hxxp://github | Triage

Analysis

max time kernel
63s
max time network
65s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14-08-2024 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://github

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2092	msedge.exe
2092	msedge.exe
1532	identity_helper.exe
1532	identity_helper.exe
1660	msedge.exe
1660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 1892	2092	msedge.exe	81
PID 2092 wrote to memory of 1892	2092	msedge.exe	81
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2664	2092	msedge.exe	82
PID 2092 wrote to memory of 2496	2092	msedge.exe	83
PID 2092 wrote to memory of 2496	2092	msedge.exe	83
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84
PID 2092 wrote to memory of 416	2092	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://github
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbebf13cb8,0x7ffbebf13cc8,0x7ffbebf13cd8
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5459065575744123793,2202895359041367645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:2040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db1dacae9540e883ae83489b18cfc326

SHA1
ec3b68e635d8ce3bdafe258bca5187536d43065b

SHA256
3427a8a3b4868bd25a231ee8fe0ebada0b3474f2d8dc0fdd01a8931a8700a37f

SHA512
2e40df3bd1a045c69173f1a169b7080163de8f62a44d41d46c28f1643943657c532caa72f65b44a2175f976fdfd3d8328d989e011730aa851aecbcf02dde4a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04aa3f476e468ef3c0866e8dedd8f6e4

SHA1
1e9fa8fd586c03447a4c5b4cee261900e9f464ae

SHA256
87b74207d65f6745b38a19dce13336ee839fb4d7929fce446c3d1177aa80c42a

SHA512
7d860bbe9c847ea0b60f210860d865f1e936aa2210a6f9aa87e9fd72f992a022ecb9a1827212eb9b97dd7798540770f55c67362714d90d0bfd080ad1e5e7aaa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
41KB

MD5
c79d8ef4fd2431bf9ce5fdee0b7a44bf

SHA1
ac642399b6b3bf30fe09c17e55ecbbb5774029ff

SHA256
535e28032abf1bac763bffd0ba968561265026803eb688d3cb0550ad9af1a0e8

SHA512
6b35d8b0d3e7f1821bfaeae337364ed8186085fa50ee2b368d205489a004cb46879efb2c400caf24ba6856625fe7ee1a71c72d2598c18044813ecde431054fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
27KB

MD5
8de866cab64192dd7f4bb56b8b6333ac

SHA1
cb42b7159d94b747d11692799159bdf8205db9d9

SHA256
320ed62a01f39e3b21685bf961e4b7cf7bc250a6e76d0a458ca9fb89793dc4b8

SHA512
3b32c0aa32a2ef67842f93d2982aabd35a7706aec6bd9b3d363ca0d8387122d31dcadb1afd60c5b762a8ca16b20eebb9252710f75c239338ea7af2f32a0ee7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a027e9f43b7e245bb80ff8cb95ca174c

SHA1
9887418c2054a215a9366c47d1e13f90e332eb85

SHA256
8b20d5d8ba85b0b48467e4450c363b0492a15b10d9ba712e30578f83e362f842

SHA512
60e18b26406b04d172cb8c0003c8cace9e667f021ea69b02d84799c9947795a3389e5c408f9486a75cc1f1aa7e11bb163ff2dd378575e37a8ff3013ec8fdffa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0ce7539f479c6a55422b56856fcd736a

SHA1
214b3cc46d1613a1348163eb92b2bca859741c37

SHA256
647766e19acecb77774961d4cfed7a14f7528d65b7b01a44b40c260900d1a1bc

SHA512
ed864b2e44b0950610aa9fd434070cf6c583f87bf0ac0c14e87390c38951965b3702ddcbae9babe38ce57e6716a025c27a1f4aca09f1a27201d415ef49d1eb4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8199b538c014d49373162bdbb90a00b6

SHA1
f69b9735bc3377b4d5653eff7a2421652d645bdd

SHA256
7f458deee8bb36fd1e397713d73fa7a00968283bd3220a3e6d4cf410d1535cc7

SHA512
537522c1031cbaa8a2551a469f8b6bfd5e8fb650ab9090b2bb7e755ca4f81ca62bff8f08a30f110ae791a2f42e9d96fe95f0f9f65280d4626725438a9061d5f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd722cab9f0ba03005c8ea5aa522f644

SHA1
cb6c85c101472ff1662d58cdf20f815d67c47436

SHA256
4611f977db818c2926ff73a9b35447b8fd5b7c4e6602a5c8cb6e836e64f5884c

SHA512
badf9080902b1fd339d1fa7552e1bdf711a0449cb7cd8a74a749a3bfb37bff7a29c6e3f4742268328a624e46b21d82b40a2624f9328d9c4652818be57b45009d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f0e6ad033573bede446352aecf2e6468

SHA1
23d769281d5c3891d156293eb5fec3cd3e474aa9

SHA256
874a1c7126ee1fdeb3609c89922ec63ddc3c9397e623455d6d7879f3b56ecec8

SHA512
38f3a90b33efea37eeed8825f0eab6b4155b1292ea68f217da3320c89a14f17a4b924520a47d05b5921e9adc7cee551a4e49781532a09b72873ecf6fc33698fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d909e672ef79c04cee32a43c4d6233e9

SHA1
59fd58faa9dbc9ead546c0f54d90aaa2caf84d1c

SHA256
6d26376874849c51f9a0c80b8d149658651ed2a8e56e571f3ea368b24e58e02f

SHA512
62e6406f00d7bff50e041b19af65152c488243f983ed291a0e860ef41bcbe5803040f32f29b9ba7f5d5c821828d17286e1568b6f8104f2aeb5a16adb8415c4ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
a34680f8b1266e2832acacdd5974cb48

SHA1
8ed0a05cd9bb03b4990ba77cc79662cacb1e9700

SHA256
cebd372ccf5372c18ce3b746cd8dff2d0e01ec59542d1b3079887f9a8d1d1c21

SHA512
6e4739b7489525c9979dd92f7c480d9574b4215aa92f65edee6e5db9aaf555d9c0ba578d6b6ad92c839648060157967e97a16fdb9d66ce173db6f7c82dd8562d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
316aacc0e910f95f280fd5556da419ff

SHA1
3d44030f4d060e14420facc8eea6b7853a128943

SHA256
77e4cbb0ac0a685f3fef571d32f7f19cc5b427e867c15c163cf81681da2d237b

SHA512
ebea55116515e7b25b8f8556bb664c445990b0bd557bd0e85aceedb174a85f9bef203b53c022259f97f2712dff572bbef4d0cc18b15759f2ff721c2d5baa81fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
6f23a841e931f7b4f3992f3972ddc72a

SHA1
d1781b8e0939f9fa181ffbac641a2cd68d1adfec

SHA256
d75b38ec8c6035695bdd657cdeb057e2bee1c72d0b43310ac59b3cb484fb01a3

SHA512
8d5c91a97256981821779ac2b6fa4cab973f1a0b1ea0b052964640d62876eb6ac966778f53569ab38980b3552ecea44dff582fb2cdaa20a62b881d94aeb351c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581345.TMP

Filesize
538B

MD5
b4ea7d82bd52785b656453b455d981ff

SHA1
3a01e4449574b0ef2684919aefa58ecb258852ed

SHA256
276e0cb86d2dda4234ee517b96339f2562967213c154212fa0e40e58d1e41fd0

SHA512
a6a7d22d90f264292379cbb5716ba48e209ef3b4bd4a59ecaaea33de16664504eeafc1ed63cc388bdeaadcf176dbe5fc51803567c41b37a34c5dbcd9444d31a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fe00e8f17ca28f7e1bf6908e6968fe14

SHA1
facca8b97d777508f087f5afe6643e3da5973b7d

SHA256
6da2e44b80ccbe6a3f116159ac84328113f22b12c7c8a414547688b27d2771a9

SHA512
c9a42a7834dc17d2f8ec0a2396b236ab8edc9da679743e1cbd303696ffadffcc441c924a8a3631acf14f75d9f7f25df2e50892e27b00a5eaf98609974033e934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e0ba73b05298462a27063fb4d954555c

SHA1
080ae868fe67050e3fef2d57878fdf1711316150

SHA256
4dc77b0c41c0caee1da6127e5efee349ad9cedb2fe7edac39041413659749820

SHA512
c998adfc48e2ef11aa120e2da7b9dd5310209b4437a5f1bb5952cc6bdb659896517e054384ad1c26b6d96b20d8787861d6473b9b202cd97fb5820dc23a3707dc

Download Submit