hxxps://t[.]me/cloudpass

Analysis

max time kernel
721s
max time network
727s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 13:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://t.me/cloudpass

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
4520	msedge.exe
4520	msedge.exe
1748	identity_helper.exe
1748	identity_helper.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 3480	4520	msedge.exe	83
PID 4520 wrote to memory of 3480	4520	msedge.exe	83
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3628	4520	msedge.exe	84
PID 4520 wrote to memory of 3992	4520	msedge.exe	85
PID 4520 wrote to memory of 3992	4520	msedge.exe	85
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86
PID 4520 wrote to memory of 1520	4520	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/cloudpass
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff600846f8,0x7fff60084708,0x7fff60084718
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2788 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,13118314794997879032,15260443419079855854,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e81c757cdb64c4fd5c91e6ade1a16308

SHA1
19dc7ff5e8551a2b08874131d962b697bb84ad9b

SHA256
82141d451d07bdb68991f33c59129214dd6d3d10158aeb7a1dc81efbc5fb12b3

SHA512
ba8de0b3b04fec5a96d361459dde0941b1b70f5be231fdec94806efa3ecf1e8faf8e27b1800fa606dc4a82e29d4cf5109b94109e5ad242ddf9f4671e2acbcfbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2e57ec8bd99545e47a55d581964d0549

SHA1
bd7055ea7df7696298a94dedfc91136e3b530db8

SHA256
a50ba35608edc2f3360cc71be0d4b29bba0e3382d1f08f24df5322ce2ad2443c

SHA512
6b9b73d983c472149629c842e16e4f7c2f8a0a3bb6dd64837ef647db810ef1beb3a02b15dc1eec2c5de8aee6b3ca195c7d26c432705061c5b0ec7841a5bbf106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
cdc8c52ffcdf15c35f5b60638891829b

SHA1
c00dc1b8da028984cd73cbc9a915f4a7e21921b2

SHA256
dfb7c9e29421dc76a6c87bd70f4e3b086bfc9b82aa4391895f49ea7dcb76b792

SHA512
0f3479064beac1c894ea2bf066f60754d3f316994e60fb49094e7a2c7777cc3f2df1dbcd993c7ab42902d83f61df74891360900d3b2a3b2adc15e2d7ec5d9f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
dff65de084d2045f981ea3f84bdaa81a

SHA1
70ea6eaaa1cef1404a4dcce32aaa589884a816be

SHA256
febcae860e37204bbbdd78169e15b336ca3f791be9c77833a090e049776fc03a

SHA512
e2811d5147b21fa1a8e5ac6fa05ae6ccf93eadade7bb9b8148c371d76f1522ab78e23d16372833f50a2ab5951fba4203050ffff537990059f4c710bd432c90b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
242B

MD5
e384a795d1e597feb0a5bebd13dcde50

SHA1
7ce66637789b61ae163c1de62dc996a99cdef796

SHA256
42a6ef02d02be95231cee980c97d4398ac167e7264a5cf838b3e3a2ad2a3380b

SHA512
36f58ca4b73ed5fdfd9b2557d09203189dc9cb3db29ee9716f89bb75a8f6d1c32cca67e597dfefb3b9074be0a024ba51ff40d8024439ccbb16d17316abc2215c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c071b060c6e4757805d586aad258248d

SHA1
baa3af129daf7013957d6526a8c9854415ff0919

SHA256
9ebd3bc3dce9f261da5868a37c14a6293be8cf39e26de8b348cc1391f37b2671

SHA512
107632ebcfca7cbb02a53acda7e23a9569234e1a50ef4c3dea4af82800ccc7ac951f9ef92977a01b17c08da1cfe07c5a0614be6ce0ad3657a39c41ef9538bbc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4380c8e49bc7cbf4217265ca23c29690

SHA1
3f2c7b6b39f43a93cb69342df0122787649c0c19

SHA256
798e79c5ca8c9adbe7bf185add86c97160f1cad701475f60257b7ddcc24d8280

SHA512
a7a59f528db41891e4b73660361f2ee87aa6d6d3a3d2f9f983ef3513bbf8e21d2a2418e01d602efd9ee1075a0909646f47f1b8b08fa84a3ac56c727e11742a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af45a72792500a382f21b020270d89a3

SHA1
8ce8f70437e808121ad7cd17ace285148cd08ba5

SHA256
5f589f29b7172e0db2ce7744480627c1791c64bbf78ac30c6466ce75a5c87937

SHA512
b31c6f5d8688c979e077dad7111dcc99fb3a637b110eea92718f9f5bb5c708c57aa9e6c4d720354151a7cc2da42fae2aefe3b49400654b69c41e86899c70a23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
7be3050f42b963a7e35321bdb43e187e

SHA1
dbe5679e0c8cc34ca8e16a2fcdde1f9fe62133c8

SHA256
a088809aca2f97a2a13e177f4cc13f8f8e0ea70a95214afb4b0391234fb16ee3

SHA512
0725d7b6245a9620a50268004cd38d59380bff407a0f7d7f819981e78ab0f740d3dbc9d2babe3186d6478b6e9a63ef63cdcaf40897bc7d0fba18c404b53fc910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
82f898a7257f5e2424d017f787b909b2

SHA1
9fa647db6124f6885a7408f27942e61354d76076

SHA256
f9654045ab1bb6fb7040b0a2f35bc736a7f5869cf9f38ab558d06643cc71c475

SHA512
0ff1a6369d76292c710970c5fbb01e8a97941de5c694a6979e879347fca9a8f5720572c2c85f44cbd3736d1952cd14f7d3d5f1c1f7cc9a45c885d39c6b533506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5902a6.TMP

Filesize
371B

MD5
a89d82f6881c5706fe683e06ce51d992

SHA1
32d7b077c7a799871d4d9f0a39334b0cd3cbf1f7

SHA256
3628808f49d5a1a6ef5bdbeebf70f28ee9c47c0d91559834309a62f55d798679

SHA512
74f943602e13ccf46dd9de59179a8c603f16a0afea43cc73bb5c1b10be0625088db4e2d0e3d5714bc923b8b3a657464ca25af0ce1d63a8c6e8f3c777f9d3650a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aa62e470ea578aaca7b149e4354dbae3

SHA1
52089b62d671e7c38925877af7575dca37264e74

SHA256
f0f46977e4c15a24210598349e0d1eb51fdbef6e87a7b88c1866b0fdc3c226cc

SHA512
8937fb54124af0af6ef970a2f91c81be82c4f5e6fa3f78b5b6cfbff7ff2ddf0ad079c3dc387f45a748bf78bc1baf50dbead159cc6fa56f79914b5d6e9243af0b

Download Submit