hxxps://chipotle[.]app[.]link/?$3p=e_et&$fallback_url=https%3A%2F%2Feurotelgsm[.]ro%2Fcss%2Fadmine%2F748394%2F%2F%2F%2FdC1wb3R0ZXJAdGkuY29t

Analysis

max time kernel
206s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/07/2023, 09:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chipotle.app.link/?$3p=e_et&$fallback_url=https%3A%2F%2Feurotelgsm.ro%2Fcss%2Fadmine%2F748394%2F%2F%2F%2FdC1wb3R0ZXJAdGkuY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4252	msedge.exe
4252	msedge.exe
2828	identity_helper.exe
2828	identity_helper.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 1036	4252	msedge.exe	44
PID 4252 wrote to memory of 1036	4252	msedge.exe	44
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 3236	4252	msedge.exe	87
PID 4252 wrote to memory of 4056	4252	msedge.exe	86
PID 4252 wrote to memory of 4056	4252	msedge.exe	86
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88
PID 4252 wrote to memory of 100	4252	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://chipotle.app.link/?$3p=e_et&$fallback_url=https%3A%2F%2Feurotelgsm.ro%2Fcss%2Fadmine%2F748394%2F%2F%2F%2FdC1wb3R0ZXJAdGkuY29t
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6bea46f8,0x7ffc6bea4708,0x7ffc6bea4718
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,5082809894279978852,17236777308615000992,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x150
1⤵
PID:1752

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\58cb4714-8329-42e3-a7c5-c8d869cc9fe0.tmp

Filesize
6KB

MD5
a18dbb42b346e93de357c75e7ee0ac07

SHA1
612c0d1da8e722dbf14f0050072dae4d306da53b

SHA256
4faf0095ea4124a9d37e154b5a9bcd3a5192034f6e1d44cef6bb4a443fd7bb53

SHA512
41a35e6fbf4d5834275e5dec7b12d7bced3de937270669f4be37a5f25187a9b6ffbffd5603d7995da7acabc40c5781e95321e9e57af64b829cac00716f630831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
1024KB

MD5
8781f8591c9d251d4cf8d6e8e7ec93c7

SHA1
727b3dbc7f9fe79f7c7231b32eb068d850dc5ebf

SHA256
ae3ef3486ee1a2c4092e0c7dbb0eff4d73f03946fcf0f21605d7bb6eaca9e9ab

SHA512
f1ad8f8e3a3a875d129a59b501595aca9d55de0c659a9d709063797081811b0417efdffd001b26f63c21b0c3311c4ccefc916b6cd23c1e08bc640168c12f5286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
1024KB

MD5
9dfaf8cf4ecb40539f8ef048d155db62

SHA1
c4fbf736d66280aa8c6a2faa1bb33173feea59c7

SHA256
11ebbd7f1dc6497d281405c9ad4808d3b298d3dbd35dfcc7198def1e9cfd2e56

SHA512
f7206d20f51ae339499b6cb0e9d683f9f03edf4d09e377fb528baf1cd1892118efa05793fd2379d2135b8f804f09280618aa2c123314c5369296164a99e723f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
12347c6d60c88ec3d1a22a0233362ae6

SHA1
f075d3c121800f63e34a640488d1872ad0fb1a0a

SHA256
b4ac882ec719c5c6a88d7fd2f4099bc51367297d98a045fb6a74556135ff7359

SHA512
e7ea7d120bc179ee0edd7d413745eb92e2a8a0c57e57fd7a3f1806ee487bc42da7125e9c716b0743e2fcc55dab008b62903b694c2c23a9ab1161d651da83bc01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_services.sdiapi.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.chipotle.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dc0aa4c8114e3a35530fbb27f35a852a

SHA1
9fcb601f5baa4a2965b4cd43375abeb144a7ebd5

SHA256
ca1c10d73befe5bd039cd9f85a5e379efdebf9987b233f98d8cf1f0ee410a985

SHA512
a889097cea2fb3ceacaa6e1800c66e6e4c203b5e6b62421933e0f192cc04166565e948961775ef97a97709f5526b08d81dcefa2034bc79f987fb46722e54ea46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58ad05005903dafce39e656df343abcd

SHA1
caef3a58a922bb81858b8f114231a698db301603

SHA256
7f49a594a265dc681c619a5a64a165df0f52c925e1c17361981844e2a02bd646

SHA512
d40a98a53a7d5d8c320c47cbb31febf4d3277cdbfabe6d5e3207e191173dd9e3463d77c6063d61a574466a9df45a11f3b86eadfe0df39bef8e89ae49bec7dd8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
746777a485c06c240ec9e4c2aef6b046

SHA1
5a237798e145fb73ba4ee441b3d7468ae34046c7

SHA256
f00f88be56391ba3e36bc6fc78c135772ea2f533a65be55504e5cf05ad0bf921

SHA512
2281dfd7081db100c5159dd3170ccfe119ef087629f56283005753186354f815006c9361d8bae0038647781a2ec2213c5eaddb6eb207331d069eeb93f94af5a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fd0a0d073e9fa2234a952371a09166b

SHA1
b8093d086ffd73cea6582f69b765635e92312d51

SHA256
b06eb23e348978c669ff23acfac70da2a241e50722c5104c66456a2da05dbdaf

SHA512
cfb781660aebc5478b611e11d3007287c492b4ce88e25ee42dc5d7fda7b00f066bca9414c4afae2514ddb938d3e318ab01b17092cb4a8f65afe699306049f374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c8fbd39e160b24d1e463f6b56a6bd768

SHA1
4c608b4a84bb1dcdbf76a50f1ffbc34486e63825

SHA256
73df1e15129d8fac77046cf3862b03c872a9c6bc205149aad4e027f9280def02

SHA512
27a3f1011bbf57ea341ca8db3f803a55532819ecb992bfa31b2b1fa6dda98abd62d2980d9fdb332bdf87fa9c25cbdc975c8386d994c9d5b3aa14f1597f903339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
77b2a5252e57cc212f59fa6bafa9df41

SHA1
cdea564ee3a13b9bb732ce33a52663b4f4604eee

SHA256
e291ea3fd0292c125dcf5adbb8d28e5d007439080945590d62fb33a0b214cb70

SHA512
9e7ca232ecda7a09200f463b736abb887bb8d17beeac420d8b7d21b0b7d451b25e59c8275f826c1dcb41b25d03794ff1d600adc117b8552216dc282ab992d4a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c1a74c78b706359ba62e4ef838a2d13a

SHA1
198a9b8f4c07c8d88e86aa1a65cadecbccd4cf97

SHA256
4717a186622ac63bdc09dbf106da52ec4f3656396f603497c97a7ce9077eb4cb

SHA512
fb26d40e6ea917688ce5ed016f94b8d2d4af0350b5155e38a9f2c82766064d913455b28cb1f1faf67f2df6b192b6f07c8f70ee7532e5393d20f4c5d5e31a0e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1fdf727594fa4a72dce469820e988d6f

SHA1
f0da872da20b5df0e40178427bef591707a6c9f1

SHA256
ea48bb87849d12b2cafc7d412f37cb2d396c6df83d4c97ea45dce282c4a6691b

SHA512
14ab6b8b6ec2586ecd4c7ad8a3b6d05012fb749e94a5258932f0c9fe6a46094585f412dd10e742e41fe39227f9bdb3515bdc12b8d45b089665eac21ba0a387d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a766e0c6c2f9e7a4957af1ecda477de2

SHA1
7c256f6f8154bdbc1f646a655f395161074f73ed

SHA256
6319df22757e158633bab27a2e3e03020e8dc7e60e7cc6869edf51934978552d

SHA512
1054dea006102e58e94436e3524bd26b1d1a39cd5121be9797b0b0283ea8f5b57428fca0400de8e640cdb46a6b8a42a0b5beb94cc62d5807ababa8d6bb1ce3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
de8fb0d7a1557e0cf3da5208e21ebf62

SHA1
083a3d203c4148f3bf490c6196296d41b821f900

SHA256
e40b44d94ec00ba097e9805213e192cf9e5a91bb11dbb1d32398e00601ee6b2c

SHA512
633eb4cc793bdabf5d9f217c1491abdf2e4fb367b50fd54306861ae1ff4565b0de5116db85d245b0918b7e77e49dd0933c4a16a508e2ec8cb39fc3291d1197b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6d3c9bd3f10b3d87c77b9e75e50902da

SHA1
2c4ce3d3357b66f083cd4760c4ceb4c4e864544e

SHA256
f64fba76314bb98b641dd5398f68dcec94795579ce56a1e133c4fb79c23d1c66

SHA512
fa30ca4e349b99b70771edffdb4721fc1ee13df913833d45b53e436b7b930e2b698469561a6938c1ae817b077351e66419957d09547ce71f51a878a4930b3c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c9bfc8e5b009d855806270be61566d8a

SHA1
77fd6fe249ba398e035bb0422c461ae637a3bd74

SHA256
8e58127a7f435849557cd3a07a9ead57d7614075ea26d5048684193444312691

SHA512
da8450ed77482581cef6bfb63caf86ade45b3a8697e21d065b3104b066bc38280831661726724c716a88a2d647432930a058455c6dcadd4517dbb9768d009eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
29d8c471ca0d6cb60a04e41a3885cedd

SHA1
71dff087b62d28a694317d0bab9654733309a665

SHA256
04c1920f7787661e0023c1fb246bee61f7efbe71920782baa5d56795376e859b

SHA512
9dd9e7669e4f7276d1c486ca3587a85972bff6aeb8c31b9c7ba72380d4ad56842a6c234bdab0a69cd87b7967fdcffc08349184706b568248a2c064385dca138b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
de0a46a45ee8b070d77e5168613209b4

SHA1
f2eb7f3a581355494a6711f3bc3defcc8b78d45f

SHA256
0d052d71a6a5dd1ef7dded57869f12fea07bee4def27794e3c0a74d1a62285e5

SHA512
7c77e5f36af7164931a6c6abd7a13570e1c7ff2e9d70dbb7d80f85e87dd8a1d299b92d3f2ed8f2597e369ae2ccb042972be21a6fbb919cf54af0e5e24f00d683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2d5bb3209f7dfa95edce4f93f05c0270

SHA1
64d0254df670f47dc0794946cbd4da04db0ea6de

SHA256
ffdc43f27215d82f95911cbd2580396bec7473b82682b0742742346e88c43d1f

SHA512
ea4b877a27ca5cb302b7d72e18c3abad86bad011083fb46302f6b70c83e34de2f5d6083adf7210ff271fe34f1c7a6cf4af0807c87acf7005319bab26169927f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a246f30fafbfc4773ee5790e690e2aa2

SHA1
d6a758ed587af394f7f8d182a74db2b7eeaa4a12

SHA256
cf7d05069d0bca759c2d0b299f4b85c3b3206821201af159b78afd5e25c33446

SHA512
681fbf3f9745fc20c5d35b9e5b5a89aec679eb2ec717c1b51755d0910ee4332ce1e491358a1779d381bde699b3c02c0ffdd8163af31221cd9f8c70f98b9c628d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0d4406048f72e53a657c574c27da3853

SHA1
9927a854f43b7941cf5a8300470a3511e66c21fd

SHA256
3d2f0dbf65f98792cfcd13305a4129855abd450405887b3b054aa945f6e5599d

SHA512
63f7d51c4974584732c7ed4d6da98eac6ed0b75fbb5027a8b25e0e70d04669fa32c39008082c249649b59120d7bee483809d2ae47f389ee2245a07b54de2e510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7b3226db8c448810f9c8322633cb11f6

SHA1
97b1ef27e33177d831233af6b72d7914d770fe16

SHA256
90aad4c50e5edca74eb225e2bbf8550f0f4c4b0acb02519521ebb0d769c29e5b

SHA512
686b9d9904137b188af070fe6ec689c85e699a5700c673357507d7740e17defb80a6e8b6c9ee3f0ffa39796b06d29fb1736d09e8d638e2418344f17d9c5cb37e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
529b3c8235c100977c0900810432d185

SHA1
cc8d26657bb969ec861b27f5a97c108cd4ce409c

SHA256
a6c8dfa4afde425ec72c6b3c7c776b08be8d45ee9e82b02f0904f1ba9769bceb

SHA512
1b0c42038f37deb21ed15b4026a12e479b867390159b8a08f26b8ab926bfed9badb6e9d0206cd4c46db5ef7a79ad77cc3f2b3a7515d47ecaaf4336d0318d47ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5c0759c4e44397889d9b11e62910ccc3

SHA1
552b572f2a2603deeaa5ab5ea40a6cfbde89a402

SHA256
2879a8d448160343c9fdba26e0bd644a09af25dee5dde99a00cce14863a2e88f

SHA512
e639606b8deec2877456d629a807dc8e99fe79bcbf9c335e99726d5b1f4f9c6254541df384ba601219b50a4e3e33f6b21b98c136f2eee70458e33f09ada04b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1f20a0e997cbdee4153fde264cead9e3

SHA1
d19e1348da4fa894d9909bfa84421de166737891

SHA256
1fe100d75f7cdfd92856ef82550f8244f2b48561cd9e0c57479c0541328b1fca

SHA512
2127d0b29216eb0153b60b3f846e4f524ac8c89365f984b7c4192442ddc1f2a9a47e32796bfa349314e461f2687443191c3aaebaeee381d5bc538c79f85974ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5874fc.TMP

Filesize
2KB

MD5
3d13a748a7358e5efea9bfa017e2432f

SHA1
1190c649de71a58bf7be3b410a9734a1e61ee281

SHA256
84805c059f7ca02add41df9fa2cf5534378ab18428fc1e046eab23c2741ab034

SHA512
bac2e24b05b89308bda835ca457770d7c637355ab9893fed0f92e0756714cecdb68800eb1df5050c93be9b15640c8cbdf35e73d6ba51c9c018e63b9cbc810b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bbb20959-a3fb-479a-811b-fa000136b300.tmp

Filesize
2KB

MD5
890c82a956cdbc9f350021af0a2c769d

SHA1
89cd764fa10461cbf98cb49620b6b4f55c22d428

SHA256
64f20ca78486b363e17c0940e7b9a56898707e4c57a19f6199681397431c017a

SHA512
22fc8ecbec1b2864c762137ae63a0886ff4f77036cc6f68ee52530d4c52e16fe02e1f953fbc7af01ee2c5f3b0d0dd1b5f3ea7a598f375969b6c8e19916f5b4ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5d5ab635a567b0203ae307f7f67aeddd

SHA1
f12f0d2eecdad24d1dda9a5e226b4337735c1ecd

SHA256
e15544ee1426f59230c22ba0a64f8f4e28eed52bd8910b9a5b73e128ecadded1

SHA512
02c464e703d108e41b945e09d73d4242e162dac5b269ae1b4cd5bb213cbfbda6bad4dd050ef7f63aa6219437772087d5b7b4cf2b60ad72a32db5bbbbea0e82f3

Download Submit