hxxps://myth[.]rip/26ot

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 08:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://myth.rip/26ot

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
42	discord.com
43	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{09222D35-35F7-4E9E-963C-0709055B7458}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2608	msedge.exe
2608	msedge.exe
2420	msedge.exe
2420	msedge.exe
1812	identity_helper.exe
1812	identity_helper.exe
1192	msedge.exe
1192	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3108	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3108	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2984	2420	msedge.exe	84
PID 2420 wrote to memory of 2984	2420	msedge.exe	84
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 4656	2420	msedge.exe	85
PID 2420 wrote to memory of 2608	2420	msedge.exe	86
PID 2420 wrote to memory of 2608	2420	msedge.exe	86
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87
PID 2420 wrote to memory of 2772	2420	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://myth.rip/26ot
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0aa346f8,0x7ffa0aa34708,0x7ffa0aa34718
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10740417334439277562,17263528625380528342,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x48c 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
102KB

MD5
24ff971d63e6c145042aa018e001257e

SHA1
a1f59de0e93ae5735457cf7a15d5b17d650e138d

SHA256
deba535ee5c1b64e6378262cd79747dad46811160112ddd019b34c3d41d585c8

SHA512
1ae0b6ddeec180aa4816878853f8440e214bd1c7e8c0b49618f212e04494f729222fdf21eba7e07016a63500d7adab33931f4bfe55a5f5a5a1c5e5d50ab1034b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
44be4644207421193de50e6b100189a9

SHA1
282b04bc42852e5dd142d1b1a5e1173c18b44e43

SHA256
854903040d5b7910ba3ab526f42276752ed175b812a205f0fc28885a0e92ea3f

SHA512
73978a03a4c9f3603ad6dbf650c706ddd2ccce1fc7808b0e83191c147cf8779c2f29947fc85d51f6884d90cd7c0d11145d711fa00ea1dbe9d34c18a7f032b041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
60540687d8a75e9fa30f6179cfd7f3c1

SHA1
764e8cf00d0391325be5a8884ef5be0ada478ac2

SHA256
927444d4ea39ddde59dca9f25e4dd541057a0b7cff8a3842437799f98d51f5fd

SHA512
18d708773513577413c97d747c6e19ec3e219a5255b0072fb3627868c03e02ce93f9cafbe4016f66f5ea4882d31adf286021011e189a9d36d3f122ce22c8c4e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
980B

MD5
49c54f30fa3f1b5241fd9a4a568aaccd

SHA1
b5eab4ddbc5097fba1567d19b01fd421cde66fe4

SHA256
0e940d5102ed732f199d4fc141ba7a430d41c4c018790688b417387f37c1a3da

SHA512
1dc51b24f64362ae725af2ed7faf1778bf682b199d8d13d0f5bbe9c18349474d57492d7a34942f95a08797136dd84d7f9cd8a09c00e2d2648dc41e567281748a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
531912d8e1b67a8d9c0a4cf503b2b9c1

SHA1
e6db229fd6ea95bd794b806167bede0527f0a934

SHA256
42eb3e8b6e24c528565dc49e11802d9528664d39b2de5188ea16d2740f24cd1e

SHA512
ca719c0e5a404089b770452dcff1b6429a43c2a3543a15d66fdf7776c790129213ecceea85018b3b001171210958e23de18104312a65c7271d8a7e84c99deb14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1efd48a90aa8feb19e692d8cec6352ad

SHA1
51d8028b2544969fc155a69c6eb72dd73b7bc5f8

SHA256
cda3635a161de28610e45181ae09d44893c8a64273c70798996d9d993358566b

SHA512
549260df4804e3d05caa5335209e2ea0c4e7e242e467d7a5ece7facf6255816ba42d07b93e33f0583e3a84ba27ac8be22e0ccb7c815a47f8f0c054b8aa9f0d92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5747f471ebb7e92b4415d3d222c4611e

SHA1
16cebcc21c4ec3a267a4ae00da8490e2a3ff59f4

SHA256
9af1e083b4c04ab3d6a0389fbfe9ffaf3872a0da4aa1546edf210af9eed626cd

SHA512
8c3eb08a04ca66689a35268e99d36718974b6fa96903e50ffbb0d10edcec5eba94f14f0b158c1b73cf166f3977082b0e02b08645bc58e8a6bbcf73e0fa049e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
68493e28fe3f97442bf87831eded7a87

SHA1
dc2ff9dc1369cc8cdf959de080b71a643a974ac3

SHA256
37bac9bba176a893082919a55a4b6093f047dd960b39d718acdc19d65fc876c1

SHA512
c914eefb0fdbc64e4bfe091847324a640cd96a4cb8e2e13354a1c9a649b1c02e9e7426039c28756dba6ec3c7a58704f093acd2fbc05c025bd612870352d2cddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
da2dab873771a33db50261711ca06d18

SHA1
ad7909042631d0da8321b6685d9b19521258d48f

SHA256
6f7c08087902cc658879ad0cb5c3fbe45ee4b887e42936805222b39b8f06f09d

SHA512
4d5ea18add0cfe24f16a9584e672bfe5cbb63914a774032f015111b6a9aa9a1e04840c85521177d9762e38315db41cfef2dfb2a6e0202540b4c42c0d5491dcda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c815ea7c62632f4b1354ee80bc6ad6d7

SHA1
6723a6e2db9e048fcf2e4cf9c217920c4c589817

SHA256
905923d97290e06c179a46e812b23efba363f80589ea3af311fc00c857e630e1

SHA512
2d8cee67b681d9d92b7aed58033978486df249463e00caa945bfc840926b1b275b7c4dd89f2403beab73d5dda7862a7cf74910443f80f2c0827d53720d997276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582025.TMP

Filesize
370B

MD5
485b26826fa6650104dc536a6febc4c4

SHA1
591575603a85db7db6a923246089bf5c2f4676d1

SHA256
2591350f5e9cf41dac6353af44e2db870e20a6786fb304eccb3b4ab060c068b6

SHA512
a254c5d8e65981475909c4e99c8caabf2cfc05d75f5c7262ba6c232cb5654aa82a3616ffa858ea6ae2d547c10e6e00ce91fd878ab0b6e3bd3c095074fc48cc28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
12950f4f9658a0cbec53a63d293aa399

SHA1
b422f1dcc3502fbcb915d9d749620750fcc3e390

SHA256
47d72163d1106ca3fab6305894a331f345aebaa119c4453ed17bef4122765883

SHA512
0d800c774e3d0d533352193c8a144493ef2a9efbcb32e8d6310376ae767d8dcf45325550c283fb07d6cfc6fc2462350eb2658742285c9b148e51e6cc72e564ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit