde0992db752dff001305d183034425

SHA256
6f18409d4b3391c245830a8bc549132a751702f749561815ea025838a4d2dec8

SHA512
7fe11acc0d212764c67f6b543ed94bfb61cea91e739767501348cb508fb0b6d9a26c9b68b0f3d9f64fb2f1a4499b4ab895f2e1b5519ca89eb292cfb618ecda5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
892B

MD5
9a0a90e76067f60292797ac23d02e851

SHA1
567a8a11b6b99fa029a1c9ebbaa6728e2e7c77d6

SHA256
072ffe9cd6be9b8fa0a04ff8e6eb931273db71b07ff5c8599575f2535d4658d0

SHA512
1338326dc65c9db90d1edcb8cf2e29bc1526660644852e2243457719265fdfb6d4b7aa3763137887c946a29b83bc79dc188ab96e6ff0f88030e5b12685f5e098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4b6917f567bc607da4fed42764110b4c

SHA1
d18acb55b44e228b7a57f26f43b26f28eb44b428

SHA256
18853f0fa63479fb9d6bef253b73105d6d7082541df2bdac51e84c6d24298acb

SHA512
56f697acb1483bb93b9dfb00f0346afab9f3f7a26fd209cfc4846fa0cd3f13ae6ad3c5aa1ae6bf2a0506690c79b721d56ca9ac650712ac81a406c870260aca34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c9e5c1cf3761de5b775c7677b8659fb4

SHA1
5da65176ad70552a4144e645ccb0a7e3870fcf7f

SHA256
82419ef075591a91118de7e691cef73090ab1735223e63bb8bff4438d055d559

SHA512
772500c4eb619c91c00addf7b03f652da2ddfd19fdd14cdc0749706ec35c02b0c635c60d956de4fb53f0c75219f21bb661ac37acd400fff76659668d2b766f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9f46ea286786fd22dec1041b47cb9f4a

SHA1
e975e8d24aabe2dce93b5c8002bccb16103417ba

SHA256
2abbb8f51628ee79d3e17d5832a8d3a847c6a778ddec34bb5a6af327d7b1083c

SHA512
09fe99662a7a9a5230821a9832a1d1324d575414817d0a0533f6355a713bd510a10608276d13793a92a33aab57c211e3dea65f8432f592124a285910dca6249a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
14eadc2e350bdc255ccec677b324f643

SHA1
1cea1e69dee7af502a88dda2276bca48d8df8753

SHA256
6f57a43038d64f4645eedbf5a371c90fc883b206d7eb148ac6314fcd27540885

SHA512
c29ec6f79335f58688d734c45bac7ddeae9637e23ec1c7c2a560067666ce5ece7556aea60bbbe2aa01638b6dd4afe23dfdce113a1544856f53ae88b96dabdf0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1605f4fe306d41b883b9fd13b3b32e64

SHA1
fd2cee6560de3c8823db5d9d515159100bcfaa7b

SHA256
c034ecc5f42551905a15f61a6fbe916a87f63d72372963ab32bf732aa1444414

SHA512
51e830ff8aa151b644025ab830cdf70d3369fe2d18e7796bbaa462c4d0c83b8ca0e421efd9d73ef1ad47fc5fa6ca9b7e7d0edd52eb8e0003d5a91f0c0ec95163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d9d9a61c17d77471789f496738834a0d

SHA1
d054d3f2995c89e3560c80e83199272f8e3f94ff

SHA256
861968f5d08e63753ae41bc6daa1561f4968b469cfaf5fd8a962d030869dc125

SHA512
717ec5c9dc4f5e4600fef0f96b095ae538d2aeeba08a585614959afdb662714ceb13deacaac87dfd77943fba4ae421349e164c34dea38791604130330a6b7711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f462.TMP
Filesize
371B

MD5
d3baf41ccb5102bca5f2b36f5ec742c3

SHA1
725a39981dff2f5b72dffcee385465d27b6134ec

SHA256
d664341a5fa9dadff47ebd044166031bddefb2ef56e89b2fab918951a33796e0

SHA512
e8cd62005d62cedb31f6c647fa61dc3f27ff476911d9e8ad1e391e88d582fed17f80db632b0d385d1ae3dd12dc31fcd690c28d56c017468d6cb59f4354fc6e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b5eef86c-4083-4ad0-94fb-6ebe58550860.tmp
Filesize
1KB

MD5
cf1b224d2df5c98f86c1431a616944c4

SHA1
971756c111112d5284458ee2f879e4bf6bfeea34

SHA256
db32a6b639f39cafd0e8d7e56628c853f380caec1ea0fd4e08dc628bf5ffd791

SHA512
1292e2eb626ffe40f156344fbdea470d7489e7aba5877b91744811f2d1b1ffdf8034952e8790023f780d3faff7c5d63089d3f9ed90dff69de9ee1ed9618f4531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
017e96864e0f9c7acb7b1369454a4ab9

SHA1
2e79ef0d906630c7af6ac59b913fd70e436be628

SHA256
b59c7f401f9a774462085b05d31c8f6207f031685bdd70126875fd6ccb6c7bae

SHA512
e85895e750a39959a16947a8a3ea4af6a7cb5d65a6887704399fa6ed0abc90889600f9c438247050d6ff4711b0c48ac2c2697276bb03d71f8d59cea4cb56308d

Download Submit
\??\pipe\LOCAL\crashpad_1200_VRSLEWXNVMRFGKKP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit