hxxps://web[.]archive[.]org/web/20240526123332/hxxps://github[.]com/iMAboud/iMSteam[.]git

Analysis

max time kernel
1150s
max time network
1151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 14:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://web.archive.org/web/20240526123332/https://github.com/iMAboud/iMSteam.git

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
2272	msedge.exe
2272	msedge.exe
396	identity_helper.exe
396	identity_helper.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 376	2272	msedge.exe	83
PID 2272 wrote to memory of 376	2272	msedge.exe	83
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 4772	2272	msedge.exe	84
PID 2272 wrote to memory of 1572	2272	msedge.exe	85
PID 2272 wrote to memory of 1572	2272	msedge.exe	85
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86
PID 2272 wrote to memory of 3672	2272	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://web.archive.org/web/20240526123332/https://github.com/iMAboud/iMSteam.git
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc833d46f8,0x7ffc833d4708,0x7ffc833d4718
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,4055653691285616219,461653514245395161,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3480 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
67KB

MD5
958e72d173944595320c1377b3015e44

SHA1
ba650126f7d4e739dd399fe8e2ab9939df2e359d

SHA256
0f26af205e088a2d95b5bf8a01905d6beca0acaedca901c6dfab31dfa114ac0b

SHA512
684a460c6f17bfc866d5d3ddd8486f068bb48ddebcc08c99a8117658a9a562fa4e982cd3ea64dcaca2336cd670d058d4be49de477cfe56b7db02014bdef00acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
32KB

MD5
079e3363167b218847b22f9673e10065

SHA1
78cb4a2388583b540b08317e716e0b725f968a95

SHA256
8bd32a62b359262ea0a9aa60a7dbd4a58c228fe66d1b8a66fb84cf9318802e30

SHA512
9344a00626ea46e75775de0b0f660d15ca12d286268b966d7d976d1d7d83c168445b83bfc4f4ef69b6528cb66ba01c5ae88b319286d88ba3d8ccbab8b87ee39e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4b76917d7bdd9dc58066ef0611e6f5ec

SHA1
26fe3cabadfa617ac290f5f1e32bbd99a51d2308

SHA256
da6079b5b399b97c5c5533f8db2f907052d8fa0bdde7c9e6c9197780b231e0ab

SHA512
97e288f6fd414504d08f00fdc5ed37a4867904be71f23d574f61d97c12eaba4947b44f26584da57c657c277da7973031b01cf6abc5e981d6613926d82e8d938d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4678021583d5a33f8230a91ed52c638f

SHA1
d2136641d20b3228005adecf875cc88c8dca05d2

SHA256
08d925361328bf253d4fc6e03a06960f3512739d0b9dd4a2bd37578e2bc4473c

SHA512
7c20f6d349e02c1a6651e14b45d9aa99d8daa3364e2d912f8b143316650883ca83d3cb08b5e886eac506b337c39b1c749a9224f5895472fdbc8dfacbf6b0a0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e216ec5220736e946b67b7f14e358468

SHA1
a4ab7c4034a27a5f26dde4ca7a3215dedd90c0cf

SHA256
f26ff494e93e74f779ec7fc71e4cffdd0a54d73fb39993e7bb21f10a7d32ea47

SHA512
89158492158513fb4ae3199428aefceaf0002f5b7c6acbd66cb590a23cba28266ab6418f5085537b9b063dfb966e5d66c5414ab170703ca910c08b3b1cbe9e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
da3fc2e1f0b8d8a2daa2e114748f50d0

SHA1
3ba7bcea52c7435efaf44825f3915b4ee9a65794

SHA256
873bff41935f22fc034a192f3e7c258fceffb19beeacdba0f52a7083984a33f5

SHA512
1b18636152d89e5f691e09f8ee67e1d821acc79e4a5eb73306023818de89adb5aa6675a6bde76b49dd2cf69bfba85dbfd4e3f2cc9cad1d63faa17abfe548a6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
625B

MD5
940e798aaca9349d33b27c16a3ce7eed

SHA1
cd6aed0640064a04e08add1e12c2e2876ce54a4d

SHA256
682da91287cb8770fa88bf55b463ae7065bcf39c159a480555a86152da153b37

SHA512
995b02c2a2dbd738d78d71a2d70f51365110c176bcce61f117072a35fee8188781a9d1b3700f1d451b49c3bd0383b00da946a3b8236988301cc4e414ef268d84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
625B

MD5
3836328302e91f4a60bbb5256bb7b097

SHA1
0ebd93c7a8641a1097002b349c6159dd180104c5

SHA256
00200a022a6d79582975576b8f0aff399ea8900292c91b0ea9bebffe4fb70860

SHA512
e968a203716c3ab3c4ef7b860e15768682f27632ee4de282b4e327bbbb994e25ed8d6ffd9685046038165bc7a0d719d52b04866e88e630a91c1a55daa8416dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56c42311d4677e30fd1ddab63de80665

SHA1
21e047c28fc4c90a5c0e0333d6fea743ad05e852

SHA256
3d26a4e98bc565ca637601f41f077731551c9e4ae81b830616435f74d81ad157

SHA512
0501bbc8de40a0ba3bfb527b2debbb1fac3a9980a8fd00044205c6fb3b3155b0d681ed12480c73489cbbd86b4da3915e05b000bf5dd53fdf04576656d943d099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f54ac0683d2a4e8f933334b4824c24ef

SHA1
c60b374600a56a51b36944640c81ad4df502344b

SHA256
4c4da92f4031dd6244da3940517ef629f99c5d7c59ea2f59cd882d67b87bbed5

SHA512
932720749ac63f1392199f3b5857168f46a315c7c3bac877430660ea91a95a23d34f296b106f1246cd7ee7dbebdff59ea315b9262b81a963f5b180a635cfa197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6af93b3183e9f04187a0cc74982060b0

SHA1
5579c829b174f5c04915642373d08f8e7e602d9c

SHA256
5324e7f75f264bc6f9ef9714b27a67f02213d06bddb259848d46bd0b4631d3ed

SHA512
355b5dab5dcda1fc0df7cba4b20501ea35387e20459c1efcabddd45199ed107484f9d8f489b0cfa2d4c9b62b730cdde2adc78ee3238aa4c011ae0dfb709b5dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14a1ab7647170fb1725572d927e0ad8c

SHA1
acef3e578c9bd68a26b6d192df2e0bb446b6c99b

SHA256
51b302d4654e86d135a31c92d986334dbbc8b14e87e316b24ec70ec218bf82e0

SHA512
ef0e2fd6251634a50dd3c0705d6bed6421731317bb40801b17bff1b96c4aea8d4ba19685f7149a751dc961f3b275c6e3b204e307a47114dd13fec78360de137c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fbeaa937a5e1daed633110ed323f2068

SHA1
5da647859c5ed9b2eef552f0bb6b66fa6dff3a57

SHA256
05c2267691686ab88a5c99b80cc767f856cff05a0764de8c03959aeed46f50e7

SHA512
478030c206eaa80b6fb30b203061ef172263ccbda4c3fe38d2ae4d161e3e166ee5b1dcca659404ed91a1d5686fa9d2cbf92ad4bad6952d9fe8c23020db21fb01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65daf9836bf35681df17826ee5ba7a8e

SHA1
e8038d775b3d70f23970bb24bf859428fa07e8d4

SHA256
48c51c9c8ad1919d2186189e031105de6a0ffe15647a8c6caff6f2c64f4a1cb7

SHA512
0fc7140622c0a16f8597cb4e1f81c2a6069cb8242f9baf7dcc5c8659fb21590d58063c0bb019c065846210175d1ad4a282c9d764baf5763f48bf1876b600749f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f88773674f325e62deeeb7ae8401396

SHA1
8a139533c78b4858de65bab03dea3097532c6c34

SHA256
f68962ab59e593faff20bcc78256495f6465ec7144d3391226968a3ba17b7541

SHA512
08ee7fa206111b4269ac0ba054230bbdafd14100fc2e9fddbb0b3e0fa00ba39ae56ef2d1e1ff7f828d56af2f34cd2fa4ae4802d58c6cd04414757385ac15ccc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
807040d3e568f99823dba98bc231aeb5

SHA1
dee1fd3071b173071bbe9dc460e716bf91a14385

SHA256
a97c9e6ca5f902431980b926530b2cd5994792b093aca9664c63bddd331610a3

SHA512
22736ddc7c91e4b14c494cd626eb3a3387108833b727ad286f5c6ae4b8613882bb099107d8e301d691f95715b00ca699bdd0f18b144eb051971ace86b8fb57ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
5dd56e26e9c9e4d310deeb32b37922fb

SHA1
e60b1ff00da0228acb3c4e75d3c92487f4a4b353

SHA256
6fe2f9dcf8a1315c341c06871df323589a624f5eacfd9046fa4e1959aad7c8ff

SHA512
f4bfea0e32c36c32efae6c1dc834b7ebffdf890ccf8442cbd52cce12bb28324d7afc94d71aaa5b0da8d5cd6a65300683cb49b91706e83097e0f659791a4b51b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
e3774a9f44c636fe79ac8c9b13144a4e

SHA1
647945908ea860e723ae64e467d776a556845046

SHA256
fa82abe3570a930c2f8322284418aad7c3ea7a8b3ce255cf2f9709a7c66541f8

SHA512
a05cb64d9691877ed239c91695f8a137f5dd59c0078cc099b0b1b40714287ca1da22ac2ef4c4c66a9545ac6757493ca186af2fa9842260d7a25dad8830a3ea23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
e56916435b6e818cfbb8e0b2c16b1202

SHA1
270280e515212d44fd8c938f358939263fa9c2be

SHA256
6197ba5132f94ee007a11a470abedb2798e9dd36347b47552318bd52092d10de

SHA512
28913ee86e8fb149bdf25e10f812c4450615e82ada4f929bbd45cdfe02ae7b98126df26602755c0ace903aa7ae17c8bc3d04bcd738a9a20ed0a98846e0453ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
f895d8c6cb61ecee6d778787ec265e39

SHA1
b058fc05e95b0bcfda32b19b70a8e8c554ca0f1b

SHA256
de7ff8d545da993bde4a6c6447389239e08aa895bad60ccd68bd4192912f1159

SHA512
a3bdf2e1aadbee88dcd1a7306625f19b05be54979c04a98d7bd55e4ac3db276e39d8cde4b41490bc797ce47d28941a609a9547ac1dec3109ec895c3473fca3d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
996d5ddbd188dfcc10f9b0c9908ef5b6

SHA1
84039a62dfd3df96ac6e516bcdedbafadd05dd23

SHA256
9d09fa579e7b26f45c9fb82d392cab611bb837167558efa1ecb33d26c0cf38f4

SHA512
28e637bd875ff603dcd83e714bf3507371b19f2b24e7e9270b1d3201315299cc4b6e81ee3dfc87c692f76957fecbbecc007041c4ca57a8e8e994c278920e5d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
58ea19bab51670394bcf5394b5346c7b

SHA1
4933c9f897b72710d9e2fa1e69bd34a63fd650d4

SHA256
8d4bf2ce59e4345cb2bc3031a7a428e4de15a50e795bdf9136fb9bcbce90a20d

SHA512
8281319b62a4e121278813f069a9f833f0863adc52d6760253b96a3cc2344f00e04c6b5ffa9998705a69356ea9ad1ea77ce390591e67b6ed5e1db5a70d215198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
0a33bf568dbc04405edc2b7c4fe882ae

SHA1
4c4e586940b533ddb66a61ec915a3b4b788af30a

SHA256
1bc613b383fa338ddb41b0b57be6af215aa26304854c75bd75134bdd6f1dd2ac

SHA512
e09ec793f3ea333d4c96e7d0b374ec2262598e2735af4b576e8a8d0a1e9f42a05489f2dd6403a73d1ea5201d5072d8c09eb291b3f3e5c91d8779d59f2843bb5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582d64.TMP

Filesize
372B

MD5
d6ac8f6793bc117d838880f6c7eadc32

SHA1
4e1680c494458aaf9c816395241c90b7e6ec63b9

SHA256
81f2889b0fb897755d9d7b742c9f2075e7218de10714156672fd71314f19a3aa

SHA512
3181157931e0afc6862420ab3f6e6743c0e6deb127db687b05b3126642c579a69bd4afa00d882a934b8f23a187dcfcc6cfb00ef989e152682d53e2cfc82fe92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\86f4be39-7601-408d-8ab6-f14a18436249\2

Filesize
3.3MB

MD5
ba405712b57857dfe0e59b4e57e4f472

SHA1
bcdba6e264bff98dd661287c67dccf5f209b6db7

SHA256
d18a7cb4cf0c25815e168bd06dcb303872e34edeb2121be34a203f385c66878c

SHA512
a6aa7c82bc83763e93822d4f029190c1a87615ebd1bb7fb02f1bd9f7ad8d32f7616be7b316c9282754dec5ff521cd2ae8c6bcd2965dc2f069852d1e745c1e693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b92bbda32525bebc7b93c891d4db2d39

SHA1
e08bdcac5b42127eab09ec0b35c1999d8f771aea

SHA256
16f3c5cb282d57ca1acfa50e67e2d6d242d67f9b12c2473cc38bcbe9aec05c3b

SHA512
590a25773e561be6ac3086720e83800899334766144dfef743b3bab992244f5b39df118cd532b07bfdca0532aa82c5c08774149135d6af262308b6657b1d0d31

Download Submit