hxxps://github[.]com/Dfmaaa/MEMZ-virus

Analysis

max time kernel
1146s
max time network
1148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Dfmaaa/MEMZ-virus

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
1460	msedge.exe
1460	msedge.exe
2080	identity_helper.exe
2080	identity_helper.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 4100	1460	msedge.exe	83
PID 1460 wrote to memory of 4100	1460	msedge.exe	83
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 1332	1460	msedge.exe	84
PID 1460 wrote to memory of 740	1460	msedge.exe	85
PID 1460 wrote to memory of 740	1460	msedge.exe	85
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86
PID 1460 wrote to memory of 4968	1460	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Dfmaaa/MEMZ-virus
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92ff946f8,0x7ff92ff94708,0x7ff92ff94718
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7542430545251767140,2199115877948023257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:4672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2940

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e29427b343faa4e7dade723dd60c0b7b

SHA1
920e4fae87b89b90aef1d027077e4a28a771eabd

SHA256
95153ae0e64bd2147879c95aebad84967e9239088bbdb6d96453ccd52c08be74

SHA512
c3c16b586a3cf1a3952dd606038c067598943ee114505ed7ca93ec69097a2dd6e4dca2fe0ba258990fc1c95324c0f87a613d566ec92a63667afd8bff00840378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
db5b3e452a6576aabb212bd1efd658e0

SHA1
a44d97a5b2c9f4b90184f55970ed6578fd1d52bc

SHA256
a4d88d8c957332cbc263264c8c353641ef4a7c3fe93b5bd1a8a300a6dd3f089a

SHA512
913451a325336df6b7b2a24d0119f3cddba0acfd4785bf7e11bb19358342997ad1aa727547272660cc74d8f3c1e195e31f89239186dfd36c8051c54e4e6db088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b03c2f9558a9cb4520aa18c563731d88

SHA1
9be0a76d70f2663693bcce41a64ec2b953ee4c52

SHA256
b97310e16461026ba6693fdf2c405da4e1e56183b3398cb53aedc32246e75f42

SHA512
2aef760ccf2c79961682062c92969cb1ef866ea5cb9c4e667665df49b55b1b348fa3c5bb41ecbf3ffdcb82e032effd46a7785b42fe520469150d970fc2ea24f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
259B

MD5
6125666706dd9de5ccb87ee3b6f85b82

SHA1
ce37e6117b2eef650ad1b350b1770a3c718b9804

SHA256
c377f786e02d36c056a6fe99c8ab14088e0297db03a464e8156fe6cfd23946ec

SHA512
7d631efefbcfbc7484910a212587e085ace5cdd3039e0bc7b2ac9ae09e4e491155526fd66b529f3de31a90806a3a5261847d143daca1bc78a927564b7ab63c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
5fc4e74c4d38bba219819f874c0113be

SHA1
a3fb5b9020c46ed9101423f7dd81d335aec02bb9

SHA256
19b94f1cee30d5c9c2c0c15572c39aeace2842405c906faaf5b2c7ba7b34e910

SHA512
b5625e4761ee52e339b9638d0d80db992fbce3552dd6574573d9c16e161c124177c8f5b1bdc70a78d82a252630dd73054179f73645a1d6954425daf9f01d6575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
68796d38dbdfcc782f0286de3168bbcf

SHA1
ada79c4e910e246efc34ee3db45f22835f79efaa

SHA256
df741a75f0d8edbecd876c56ace12df986d412827cf351c6cf1ce847470dcc2f

SHA512
748834486f28756567c775eb84edafe82c2651c479765dfa896a6a7d611180355bada35d2d8881ec3484caea420fca176c2a510e3eae10babdb546a6b2f99c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d85c5b11c71c953aa362ec1c217c8a16

SHA1
0f71feb508616b1b9a71c8d321b40e366622e540

SHA256
e98e532252f020b5b2e0c3303a8332fffce1409ec91a42de67232a77cf466d69

SHA512
9c1fe4b09fb8392d0296471d11533b3af53e7ff9acf8ea8e1d8fd4fa8f12f348718b7008b593109fc5b15af3d98ef84780f497b8acda6d8dbbc62abde63ebd99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e9f98465058519765ea13682e928259

SHA1
f0e121361d7a4ca54b31c3c7407d20efdc627c75

SHA256
ae01f8b6178c341240ecb07ef6aac269b6891f180f6dcd1ae3f56573f9329db7

SHA512
9fb6f7d5d331437a77783e2a4974f11a516f745f078d672bb51dd7a46ff1806dd83bdcdd6fdfd0ac0aa9ab18f37d52964e3d16b061bd60d5583b25510351271a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55bcecef8a15a1ed19396374db60ff79

SHA1
8f9acfc61c04a10d4c5d819ec173250d2fa38b16

SHA256
9d69a1ee2e5ac814a877bf14242fbea34f26f621ee9f0f6689cd46f0b824b990

SHA512
57e810bf05864e39d13447623ebf75d9f23191ec49bbf7dd0371e78700a4a28cdf192ce11613b1daa5e1403b33e3f5ffe15c1422b37facd824fc1e2b200d0f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7905125fd7011f3f519d20739224de01

SHA1
024f97dfbfb88f5c7966b5a09aa487beed214aa4

SHA256
9f0a9b254219bb09fc44ac4b0288941bc95fb195431bccf889f4901587350ef7

SHA512
4b90849df8771be65c5f686c0cafa8032eb6a9c8ba07e28035e8105a40205a06c48da654878104bfd5d923c0e947b9547de0f4c55112fafdfad81433df3df063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
41694b8ce839646ca1fc1bf4104fccd7

SHA1
0f1240acf77a3c76861e508c3fca5041e05a6a7f

SHA256
b28403995a4193a6b4253bab287550c96ce4e58e554ebd0da21737af5d1c0f9a

SHA512
4d859c021644d24d042c78f20255950f3732643538c242d35be5f99f7506c78b63674e8405455f6d5c7d570f21aaf79b3cc8652d203d30a1a32211ea8d9385e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
b9d33d5f2d2a227ff4045a1d08589015

SHA1
d807ced9216c872d5ec6a8cd884855d5509b762a

SHA256
3643f3fe7c5ab6b574c2c9602f034ec0d4bbeb762c7bc0f103cb7d72a230c0b4

SHA512
d6ebdbb48f141c675d93cae366b8daa737e7ec9aa01017547094c60b264c0524a642f6cdefd2072ace08b2e007da5b4a2b5d2f51537e53f8297006aa8a6fc3a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
c60f5c4d56926ca324613625364a7976

SHA1
d01da4cbb5e1df36649125038fe724ba77084249

SHA256
649837276f5a3fd43f48f09e0dec01b001210f2338a12c6dc27e464fd89179e4

SHA512
20ce3e6f80d084760fd132e6e564f0f66e606b173bd466c5d1fb688c56d110c3b446e7556a2cc529f7f9360d7cee5f6951bcb1eba3c02d9204e68bbb20d9e73e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
b73adf0d40f42bbcd7649dc07d42d232

SHA1
9f6dae36ded902e870999398419e8f3e6af8b2ce

SHA256
89430835e7cfdee337db302f8a262fb6925fc574128a22e282b407320c8220e9

SHA512
aa5e3abc1618cb99f418c1732f35cd65b89a4512d77bf4adde63fe0a759535e2ee4b1974dd8a0500510657516ed8824d809d8cac441e9e5db8136c383642aa97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
5d9234df9bdda945ce55d0263a815e88

SHA1
5d343497f1ce139ae6068e5d2e88dc4634fd8b07

SHA256
9a6e1fed3d68236d0f02d7f7a3545b668a015b70e9b9edc36f0adc25460ffe19

SHA512
54b9e1f11c74b351dd3ab9e3b83f3151104cc987738f79f3e7745b7ce92b7722b398d280aa3274b8c5646e0643a74eda621823cdc57a4e6e993117891805fb2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
4ae357614ff6045f1321cdde32d99d4e

SHA1
13d6fdc6cd40a95f25782a66c9daa37e5676398a

SHA256
4d9922569d986b0985c10e0ccce84fffb5236fbfb078ae2d3744ea64c46b5051

SHA512
b09883929376db183b801af770ae73f0be14d837cd6795746c25fcebf6e0094917298a776a60fde7bb1684623a5428d0f49a3bfad0b8116cd1683b2b0240e8b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
0637e1d57dc4d2ed6455bb5861b9c50d

SHA1
7b4c01d50d9d9b445359a897adf5b7ac1ddd50d0

SHA256
5a5ddb235a5cb2c02b58b35177f3cbe347caf94fdb70a6ca7862b0253acfdbbf

SHA512
27c0ba83f43fe150494ec7c7be7cbf42319e3a12232e67c6c8f69a0754b7ea11c36923b3f2ba65b4b7a9824ab0f86d8d046ae3fb98c435834b914dcbaa0eb38a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58053b.TMP

Filesize
367B

MD5
cca379f83ed0a73ac6dc6e0b1faaceb2

SHA1
0e30ca324b2d40550bbc8226bca7f26803d85d11

SHA256
c8b41c4678d7668ed29df90d12a86cd55fd1c3e6a3a4d0ba0b363fb2de7cd5d6

SHA512
9f946530fdec3557fe761d30579e2f997c411d4e8419552f9ed4ac9709ae83a5f6a88ea3a631690a573a1b61cd413d8798d4e3e588b7edaf4bdc8fd049053df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f452ba5ffd5f14d66663f1ea8ad11f38

SHA1
8817635d5a77656b1b0ad29650bb8e91613c4195

SHA256
7c4d0813bac6e9652091d700e61f5670006f01cf5e1ab33190129a19de4aefe8

SHA512
62619b68dc761a2377dbf4f13d48be7fdbb20ce593e0ec8fbec2a085d9c3857e6e69cc6ada6cd84162c361a02da5bd20d93c6dfc21f036a8553d6d9f521279aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
51bab505200dc8fab6b33dc5fca803db

SHA1
fce1a6473edb39b1ec14e0cb55e9213ea2c04036

SHA256
6fd7a0ff818181438c551521f82c4bd9b2f6d5f5bb02bbbae6e01ddf4fb13e1e

SHA512
f93d20c0f16e6264d694f7455f5ae0874d3fa077cae46d76db9bc96aebf3161edbbcc8c83a612773c47d75258ef8e86c1b66655407d29231d73e1a9ed279970c

Download Submit