Analysis

  • max time kernel
    34s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-12-2024 18:12

General

  • Target

    https://9mh1.ialeahed.com/AG5qBpI1E1Ui7ALrtj3f1JznemsGa8Qx8s/

Malware Config

Signatures

  • Detected potential entity reuse from brand MICROSOFT.
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://9mh1.ialeahed.com/AG5qBpI1E1Ui7ALrtj3f1JznemsGa8Qx8s/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:464
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd82e246f8,0x7ffd82e24708,0x7ffd82e24718
      2⤵
        PID:1912
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
        2⤵
          PID:2296
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2808
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
          2⤵
            PID:4588
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
            2⤵
              PID:3992
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
              2⤵
                PID:2460
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
                2⤵
                  PID:3852
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
                  2⤵
                    PID:2256
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
                    2⤵
                      PID:5052
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1508
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
                      2⤵
                        PID:216
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
                        2⤵
                          PID:1220
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
                          2⤵
                            PID:4768
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
                            2⤵
                              PID:2492
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
                              2⤵
                                PID:1300
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
                                2⤵
                                  PID:4380
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
                                  2⤵
                                    PID:3052
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
                                    2⤵
                                      PID:996
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
                                      2⤵
                                        PID:2540
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
                                        2⤵
                                          PID:4976
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                                          2⤵
                                            PID:5156
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
                                            2⤵
                                              PID:5524
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2079444071425335106,10971178601302963565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
                                              2⤵
                                                PID:5872
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:2540
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:3364

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  152B

                                                  MD5

                                                  d7cb450b1315c63b1d5d89d98ba22da5

                                                  SHA1

                                                  694005cd9e1a4c54e0b83d0598a8a0c089df1556

                                                  SHA256

                                                  38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

                                                  SHA512

                                                  df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  152B

                                                  MD5

                                                  37f660dd4b6ddf23bc37f5c823d1c33a

                                                  SHA1

                                                  1c35538aa307a3e09d15519df6ace99674ae428b

                                                  SHA256

                                                  4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

                                                  SHA512

                                                  807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\819f55d8-f40e-4d05-acfe-1ca02b67e109.tmp

                                                  Filesize

                                                  7KB

                                                  MD5

                                                  7c910b39563636f1a942bc2db0ed8ed9

                                                  SHA1

                                                  60f613c25d1a263f444844f1ce9b5a2dae8c1889

                                                  SHA256

                                                  af039ad56374ff9cc87d8bdd41c33db3deec0aced08a09ec4b6087274713db91

                                                  SHA512

                                                  95377a84d657e93238744eb20526c37899e3604919933fc8c88a071f5d3bbb40e44e66184b36e96b943e7975c5f20c9601ead5c70398d243d9d75702c8ce92e5

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                                  Filesize

                                                  34KB

                                                  MD5

                                                  ec10056d89af41f2a514df0773ecfed4

                                                  SHA1

                                                  42c04818b32b03e4c1cc657b76eabe8bd413b901

                                                  SHA256

                                                  75b10b11fb9a43301d2313ff724b1ea4181b90aa94aaf7660f673cdc2ddb7dfa

                                                  SHA512

                                                  a17a15a85953f97db9b6ef3377da264f4bd8ff27aaace97e496bed45e6324f90bf7ed4760d5c513999ff9dba6f7ca30f6f443720294eb3d786d3fc57f3059fc9

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

                                                  Filesize

                                                  22KB

                                                  MD5

                                                  2b41d3512250b9521aba871a5707cf23

                                                  SHA1

                                                  2bf8a039e31b6a549d10482f58d9ae7823ee012d

                                                  SHA256

                                                  a450a6398f0a16e5ad065b2f3e4dee62db08ec1105cf8cd025561e78db2d3692

                                                  SHA512

                                                  9c20fde1f3e0637a9ca38c72dd73f83fcb90ba54a8a4212e5654b3ccb85a2d23d0d2fafebaac871a3eb7c054ec186eaf7d46cd366fac192092276b901116704b

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

                                                  Filesize

                                                  79KB

                                                  MD5

                                                  e51f388b62281af5b4a9193cce419941

                                                  SHA1

                                                  364f3d737462b7fd063107fe2c580fdb9781a45a

                                                  SHA256

                                                  348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

                                                  SHA512

                                                  1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

                                                  Filesize

                                                  35KB

                                                  MD5

                                                  bcddce72e89d14010a2246ef1771fbaa

                                                  SHA1

                                                  7da33bcff5a929ed54a98c82a13aa6137e11124f

                                                  SHA256

                                                  1dfe5319b74457c58fc84904e2b6b7feeb4cdac5c301218b78db6bd45f83581b

                                                  SHA512

                                                  3c8b5d663c44ee042a21437714e12d352b827f2de319884aaf7156a68aa4378cca8d780214c28a76f0ce966d79a2b8ff03f37e0b0b9ebefb8d57bc9fe93e1fc5

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

                                                  Filesize

                                                  25KB

                                                  MD5

                                                  d0263dc03be4c393a90bda733c57d6db

                                                  SHA1

                                                  8a032b6deab53a33234c735133b48518f8643b92

                                                  SHA256

                                                  22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

                                                  SHA512

                                                  9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

                                                  Filesize

                                                  51KB

                                                  MD5

                                                  238d677a325e264bdaa631bb7687ee61

                                                  SHA1

                                                  75f19a5eececd9fcaa15487eb1e6395d121a7da6

                                                  SHA256

                                                  eeac2189f5eaac434001c24cc412fb547f9173ed8be3e9fdf05f041615594672

                                                  SHA512

                                                  2859088daa8140e14ed31c8f197ee50d6b415176e13aaaf7e2a309de52869c126c7f0607158d10a8c2f1a67a8e7091b746b7111c78d3294177f673e2bb400f0f

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

                                                  Filesize

                                                  40KB

                                                  MD5

                                                  b786554392ab690a37b2fc6c5af02b05

                                                  SHA1

                                                  e7347fa27240868174f080d1c5ab177feca6bd84

                                                  SHA256

                                                  ebe47cc89c62447316148809bda9095bd07bd5392a99ab4b8ac8b9f6764cda51

                                                  SHA512

                                                  b71cdb76464a775fca909cabd0a7435c34de3ee4e19c40f5bebba6415295f0be2f82532a2ecda043c787ea4e8c23fd4e582a4d4322923fdf603a56e3fcb8b567

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a7

                                                  Filesize

                                                  21KB

                                                  MD5

                                                  586fbd03a7f8e8efcfb44c02a0c721f3

                                                  SHA1

                                                  9be4c35c9e97db3dd6a6d16604ab58c170f70232

                                                  SHA256

                                                  c676919c631bfdf174da2ac3dcb2e3102be25a93edb1ceda7187cf8165ccf3b5

                                                  SHA512

                                                  d79b99b84daadd575e8979b5b076358cba724e522673f43962e65dc9b81da438bc688cbbea1d378a79c5674c58514048f622e8ccea0a41059f2abacc7afb7701

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c7

                                                  Filesize

                                                  78KB

                                                  MD5

                                                  39ee528edab707e548ebbb57221617e1

                                                  SHA1

                                                  5daacfd736cfbe9aca6b86da276001feddef5f6e

                                                  SHA256

                                                  f2af87645739ace53207cc80411fffdb7ee77cb0fa63616a77440fa2e3d82086

                                                  SHA512

                                                  149775db7e342a72a0da0d1e06cec818557ee111058d3bb423bc009ee7e20be5859a198fe01fc367c64437300207ac90cff1628f0df3766c739ce96b9c861e0b

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.microsoft365.com_0.indexeddb.leveldb\MANIFEST-000001

                                                  Filesize

                                                  23B

                                                  MD5

                                                  3fd11ff447c1ee23538dc4d9724427a3

                                                  SHA1

                                                  1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                  SHA256

                                                  720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                  SHA512

                                                  10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  479be6bdfcc0b4ebe80e0d4829367daa

                                                  SHA1

                                                  c7ffc711304ab293abd46eaec1208663117970f8

                                                  SHA256

                                                  470704a66af1a51e60cfbeebd200743ac0dcc5f1ce7f44841ce153f5450003a9

                                                  SHA512

                                                  33e9d850234e2012991137635d73396eb84727202397451d33e92f241b46986ae7f33c655e481418a3775666869dd8521bbfa4ac0efcd0f5679a77f1dbcc94dc

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  5KB

                                                  MD5

                                                  c55d2dd11727828085246f5f1170aca3

                                                  SHA1

                                                  8b9b0fb580bdb5985742c47a71ff042338eaed04

                                                  SHA256

                                                  584961f10313d1a42c4d3ec87d380918a793ab4b44e2be9b1e8a9d58edd25e63

                                                  SHA512

                                                  3d69b7315b5f71e33fcf708ed05d4814906ea359a394133611dcf838a35b2e951c8d96f3b359134e258be3b2ccd27a4cb5e463f0b93c23b30e12c78b34ca143e

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

                                                  Filesize

                                                  228B

                                                  MD5

                                                  9525ee5573d4af3011ebb926b1e2ff25

                                                  SHA1

                                                  ee62b64e69a0bd24c5c55e6d284862d5e1fbbeff

                                                  SHA256

                                                  5821413c77f86f936854ee47d2ee589e6897d29f733bd210ab0b3b2887cd7f9e

                                                  SHA512

                                                  eab688d71081a50ab428679ed711ffdfebc87fb3b3dc81c321e0616b01bd2dd6abeee38ff1218367c17c6bbb6680f82ab933d428e80f6b523b5c4627a648b9c2

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt~RFe57f6d3.TMP

                                                  Filesize

                                                  235B

                                                  MD5

                                                  a4362f307bc2ca4e506abf8994111578

                                                  SHA1

                                                  09b18f3e0cf1a0974c39ab6fd06e4d0e09c44e6b

                                                  SHA256

                                                  4c8b2ac34b4a43b9996516e124af7fa8697cf9cba2251930519c391de5053194

                                                  SHA512

                                                  4690ff69fe27491503738a8dfb79b87b9883e366665d8be5cde0f575df462de8c77db515271c61dd23d83779f3880278ff196f7dd82c7251dc5a01fb76600abd

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

                                                  Filesize

                                                  16B

                                                  MD5

                                                  46295cac801e5d4857d09837238a6394

                                                  SHA1

                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                  SHA256

                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                  SHA512

                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  afa67160934afdd9de0452b0ec46d5a5

                                                  SHA1

                                                  f6af0a92875ec10bad259b44f53f740ac8845d65

                                                  SHA256

                                                  62b1116097468eca9fd75d4eaab68405b1b62431624dd3b6ad36ee0d39d3f426

                                                  SHA512

                                                  38856250bcbab91701500d595158adce278b2ede20bdbcab7916e48307c56be06539e686f79fbe117169941bf6a46d5c75ddc40e848d69130096cf19c9acd454

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  5b608d335748e2bccba089c11b63d043

                                                  SHA1

                                                  ca8bd8d2ca1cfe9e0859ab78586c6ece52266bbf

                                                  SHA256

                                                  d82eaecdfe7f81f96059f5e8b4b829d884a22180488671f840e03af3cd714ce9

                                                  SHA512

                                                  a5b1374f90f00ca1176341a0fb834c7b7c32791872e0d0b084e055e9ba44b252c5f99060abd33b81036e39e223072004a91f2b7554982b473f4c9178742aa543

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cc29.TMP

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  cddb6859f555422cc8d763cd135a7775

                                                  SHA1

                                                  0e38f3e48c443cb2ee676e5c47d1ab7a296e8a7d

                                                  SHA256

                                                  80bbc91ec9255aad3275efffdfb02b61e48ae72c4fa473d86224e98c145446db

                                                  SHA512

                                                  b02e4b2efa5bea32d80b3e72cb84eebc3d76540353365d96b7bc2901b2ed14b06e0b4c4e06614358ed22796aaaa5c6757725b40b9e852bee836db34f1015e2d4

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                  Filesize

                                                  16B

                                                  MD5

                                                  6752a1d65b201c13b62ea44016eb221f

                                                  SHA1

                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                  SHA256

                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                  SHA512

                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  10KB

                                                  MD5

                                                  6cc2c806151e00257d746f6ef28901f0

                                                  SHA1

                                                  8f2bf64c4f39be1cc46a4fdedcc95baa62d2225e

                                                  SHA256

                                                  fe0244dd3a7b6162fad44ed35f60563c9cd6f2de58c565c08b206d8908ff403b

                                                  SHA512

                                                  3020a21fbc80206934e487d9cf09721704e714a52ade4e1f5616eac8dafd00078cb7dffb9f9e87994d12459cf771e019f1b70b87a7f85e5c36f70bb2c448b74d