hxxps://www[.]linkedin[.]com/slink/?pedns=nVD839FJDM&code=dS__x3ka#Y3VzdG9tcy5hdUBzY2FuZ2wuY29t

Resubmissions

25/08/2023, 03:05

230825-dlmxasgg28 8

25/08/2023, 02:57

230825-dfx53sgg25 8

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.linkedin.com/slink/?pedns=nVD839FJDM&code=dS__x3ka#Y3VzdG9tcy5hdUBzY2FuZ2wuY29t

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
1356	msedge.exe
1356	msedge.exe
2768	identity_helper.exe
2768	identity_helper.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 4888	1356	msedge.exe	47
PID 1356 wrote to memory of 4888	1356	msedge.exe	47
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 3636	1356	msedge.exe	82
PID 1356 wrote to memory of 4852	1356	msedge.exe	83
PID 1356 wrote to memory of 4852	1356	msedge.exe	83
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84
PID 1356 wrote to memory of 2972	1356	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/slink/?pedns=nVD839FJDM&code=dS__x3ka#Y3VzdG9tcy5hdUBzY2FuZ2wuY29t
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc84ec46f8,0x7ffc84ec4708,0x7ffc84ec4718
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7944159952591149452,14643595730812888535,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70e2e6954b953053c0c4f3b6e6ad9330

SHA1
cb61ba67b3bffa1d833bb85cc9547669ec46f62f

SHA256
f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4

SHA512
eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
771bc95c25dfc6974aecf3f87b19b1ab

SHA1
07e958ea0fbda0a09ecb3a810a1e6642e5075aab

SHA256
125f9159219b730ed7e69224e371eedc18c0e7b0fb6719920625250668acdab8

SHA512
3697282c101c37b7595b42d3286a253449df7c9e865245ec8c608d87efee03b34d296db684d0fd095dfcbc74026ed8b060c50fc3d8975830f51a910f2eabf166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
987B

MD5
ebd6a87f570cb452dfce4f9e7c1c817c

SHA1
c5d4a0a584d21af0c7e44d56cb853e0c3a91ecac

SHA256
e806ec2e76cdc4c2c4c0fb482138ec2b1248824aa91fc3ae71ed8c2823f49aaf

SHA512
f1787c3350dccf486d53e73e7c1e638a32407582e986f0c1c763ada4639bc80d720baac0e9f222bf923e043c940af67d43152e020ad7b51a91a8dcde1c2e552c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bdc4b59a589e032616c0f2da31cad5aa

SHA1
2a95f87e882b0305e979dd3428810a522555759f

SHA256
32dd54403b965de51e901956229de5999f5807dc155ece25bbfd8fda5db77732

SHA512
a06f5e6919ce70b57a76d599009c6346cbc98eb620cf28b4ded2079493508b5520cab4dc4ac06b522cccfe178364578d053108785b98153412818badb423e90a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97a2bca802e9d73c0ea8f8b469783d71

SHA1
cf40fc9c7d43c23246e30fdb0cdb9ae7648d497b

SHA256
c6a56ea5561b78473f5e3a256432ef5b61e089a99713617de51fa123f8848e19

SHA512
7ce8aefc4197ee2648dafc0a43c2e8cc6b49f0c2f986851ad8ba9bf8866e46a7c41a8977bc932a22a9e5629e460aea5f57f17cc00be5c83fbaa7ddb8922cecf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5e9f7fdbb91c074798b34f1736b6e1dc

SHA1
6494830853a637ed4f232bb89723e9028472682b

SHA256
b41bc27e704658e7209d1bcd8e7beb67d5ed849b0a5c0b6dec29244655274001

SHA512
0ecb01f6830b312796117813ff0dfd6e296f5d5db9ea4fb86de3db13d0f90140cda442301ef578825ce3855e70a9f7384d91afc3eb9a8d55ff6e8660766ba02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf031a63194ff41aedfdb01a48c52d82

SHA1
0f8b4e2a6d4fb7ff74685808bb438ea77c91b8d3

SHA256
dbb39e4f5c732e7d92e92940add5326aed97a4538e418c6004e2bc499dce2acf

SHA512
9b808e2127533c0e88f775b0e9651b5393be1db09f7af416082af53e5f3ba2083a891f81dedbb9779bb3df004adec6879607f3cf6e32205203973c1903ca2ed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5a478f1e08816969e8214f982850b754

SHA1
1cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c

SHA256
665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489

SHA512
7e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
de10384f74bb7513e1994cbcdb1b4f0f

SHA1
e4549bc71f590ab46ea1deadc2d5e79e7fb0f353

SHA256
47573b4472daca48bfc455a9cf206deb35b447c7de3c8e9db14679e5a9e48707

SHA512
d4ce63bcc199fb0eac4d863cdef9ce0b79796944891e96a08afbb28c95565be268f3c029543ad9a99f603047849174b95d4bc5b0038244e9cdd5af7baec0efe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57da62.TMP

Filesize
204B

MD5
3caef0975d3a6948b9a8ff0a4f9bfbec

SHA1
919f25c2bfa4efa555304112e6cd74d9c29680f9

SHA256
4609c1e9d1bbbcad1924a8851f54366bd3bf24b468552eaa463cbb0432330e0a

SHA512
498b3c6f4cee8c4182d80272f09bf892f042b1eea797baa471619b95fe0f62b8ffeb7bbd2149eadb263218a1d462e85a0cb9b9341041a9b95f0a3e632eedbbbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f136c481fe7c58c0ce2321961ddfb036

SHA1
d76562e33b01a3433d4bde8be27529c68691bda0

SHA256
f6253b159b833177d28e4f4ec155a51cf4d0ce5d80c0bff60fd154928ffa6d3c

SHA512
81806b96c1b39061bccf580362a010591743dfdb15d841e04d4273e8aee55ae6afd7d67d28c9d444c5ba48c1e48e0fab887fbd0738c417370653cd664c7ffe28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0f1d057a434c5292849c43b59d22f84

SHA1
a082dc923b93d7d339bf6db8f42d9389b6c98e7f

SHA256
c48768e32cc58a3c161427f338efb9ed866dc83d9f56d459032f717ce2d570cf

SHA512
215ab05643e206a0b264436b5fa0f67130497358f86c7f040bba71265066a43b914f6160ecdfe80b2e46e61cb127a7396512ebf6fdef4845b37f8c7251e2c110

Download Submit