hxxps://cts[.]vresp[.]com/ls?d3fd7b9a19/8cabcd1612/hxxps://linkedin[.]com/sharing/share-offsite/?url=hxxp://hosted-p0[.]vresp[.]com/746511/d3fd7b9a19/ARCHIVE

Analysis

max time kernel
163s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 03:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cts.vresp.com/ls?d3fd7b9a19/8cabcd1612/https://linkedin.com/sharing/share-offsite/?url=http://hosted-p0.vresp.com/746511/d3fd7b9a19/ARCHIVE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1574508946-349927670-1185736483-1000\{0C101959-F029-4E6C-8BA6-347E43C39B5F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
456	msedge.exe
456	msedge.exe
4468	msedge.exe
4468	msedge.exe
2296	identity_helper.exe
2296	identity_helper.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 4220	456	msedge.exe	86
PID 456 wrote to memory of 4220	456	msedge.exe	86
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 1724	456	msedge.exe	88
PID 456 wrote to memory of 3968	456	msedge.exe	87
PID 456 wrote to memory of 3968	456	msedge.exe	87
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89
PID 456 wrote to memory of 3208	456	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cts.vresp.com/ls?d3fd7b9a19/8cabcd1612/https://linkedin.com/sharing/share-offsite/?url=http://hosted-p0.vresp.com/746511/d3fd7b9a19/ARCHIVE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2e8046f8,0x7fff2e804708,0x7fff2e804718
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3856 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,2575065248793384895,6696956345123370413,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d8f4eadb68a3e3d1bf2fa3006af5510

SHA1
d5d8239ec8a3bf5dadf52360350251d90d9e0142

SHA256
85a80218f4e5b578993436a6b8066b60508dd85a09579a4cb6757c2f9550d96c

SHA512
554773c4edd8456efaa23ac24970af5441e307424de3d2f41539c2cf854d57e7f725bf0c9986347fd3f2ff43efc8f69fd73c5d773bbfd504a99daca2b272a554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
e27ccf3f9f340f7a4dbef90fe85ac993

SHA1
42eaec66562f51294d46e3973cc6daee482c4214

SHA256
2f4006f82072157395a279b45e354e865d22c54fc01a2a8d27bee914a54b759f

SHA512
479bad0c805454566e159057a17101886451f5f40248fa4bca184f89052eebb117cf0bf3f5bb93183ad10215e10f78225d660f2fc7a0917bdcb15891c49c0e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
53226ce9750714bc8fdbeb619da82e90

SHA1
c8bdc784b445b8c5ca8787d3e79f81a062dfe3c9

SHA256
206221c3975ab1d1b8d91a257fd97ec3ee9a08953e1e06e66d046b8448900f13

SHA512
85f56293683c0c119b7d2425da4145521f8650dff5da58ea02584a07c12d6fdf2dca17339db6ca9a8dc0cfb6790e9d66e48cf60c9c8501bebbbf038c4dc1e760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
591B

MD5
2b65056af006ad31b75faed595486b39

SHA1
bc5459a8d1ca7aaa88b404a489eb9af72553ed13

SHA256
b5205fe6848c1b0d63307d0af3627e72b2546f9fa8a250febff8e719308cba42

SHA512
c9f2de02bdcfd27d9066010d9062ea0fc3f0b9a4f13adcc79ec4e32a00d0d01bfa38c49458d1592987eb407561cf2d6260446bf71c8949ec4f4c1c97cae74a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb8b0af2563a7dd33a080cc063661d06

SHA1
e91244459febf8da95b9da4b738beb88b7c5b00d

SHA256
913af44a3e0e8a7261c4a2b3ece689d70f897677089426706ad1524383ac83e8

SHA512
c12246ac31506bd0cee163d0499106a38e148c07b1088e1e542cf7550e8eb9e11227bc6414e979919c4db3b41910a53bc81f80f641986f1a094a16d21facf8c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
950e974d8e700390202a42972f8fe876

SHA1
7f2dd578721ae7ba8c2bbea335079bed040156d7

SHA256
e971ca6f04b195e4caeb0d8964a499116b749344782467ae522358e0f298620f

SHA512
da80d0ef9535ba355002c41abd54cb81a2ee60c798ac860590a3ce57dd915bbd23314310cac203c1595ca3fe42a38be122b4f55b4c6f1a4dce85e1640ffb7120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d91b79d5afba9d755b711fd5fb0ab9f

SHA1
71885e71eb3cf0020bdb0b921c8639c6ff1c26e9

SHA256
3ab5b2167321414406ab43724eacb5aac1bbbc367d2a03a19641be1fd775246d

SHA512
2ff145d8257631c9fb463c50fdfce7a7c2a7cf69dff88c1a927566047826cbe3a20369cda93cb048ee1041913cd433b54cbfd05aa924e4c46c60901537409f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d985875547ce8936a14b00d1e571365f

SHA1
040d8e5bd318357941fca03b49f66a1470824cb3

SHA256
8455a012296a7f4b10ade39e1300cda1b04fd0fc1832ffc043e66f48c6aecfbf

SHA512
ca31d3d6c44d52a1f817731da2e7ac98402cd19eeb4b48906950a2f22f961c8b1f665c3eaa62bf73cd44eb94ea377f7e2ceff9ef682a543771344dab9dbf5a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
1d95908b5ff1f91aca794f307a712b8c

SHA1
4e31167efd912dfb56cc679b2ab0dbcf16480bbc

SHA256
fb205321ee277ed0c0d30e8510697272a133b8961078deaa2b68e867f31967ae

SHA512
1a6b380af4664451d1849cc9c74a864f8404a4cbdea129ab090280a496ef69fb291e9d438959d83d0733fc2941ef4b30e3304b9769e5ab4d33e74bc4509170f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
d5a940b156757aa941446e4fa2abbc50

SHA1
b6711bef4b43036765fc0776d79f356545c28325

SHA256
888821402da33e9095963aa9106c97421cc8299cff0d6ffe6eeeaa871c7667a7

SHA512
cead47c17d6c8dcb48b592f7d8cb85f432b1b9f2d3c01631612e34425dfe53ad1760d58c47bed66505cbacc4c2001ff9840a1d59574cca546dcd4222af50e839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
2eed7496fee4fa97081a049c6936d244

SHA1
5aa9fd1b0a672ab6f04fe8b1df53ed01817d320a

SHA256
8b471bb1f2c4f8cac309bdd8cff38ac4ca14ca39a5a6ee0ede61186516373e96

SHA512
99924be91924fe479e4d3febf2f1a8d4ff7ef24fe636b727b2980cf54c09d4ec1deb7f62ba1ed9e055a8b2b6a409a031f682f29f369ba3bf65493398f31584d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
7516675a654aa6888214a3987eb373e3

SHA1
49aad32d88d11d3f4694b402b5edee29a1b58fb7

SHA256
17f7fa90abf38aafd948eb1bbd870aed0fcbea3a394fbfc818f236f901408f71

SHA512
46b6164b535638686a7030f972ce7f56a4effa32fa56e0825f28311fa1de4686142c5f26f6e2eb2cad957428118b9f812b0adfed624c95cbb46f695d4f2be633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
a278949429340817bfd1612ef44d7954

SHA1
c5f65c49cf063ef7f7d7c7df2993c55ed37bffc2

SHA256
e9c1a6266ec02b113e2c38d9ec82be0b453e62e229c0321c8d79f0dc03f96e00

SHA512
152741df65f9b1d525baed190fe1adb1fadafbf0165fdc6ea425b5298a0b30fd75bef82be806c540dad275e7c93404f0b4530aa5ce243d91a4ced3e57cd09551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
09b430a81cfed6427610c3704a98c48e

SHA1
4af240f492a92896774a616923bf5db86a8f3796

SHA256
3cb0a5de296518553b7dd3975a94d42a300a650efa57cf5d98603825a846bb75

SHA512
c5c5e4141d39956e13010a07bcfbf14146a8fa68eecda2b12387e89b83bd568f50d5b38103a737f791e42e513c137082a38c75bfe1d926b039c6c0a0064cf96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592bd9.TMP

Filesize
204B

MD5
041e9de625c2e64ef0651492cf42bffb

SHA1
91371f1e7665a7ce123db4a7d19928d26185cffd

SHA256
9971c9dfb6af0c03689274aee7f98671517742487a9ba51fc25c6f71eecc9a82

SHA512
7a1039fbc8b052396b019ec157f5dc5c190c6fed8705e6a3a730ff5be9310ef57cc0f9778722141bf9375a5710befd6d27a758430ae70aa0cddc281d3febbabf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e2c3ab82-4ae7-40bc-ba31-f04e3be7a61a.tmp

Filesize
204B

MD5
3baa4f561a1712e6e9b004689134c20b

SHA1
8b30ae0811b738ac6db7ebc7c612b54088a7df0c

SHA256
dd3444702f343952dfcadcd39ceaab58fbb215eee52525c089a12ab54302d60f

SHA512
d0ec7b59404eb2c48a3452b13fc0495b5d7389225cb27623f28594894449b2f32449145a16ff11d2454596ef30bf47831c123678fef66802d5259914dbb74220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d85e4ddc111cfbf420529945114162f2

SHA1
66cae01a7811607f26d8f481daa076c903e59e6f

SHA256
6878ff7f9a09d7097bca64ca1819c50188e628f42ba809bf4d958cbe6286abc1

SHA512
bbdd8502ad39a4992449d4bae533fa3d198a1f0b23b40e66298df13001673906a726b79355b57d84632787fa46c588d6cd81c730eac8cea549217e53fd69a73e

Download Submit