hxxp://itch[.]io

max time kernel
1190s
max time network
1155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30/11/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://itch.io

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4048	msedge.exe
4048	msedge.exe
1568	identity_helper.exe
1568	identity_helper.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 3224	4048	msedge.exe	83
PID 4048 wrote to memory of 3224	4048	msedge.exe	83
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 228	4048	msedge.exe	84
PID 4048 wrote to memory of 4028	4048	msedge.exe	85
PID 4048 wrote to memory of 4028	4048	msedge.exe	85
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86
PID 4048 wrote to memory of 3136	4048	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://itch.io
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebee346f8,0x7ffebee34708,0x7ffebee34718
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7196069835090863156,16814825858076435195,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2800

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x338
1⤵
PID:4464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a2ecf503e5407c3aa6a5c0fcb3719208

SHA1
3d65dd3cea5292ad6ebd9d45666dd6f093bb3b14

SHA256
55d71d2e8762f7f2f78477cfcf0ee0a18e88ce56d4a0c63c2459fe94c80e8c04

SHA512
c4696d25ecee0b0ee30b0c2cf020a0731bb4888f57944bdc2d51deec97cc6433b717caf3954195681923cdc4935ca7d1f5dc25a02d2c62b8f81f4acf9d603de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e7ac4d7b5bb00fabf195a51b1f22898f

SHA1
eaf92a72e546b4ba8fe891f47795a4f07b05e2a5

SHA256
7925812cb221c1e2a98bd306d149555cfce396afa73b30b4159432bb095449e1

SHA512
1b8068e083e654807adff5bc77d1d0d95ac6d5a0f7aa08841049644e5a56cfaa3b4bc498f3240d9815550f7ffa2d7a18378e644567ca8323b8081fb9d5062430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
701a6e3f01a6b0a163228a5fb2e77e7b

SHA1
f194870a2ed4e81933362bd85bf9ff4a36d1d74e

SHA256
127e770e40a33ccea0ec354fea0272be950020831ac731b3c09029fe8ca463ad

SHA512
ae375f364c99156ce7b8f26a7b4f3d88f47b121df2b86c0b3516614fce9785740c7ef4b891733612972b307b7f1a174afda99c93c1f243a78aa530eb259d9d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bab5f8038249856ff88d12bb70c84f5a

SHA1
aa247b0236df972e92c51bf13c16c95d0db9b550

SHA256
6a31f6e95bf4096ac0ba68b7cb682fd2a0683e053d3b8c41694f005e9f772a51

SHA512
11383a43a77bfa102dd420c00c3bc8db9d92b626178e2abef27771a4fd788ace4b14efb1df857c8e233f92e7bce6a16bec99dac9f4f304ad943687e31f4b638d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3c88354b5297c8c41b6c5000f1797009

SHA1
89ffa25445b1c1c7e9fa44fc0c1ae33e42ade3fa

SHA256
282e78eeb03effe2d6e34b71883e4e3d98fa0a829b3687cfd07633acfc81ccde

SHA512
3dcd5daef4a0c5fe79b0db5fe8f3d324a83135586e72c3768bacd8523e9c539e7bb1270f47eed03e1deabaeaaa1769994517a7ad0417a33a9b8f1d72049ea61f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a9efed37302e95e83545f5708fd82873

SHA1
0c984c6d723da27379729431e5faef3c76973b25

SHA256
014caebe96b482f989c213755587414ff5f786cef318b6b6fe74f4efb41f20d7

SHA512
43c8f23701821afeaff504b81df04470563cbc444b287fd73ad291577fc4f12efe68a0fec7bbb0424f898106865812ac44841e0d03dd2a1a603b2b727030b8d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1e78a4bfb85f22d6198db8355f6c38d7

SHA1
08b5d2501715ad684ca467ade0964eed6df45220

SHA256
b1711108d08f5736eb7f5174c1640d26c15e85ed74b9353ecde87c92e9623d00

SHA512
5258286e9cfa2009a03c3e27ecb113f8a2bb9877a3a3c2caf4c70edfa77857e71720cda1a8409a6d422532908c07a5c723ae0fb3d1bc9763d3569778a7c0ee18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a52a0f0ac70416c45a37e1c10f0b140b

SHA1
a20f82eabc3b6dda9e5ff68f8538c6c32d02ba77

SHA256
d9a936d9d32c9ba6ae5a2bcac17f9ece414e577284285b09cd8c5a06e74d3a33

SHA512
85f0a0ef0720ae7f3eb09fd2452ea88363ad016e560c765d0f83a2f56ef1d7738f993c906293a46f65a062a3d772c6d5755909650c5b5491f08c18d0a695729d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f890f39e6483078a76fb7a38aae52b1c

SHA1
92e850ac3e1fd43bcaed8f1afedeacd982e1a3e1

SHA256
f25248ae2b188d3cb468789e740af392cc5d41a6b3ce354818f0113ca5861dbc

SHA512
ad0ea6cc488064e1d92f096c0c935ff9f074e6fa003b1d6424685f5e5158d11fe8b4cef78604a361e5f16634972180b1fc2eec8b5cb2a3113c4d4c8a7c67b32e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0c6af7655fb7dfaea3b53d255710035

SHA1
572ecc4033498a955fe0b935d44bf97f7e3c07fc

SHA256
b91018f871781e6e4b5efb08c78b6ec45388a24514eac196d41e21658e7e1b89

SHA512
aa6d69bb56a5ec445ef7c22965b281451d412dc0e6cb006b137df3b531907c0b6bb7d745e81fe91e3d369de492ee7a940a12bf50013ffacf2f527cc0e088d43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
287ac946e742b24dc591af7ad0d1ccca

SHA1
573b9a50dac7d771ef03ad1fb4fc04afd134b22b

SHA256
baa353255b200c3a25c68de4075c8d37d11e3d48580e7893bb69053bc5e6a611

SHA512
a28538ea955affcc54ccbacba4cecc0ac1084152ce28d46619ecf422a4f0f6263020b275a7271b7e562d821041a514017284f9bf9caa2bdc5828f5ff9f3acebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
5e05538eefc10e2de65dd441b62dc1f0

SHA1
0b21db1607a1d318d0a4542e8fad2e410382bd97

SHA256
54036bf5e85a2698316c9e552b635f830d6987aa6caaf6bf510bcc9ae98ea8e3

SHA512
9dce7f3018b576766b62d42316bae8bb285712093a4b459518a4b19d886357ce5a1cd793e8a2fdaaf790a427b1de3033f4b495462bea3ae5acee617c1e882a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581410.TMP

Filesize
203B

MD5
c358a1e9b49a5042f7fa429335b78247

SHA1
b4ced997035699307ddd8faad7d55e4ac667223a

SHA256
e5e604d96ad745c3b3f2a8bfd4570410b2cab9fb566970a015aa4d3307b7821e

SHA512
ee373079173086e18ea79d3644b29ee88bd9a8b8f199d8c72fa3a2dd2206efd200ac174d20f7f9e4a34cea6f291bd2087fac217bdedba7b5e829ab4edd7bbe41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a990a9a2eab318b98ed5c8ffd5412282

SHA1
01aff0b18c656281f53c6390c33c0b9e78c649ac

SHA256
9b956596935c58e726e724907b6e3a17dbbdcb0e3cbd40e1d01f2ae234c21d92

SHA512
1c4a35d67be0dc13658857bd74f832b738772fdcc07ad1cd7418b46da9768208fca6d1c2fe440955ef52c54c5aa6730699f154d00fb5c89872c1c8a5bfa603d9

Download Submit