hxxps://t[.]co/uVA1Li8hDN

Analysis

max time kernel
242s
max time network
244s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.co/uVA1Li8hDN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
2528	msedge.exe
2528	msedge.exe
1008	identity_helper.exe
1008	identity_helper.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 4512	2528	msedge.exe	83
PID 2528 wrote to memory of 4512	2528	msedge.exe	83
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 3320	2528	msedge.exe	84
PID 2528 wrote to memory of 2936	2528	msedge.exe	85
PID 2528 wrote to memory of 2936	2528	msedge.exe	85
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86
PID 2528 wrote to memory of 2704	2528	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.co/uVA1Li8hDN
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7b6546f8,0x7ffa7b654708,0x7ffa7b654718
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1364 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,1794932094954746116,10577255137803000053,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  PID:648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
4a547158e91d49025d2d561f7330bc61

SHA1
46289de975b28ee2440e718db8c5b1183024a414

SHA256
94042692f7434cfdfd92d891b17408c16d6d3bc908d28190a6766264bb246f99

SHA512
accd33fa5830a95677b2bf51d01851e67120cdaf2f918af986197009bfa79bef769c50741aa19eebb1ee191a8f8b44817938c872a970870152483bd3e975e350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6cecf2251ae3adcd8daeac33982505ba

SHA1
db14d500cbaacd0d06089006699b9c189c0e2ffc

SHA256
b9d0f8437e2f70d9424fb1a86a05cc9fbacf6165f6d24340f4cbf1ae8dacea6d

SHA512
52bf1fa5b57cab0a352d0b74f408210c2c645d35ad183f2b16c13b1138ceef05ca47f1a5cf8520bb77b4d2e2d8936ef0ce93ec9faad72990fb01bca0b18d3021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
38068cb98b01393d0cf0427869377a1b

SHA1
525a492f841c31cf27caebd792637ed601e24cdb

SHA256
247d0f2ed183f08e62985ae9912306025a81b54bba142e9390076bd114da0ecb

SHA512
b736748ceb9ec77fb71a8f17690ebdca71b5b4e2cb0d092225b93482f9ecae8eb2574716b30fc823bdb0937ae471b4700e229c2b84a0d155f5f00f56dba18fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fdc10e3f184439c07890abad45066d14

SHA1
9800ba531f85a624564cf0e6bca8e239909c2ec6

SHA256
47e89ea24f76f7b1282fec0fad4ce309c83ddcee66fd94310b9842e6da2451ca

SHA512
2dc1b135de2b63f93bbc9f22444c8f8fbace122f4478d9c66b6d006dac55f812ce1545eb5d25354d083c17481ca672b81d9290d09125fa1cec03be23a03a4249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b882a94ffdf891d434d1070e3a88695c

SHA1
73841a90166dda046dd55b3a9b8e57da325ea817

SHA256
9b72cb02a7fc4b2db526053dd339897eca846eb213dbad4e775b7636714e87a0

SHA512
be41a950732f1cd861a4761f9562110593badfc1ecc30ab3607b22f5f25ae3e890643f8fd19ebbc4a818d89a1f565d7e4dcc78887daf13932b5b3170f6917aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cbeccc589fdbe9119a9887312d94231e

SHA1
23ec78897f2a383bd7eba5480c47cdb29974994e

SHA256
b1eda616198038c12bda4bb491f3915f7e03e79ac8d2a66c563f514c7be474a2

SHA512
9eade3177338cbff5e49e59e0e7e7aa3a8fada1ace9e754b1deb06799f2376030d3716b4e11687147ff52f2fd7518340b9142751e7bb6a9fd3520ce675a3dc89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d160cfc8d2198b37a73422ba92433ec2

SHA1
184c3ff9e8c5822e0598cdafd94fb2dc9a3c88b4

SHA256
f274d9e5bd57f514376aae3755ad4505d6a44a0c8daa033ac05251b0185ade56

SHA512
1d0379c16f027a8df654e87ed08c11fb366af53c64a151190c22fad654c812abe53b650052d2248b2eca37d0cf57658901781a2f4512fa1eda6b1c8acc84c7ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
782f8874190012bf6bf808d303b7ae67

SHA1
2cd8c7903abd2797767f23d93dbaffa411ab0b23

SHA256
624939baccfb24930c599201076f3fbf9cbe24363306f6203663cd6fccacb75b

SHA512
7da5b5b995c8730092b6c65dcb51e585165598180e77aee6671a7e18953434192e4eca9d6f4264ce63b7b960aa4a39d3de7f9563bb561782e36cf5e344e6455a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae8e26cd6ee6defa772107896738815f

SHA1
9b86bd7202b510f38e458f117e6bcb89c490212c

SHA256
075c85f7cf7fca84478e980769126ef4b6fd5c14f4d370792728698438565576

SHA512
ba8827d870348f9425ffd703fa79a39956b0a40fe808919a4b520997030c8549298f51f01991481b3b0e464b8a28943ad801dbf09652b23c4c78a2ca4d8d9fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
324528e29d7d102c39ac0cf605a33a5a

SHA1
6bcffcc5bccdc0ea1b1d0be81beb823cb2f01112

SHA256
ab1bed52d9f5d4fdac022f5fcde55c8ac7b1ab2c67036057b81b564b0c65e455

SHA512
6b0c6e2fabc3e8cc4c96194e672b9017229af7294b3524273dfcf5d4c78b7ce92439ccbe41bff30c2ba77820b87524784200a3b8b9e3bcb416b771646b21b8f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
7835bca5c2a97c5124d9052584dcd5fb

SHA1
c7b666c2676c7f395193599dc13aae6803daa4b4

SHA256
d3366f67e651e0376b9fb17c98f233068e555494da18a9fadaf1c92fe2ac580b

SHA512
3ae775ac4bf8ac6e951bab33773c63bbd762cebda64e8ea253d088c80179d9db2a20b505fd0abb9552ba0fa7c7bbcb5396728cc783e3a50db08c3083572d0a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59de50.TMP

Filesize
372B

MD5
51142f05b4274715f4e62e87d7b640f8

SHA1
aad5a39ad71e686bc22c8fc6f29e930e8d238913

SHA256
a2bfa2d0e4c00a8525e3b215aa8521bf252b3fdce1288d6edd9c22a479b373cf

SHA512
4177901b20b975fe294041c450a72ea6f242c16cc1fc88ddfaaa9a7819e1337b8d87bbc541dd49c7cfdeaea225060d38adb423183670db8c579bb92c436adcfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cce5858eb6991c8e9ea3d88e26768ff5

SHA1
35dd4dd95f84d809162e6512a032f2b3ab4737d4

SHA256
3ed2c441e16f7f1d883824e28d03638b21a932f043a8e5721be0d68ac00a5c0c

SHA512
441b11c326fe35c80159bbb92250ec05c81d24373fc4154c38e240c02ee1f4725e2f7c4686a244ed030d2c202726750e8dbc3ee2b77b6020a8d7be965fc46cf6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit