hxxps://bit[.]ly/4ebMbZF

Resubmissions

16/06/2024, 11:18

240616-nenkcs1end 1

16/06/2024, 11:17

240616-nd39esvfjj 1

16/06/2024, 11:13

240616-nbtl7s1dng 1

16/06/2024, 11:10

240616-m93gbs1djc 4

Analysis

max time kernel
148s
max time network
144s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
16/06/2024, 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bit.ly/4ebMbZF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
3444	msedge.exe
3444	msedge.exe
3064	identity_helper.exe
3064	identity_helper.exe
3048	msedge.exe
3048	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 4824	3444	msedge.exe	78
PID 3444 wrote to memory of 4824	3444	msedge.exe	78
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 2128	3444	msedge.exe	79
PID 3444 wrote to memory of 4900	3444	msedge.exe	80
PID 3444 wrote to memory of 4900	3444	msedge.exe	80
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81
PID 3444 wrote to memory of 3404	3444	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bit.ly/4ebMbZF
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc30143cb8,0x7ffc30143cc8,0x7ffc30143cd8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,12035427421603409703,11871665518465217224,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e55267c0fbda9d8df06b42d3b78760c

SHA1
160676e944f686f75f960c30b0f3ff603467d5fe

SHA256
d03b831f28544786739b84a32aa015a3f760b4e0b26cb5777fe55f4678d6aa8e

SHA512
1a280b569189d3ce02b7fd9a53c0085f8f5a8a1f13c0f00c8aee23dfbd042bac5b2c0d3e64cc5a420dcca9a20bd1bc4c1be262343effda8f109de874cdd63ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
418d6ae7018df9202508b29666d4993f

SHA1
2fd78bb51a43911f6f27be12f93c8ece7a432736

SHA256
4a317030c5028d1506a634eda4cdc84ae69621e596278c935899aadb89be824f

SHA512
e47f9aebf117c0a96776ef48e2f7edce14ff08a63920ed899da695a1b1ec1b5e73f23674e3ac387e396561194d67e505f3417056214318f8c83af879754de0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a97265d-7ca0-481b-9a8c-09e4f38fccc7.tmp

Filesize
2KB

MD5
e1ca8fceac963f13fe1dfd3803a03f98

SHA1
9c6581493ac0cdb8f822cb3002629c2f418a3aec

SHA256
070c999ea578f9870688e275653efd924019ca90dd181e5cb1d42a99ef1d78c4

SHA512
a03d81d0c5bc8c22fdbe5895c9453efb2e85ad1e173d657ef03f7b1e776829d5619df5dd87d82d0a59b47b115a9103c389baec382a25a5975262e338c58222be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
74KB

MD5
a4618cb4837ace59d6e796c6375344df

SHA1
be7c1789ab600623f0ecd468a89aeb852f002ea2

SHA256
c0e1bed7a1ae97342732651c422512f10d708f1722f1c683ebf33247d5a0414d

SHA512
c3c026aa68d77453dbf98b09f3c57f111dfd5ebe9f96028a9ac2ad28097ede8b86338c639c9d31a82baf3cbf2da307c03fee61da8c9bae279e3c80cf25f04892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
97KB

MD5
aed84a320fbfbc09b1bd21b6b600c654

SHA1
0eb6c6debe0c73c7eab83ac7245d6c0f893dc327

SHA256
fe0346f774c7363703bb08305a9c2254632b3e879d966a5ec1e4da8fca767f0f

SHA512
7cb7969ea9e7d77e36af570c83fc2557d6f6ebe68af056ece68f901009391941dacaeb57bc9916824d96d5cb02e98c9374a017ec7777509c801a0ce4904a2117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9d730f15384e660be595dc8ca764c913

SHA1
b0899bcabe4263cbb1b819e753f8b0793ae3daca

SHA256
ac7ca5a27d8183390fb03b9792b1a77f18151db094e1e1698db02f4984b040f3

SHA512
17890f264a3bd0cc7ac756701ccd1642d36b30c0a30c2f93162e75cd8b5bb2c1df750f87387e31a211a09974084d1601b8b7fd8e9b57e4b265b16c80f4ef4c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
3fb90828c8cfaeef84d7320ee9766d9e

SHA1
67062695af6c38009773273dace63f3632c35750

SHA256
3f6f517dd4d64d31af0962ba821d459195798f78ee1e221e37c0a65e42d3215d

SHA512
d54a3baafd5bb6f1fd47fbfb982252f14c515b29879e71c8d69b5a2ffe8d906410b66c5d56f28bd5a5e699624f0cf204762d124289b50a78cb646702c7426828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
a81ed7871117cb21596cd4722f07e40d

SHA1
d20ef12a26d8937b3f2ef40e479f8fd63398981b

SHA256
aac7eace46dd705a94a187729a0ea8b921b9f04f6b83fac264a4dfb0e657aef1

SHA512
3e596852680635bb818bcc0a4ae54999f352928ed9ff16e0826a0c9aced1ad908b353feefc0079913645bc5df431e658b98b2a7e5732ead9338d53e12edb5cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7453d8d80bc59aec181b4635baa4a0ae

SHA1
7525e454f5cb832a164785cebd3b36abac0bba67

SHA256
b80dc3fe2498cd98ac204450d0a213daba6046a939d0042d4fef8c3d6b2e6f63

SHA512
875044c2f85901807e7593d94377c4892cc4acb15698e210fbd94e2ffcb5fc918a8acec8e975c507866292a3ed744d2a6f24eb8bfc4af487b2def5086f221338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
88f1a4453015a6c8f3a2f1602ddf4c3f

SHA1
e585412e594f414259b711e1a61a95c3311b8611

SHA256
8c200a9c5e2bab69f45bfc44529ae3090e1ce0478f3606ce048d02cf2f0a5fc4

SHA512
236276f20ca2395c1ba5eb90e6e14d5a3d4a42a8068f6db9a8ee50bb744e427ad465514810116443abfb8c2f5a3590323f0656f84c70fe4fdea24ad0baa0e2f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b34ea6db9286f6a1de96930a3c6c26b

SHA1
8ea213851ba6037453e739c5bb4eea6af083d45c

SHA256
8624faf8a3c83af238e4f183ff4b966ed0a943350cd4217d8750ad9e7fc0cc59

SHA512
bcba4ea72725a393e783ab3b13f7144a8db237cbfc8e7274c999028b9864f3be6abd4fb1d3aaa952ad97603e407fc3663050ecbd2ee6e16c6c873178c1202e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
a6b7032b73481036ea61cd30e523c833

SHA1
775b0d5ce950434d0fb4bf65747691376db91510

SHA256
97c419f8cde56ee053ae721766d13f0d997f30a16e969ec838c7e0a243f3d8be

SHA512
23f87e252a4182e166f43189a8079cdee6dfa2f06608ffa0e40129d575343021adecb2f7512c074a946a79f4dd0826581582f4630f436c37022be384c5edfa83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6616ea0bcb4109add67603d5d81f295b

SHA1
62b2cb9e40a394e32ed309433b54410ccc617e3f

SHA256
16b7fd4d5054713bc1fc47417714ae8705854d02431d619467b6dbd9f5d11b57

SHA512
342cfd27308c27455ba063efed5858fd633a4bec6dce4deff39de031966fa8eb2492bd008598ff4eae5cda501980ae5d29a62f1aed632cc82f7f6ee2f70911e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cb6fb20d4c9449104f865ae10e00f3ee

SHA1
e7d12d76bd1b7dfac2d4aee10f4097a5bc43799b

SHA256
98fbb777ccf7cdb9946673cbb58983d8ee4e194fdad8e1e5146c071b37bf7ea5

SHA512
b11aa40cd3bab575aa0716a7b0d3b93ec1f84e62afd6483b894b5850f5ea835e59b8e27c16470a8d8995561d3e191ecdd714e1641b5dc60b2909bc64048d2fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a1298b0f542e0e04d66c441d08d3945c

SHA1
44212ece2eccc085e9db708e6a6f68a49671b0fa

SHA256
7827a28eedf4d5dc4b4d6f1b5de778ccbaf9adf457692f313c42bcc101663d8e

SHA512
1902ade54e8bf456a14722073fa5d69c3b2034ef393f5be8c49e321a17d18e56e85466d40be5c13510a8840731edc1a3917a660d3f422e3d6d038416c5019b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5457e4b1b56f2c2c83e7e0a1f2232e80

SHA1
c2b32a45d86c09fc7a9e109da1c6306299c4b037

SHA256
08b83993841aa4f72a96d9bfd5f74875ac1b73e4c556746a9286113c75ba9f4b

SHA512
aaeb3afdc8a2363154aa582df3d01268cd419effce1017f2f737a3652fee34b03dd2cf4686b899c6ef8ef8ec835bf6c9b79985e1d3ba3ed00282c021522cbb69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a39e.TMP

Filesize
371B

MD5
d50e0b28b47fff68ae06bf0b07addb48

SHA1
77667568f7fbdd02320dccb91ad17dfe5b38170e

SHA256
8af6786314591b9dd7fab99a31deb11f503ba769fd7a966370ef1da36f0a3a55

SHA512
abde98800dea69808060aad6b26195ebffbb31e1e67fc17a7144a9438d619e12492183f130b4df04a702129149f14826db0eada231ead1398a46382a959ecca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6bde1c83e0d64420fc745b0efea67527

SHA1
e37d36dfaf6c39fa93142f9a6d5410db0ee111c3

SHA256
e5311b23a36745e2b5de6b1cfe592e313a33326f2fa4940c85d345f490cc3bcd

SHA512
a5ae7607c07632aafec07decd41aa01eefb157326f76a44c9df1a32bd0474b0488f615f168de7b678876299c2edc264a805e9d521c485bdb515c53d43f9592a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
adb83e1c0a62215af71620bab423f7bd

SHA1
88ad11b7ef8b2e0d6a25dd168f0e1dfaa9000ba4

SHA256
5f82e1389b6a58c0f603ec9b8734821e13a85b390294a28be41189c3a2791cf4

SHA512
d6674776fe69e365ada3873c632179503dcc5e3ad8dace1b709f8db8a2e0d0367ce43453679a2a81b6be71af0c549416e9f90d1be4cf46aed4298b69f2837858

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit