hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

10-07-2024 20:43

240710-zhp35s1fna 10

10-07-2024 20:40

240710-zfyx9s1eng 6

10-07-2024 20:37

240710-zekn9a1ejd 7

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
25	camo.githubusercontent.com
27	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
652	msedge.exe
652	msedge.exe
1820	msedge.exe
1820	msedge.exe
4708	identity_helper.exe
4708	identity_helper.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1768	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1768	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 4272	1820	msedge.exe	83
PID 1820 wrote to memory of 4272	1820	msedge.exe	83
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 1300	1820	msedge.exe	85
PID 1820 wrote to memory of 652	1820	msedge.exe	86
PID 1820 wrote to memory of 652	1820	msedge.exe	86
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87
PID 1820 wrote to memory of 4112	1820	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1bd346f8,0x7ffc1bd34708,0x7ffc1bd34718
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2360 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1121267574988172932,6749592645656523274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b45ff2e53e00de89fd7eeae98dfc7e29

SHA1
8f864f5ad14079ca2a583849262145f41da69908

SHA256
7bc35d2d0b263e97d8e0f4be68b06665821d62890e3d09e3197abfb53b57fadb

SHA512
360334f7bf82f513bb893dcaef440a3c1cea1369a13b8cff967b2ce0cc8f79cb53a9be0f4d4ac365005110c0f2881c642d5558fef99aeb022f92670bf904d5a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
452c30aa03e18e09499f9e43cac600f2

SHA1
f2a270c6b0d133ba26b8c564369a5afa150986a7

SHA256
22ca19e279388f73e83f3cf24b3fbe5073d69d8813095412730a08b5ee16bbf4

SHA512
4a6c26cbbc913405eb0050a5f359ef9f2f5f44e63d239a3d642fb8f5fe659e6671e84e0237f92b629c8ff9de17ec9fd35690f1196eec86efe2903780b00ead0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9eb099e747f5d5dc5dc6916680e306aa

SHA1
a1b8e297d6e0a29ea5428b004484ae92b6cb9095

SHA256
cb91cce366bec6d00f286ef08b0283b1259c7eb65f0d29b329e35bdef7c11e9c

SHA512
13a98067fe03b4aaaa66d6cb11a55bf561824551c6636673235b4c858e2a3d6135b71a137df7dc3468e91e1eeabe6a2bfc730c313d16da760b58d75986874340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
82f3219b701e082d65fc2dd73d334e54

SHA1
63f5b207aac7cc3837c7bea9ca74654e2c87153f

SHA256
838ee808ead594d48bafcbc2141dfabb98ee64dac35e2fa3d05eea9fdc9bfc6d

SHA512
1d9c9b9d275ac3514a3c3131828458702af6d6f8d3c6f764675166e1f6a433d7135389ca4aec69a79b0c76b55235a19a1512804683f9c387ecb67c2e480d54b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
52d235dd96ab8f8774c9d9ab26453953

SHA1
a14f74ae809cd481ee0225a6a09aa93966dfc785

SHA256
ed5933fa1f49400722a6eda1f2b066517746b1d63f35822cbff5d3a7b2133fe8

SHA512
777199c134993464a31098a7d7908af6e21967b70a9a50d55b037fb638d743bdc60ff2c2972e76fdf492ecd39ca08243bdbf82f72e993190f84ba9b49c280b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c0fb3d7f6f9438ef2895ca232b9497e1

SHA1
07c432258dcc7cfa55b3fdd6cf78f9d200c394f2

SHA256
dbc1405fd21cecc06b13be8ea6f5ef679b899509890eac444c85a4f454e17870

SHA512
02a73b9e3117ed438fb6dcb14c3d149f35160084a873191b8f65a75631c731d2ae779556da5cce9323b3a4601eff2b71599dfb30e342d5064cf1b22f93620b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b3acbf44514b5bb63c79609c3bbd26f0

SHA1
4316beeefc68780697dd94d000e91415a3ed56d0

SHA256
f2041eef72aaf3112cfb601e8b9824fbe96d3811742f2f33abfa537d2bedb5d4

SHA512
d41603f6a5433106d50b139aca493ce25ce4cbf0a16c556d66bafc9934731dcf4085ca311e94ffc1e342b56b3df7268e088559718a1e80823f3a4218f7d0ff7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581d09.TMP

Filesize
48B

MD5
7f6e049025172ead207a369953f3ef21

SHA1
89445fb0757a76185bee5e0d85ea215cb012ecf1

SHA256
12c3e117354fc735c5d5d249408c1fc44b1da612ca3f7b69e72b7dc5aa603da0

SHA512
2a9f12c142140dcc740548b63cef7d3154aeebbb533a6831f60002c9f9002e8bb940002293aceb441db389f33f7182bb534f74c03cbb3d23a2edfb2503e33832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c7d727d709cf175382f837079b2d2385

SHA1
fcdd6f72b9a0336d808ae1ad485cca9ea9ca7ef3

SHA256
95bf0272c4512b674e7d39537203416b88bbe3a926d03006e9333e839e23929b

SHA512
673c7e7fa27212fd2d1d842577e3b83248bc7f03377e07a396f16e4dd7f5b0d6e17b2491d3c9e906843923fbdb7b3d0cde45a1b8bc9a61893c47195bdb89d8c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e388d36603a0273f23d0d2c9cf56e071

SHA1
68fc6be85004f89b20fb6f6e10d191e0b64236ae

SHA256
ede0436cac1b2d1888bd44e4900ece8cf1c19b889064a6be163279e66103fca7

SHA512
2d2c91f5b31c66db898cd51690f8f4b17e71dec7e588eee516cbe6af71b1d31ac2ace298b192acf72d634c96bacad8909ac82c8f58dd524683cb5d240ad074f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f4df.TMP

Filesize
1KB

MD5
88e8252cfa960eeed1a9601ddd87f7db

SHA1
b1cd07168b6485f47cb776354431b3aa61916921

SHA256
00e83bda43836662b5ebcefac1ab3174cd9f5b5e29e8dc256e060e4046508327

SHA512
227f0a7af8fda3f917fc17760e54e95eaeac47c54ceec16d84a19e552321e9494ab52cf0c950b82bb42c1225d5f2af6dcf6e53597e92f9f90ab9ac6157fe47b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
df7655b3c9c5c96247a27d85b2463caf

SHA1
ccc3e0571406fc9ea0fbfae97aad4d6fb11af457

SHA256
7f3d9be8cfb08fdb85a56c009b6528c3893b33735dc98f5e5ac884aae38bd9ad

SHA512
1826d387b519abaae07c536b957ea8b91dacf86070144753c5aa54dd86afff4157175bd7d0d08c0f1a3d2e0613610cf17434e629f9c3e1aec29cdd99dd72913a

Download Submit