hxxps://webcammodelprofile[.]wixsite[.]com/model/laura

Resubmissions

31/10/2023, 02:19

231031-crx4saga3t 1

31/10/2023, 02:00

231031-ce7gpafh6v 1

Analysis

max time kernel
124s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2023, 02:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://webcammodelprofile.wixsite.com/model/laura

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
4612	msedge.exe
4612	msedge.exe
3304	identity_helper.exe
3304	identity_helper.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 2500	4612	msedge.exe	45
PID 4612 wrote to memory of 2500	4612	msedge.exe	45
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 3096	4612	msedge.exe	88
PID 4612 wrote to memory of 2980	4612	msedge.exe	87
PID 4612 wrote to memory of 2980	4612	msedge.exe	87
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89
PID 4612 wrote to memory of 3568	4612	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://webcammodelprofile.wixsite.com/model/laura
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa12a946f8,0x7ffa12a94708,0x7ffa12a94718
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5516 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13381068041824783547,3134467078128791671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x49c
1⤵
PID:1788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
31KB

MD5
25e45e8085d6d817f233149528dcb778

SHA1
e7ca2c0134f7169dddbeaf850a4da5147d3a64bb

SHA256
d8632d7c59c2b39f4a7204ba311904060f13dc257a024d4c0d53ca2c2c093f61

SHA512
72893e95f76c04100bcf8756fd5a53dc39ac7b285ea14c278f2fd3896041266cd0b1c63e2ac8a9562f527fb8073d4ba4cbce166c4f0798b19fa65694640534ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
063ba47164ac513e7ab213d89f2847c4

SHA1
1508e45ca400915d26605596523229717e8b3e29

SHA256
14064a1f371bc31d07859cf66f209b50f659a291bed445a4c9780a8e362ae104

SHA512
7aec556efa6ddb3118f51d35fb41c99469ed7778200c427c7f07e6859508d58ba861dfc1aa59431cf985d1f6c09937a543f7ed072dd215504ee5ef485360257d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
10b2aa78eacc977317159e90d68321ac

SHA1
37b14eabfea0f31aef759bec13710834b29ac66d

SHA256
d840a26877c7162b45977c4397a952807cfe70310a8735605e8c865268512ae2

SHA512
a3fdfcf3751011de4c3bd952b78936dd086fc959c65f006eac4619170e5e9a2a361b928eedac5d72348c36779cb152bc9e9633989395c70d806739539b7c30ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
52735c46fa398b1a9c413b145ceabe52

SHA1
51495825ea6ca80af6fbaac3f966a3156c161384

SHA256
d260df460238b6e65526fe5b243592c6d488a4c1d912b458b3ea307dea34a338

SHA512
4e0dd6e1eb9179cc3bc1da6eff291227384555b301de4c3bded613d7cc90454a01574de8517c36f62fd4765c20c1216a642e0454ee12ee1c00d88991767661a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
719deacceca8ece7eaac1c07450dc167

SHA1
dfa7f864d58f27f553ce7d8f932be4e4a3c3385b

SHA256
70ef426e62d74069ae059d52ee8f9fe8f000d260cd3ea9f4c715fd77332a3fe4

SHA512
5e88ad3d635f3b4681255417c3d7ad20c1c0550ef92b6babaf28e776955af9d892006b5d873d61271a7a1761cfdbe0e33e9f270186f28918bb9983591e00209a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cfb6436daa8b97cf0120fc2b870ab359

SHA1
36fbd7b1f3c90662ace48e5d674d1035bdd0b493

SHA256
a4d9f2b51ee52d520c2e43594bd59f86922fd136f132747707be1c2ccb5f9786

SHA512
2da4a2074362f06a7e7be3125302a321efd888e04f4db02a6f5d24dea4e3858698446e3494a355e28353a814df217fa238151b62482728d37fe259380e3d579d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5c292e0c4450c246007b514385988d2

SHA1
7588278f221d976ac78e5cb5cad77f078d1a6ef7

SHA256
ed6e0cc1e1d2fe683183f220faea77e33fbcd753694caa532b47e5098eb27f87

SHA512
d4b1715df0d0ddcb0c7bfbd818335d612cbdb3798b9f7f3d25731c5b2f798d40828496cff84d250da825479ae74d59e6de63c672ae29704e4b80d9092c418302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6091287c06ad55248d2b04e107cd36a0

SHA1
0f42136a2c4cd042405bca76bab7d704af1672e3

SHA256
d94720e24a8378966254a9ab036de541809254581fde8a99d5c5ae1bfac741ea

SHA512
457ac87e728c1a64a36dd2b7d90b30601ba0e58cc963e8a8fd4f235ebf0c74ef29a659b0163a8f06409ea0f25c3b41911f19998a34cab783088c810c6b268d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6a22b5d24d8a18cc6048e5554d36afb0

SHA1
810c59c19d2daa281be872ad0e02fb560a844f3b

SHA256
64d192ad155b3c32e261097b11aa11b4c80cd2256fbb57e61ab5a67f7164ab85

SHA512
8eded13adaf73104ce8852f1812d87cd1ef45f3073b6cc55d54324f526312cfe420854270b8c3f27c5881063ee14eee0ce9b1c34379b8f5cd05a9d6fc6d52818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc4dcd623eff7d431ec66b505121e216

SHA1
32797cfee6c1a6b7e3e18422bfe1fa2a29076bae

SHA256
e6fb94a898a3e89b4369e3f3ca53c7b47a864cf775b9c0624c2f111f469adeef

SHA512
ce9a509c5c8fbab6d90c58e41b690e1f4433554aa8f99013168cc1142d391c3478f162f0f31a679778d172fd3dfe250a2c1965cc9ce97ea215969e795850de4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
86aacc283fa37a18cc4b314443f2b232

SHA1
2863989d6a0439eb0f7dad0435a642bcb6a8a1ef

SHA256
e355823db5c9922fe17944ac6871c2e5fd6f78722cbc17206d66a1f529c3839d

SHA512
90317751e18c4ab76727455557fdf1f3f078efac7d055f58f51df77dfff85457a32b505970e7199b7d278067bd92f79e02ca94469fbbaad6595ce266ec5850f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
357821fc486f4ef608d13e1d7c971cab

SHA1
b89b46fa3adf2c66c325e3b6fe97dfec379dfef2

SHA256
78169d1c3a9ef07135739c7757ebade0c6acdef7dce1cad42d8d237568c1029b

SHA512
0ff9d7b6c16ec9ac5e7b5dd1d6e5d83f4504399ba4a146c296ec1b4ec8b366b06ddbcafe8e2076684dbbb850e66cacff70050502ebb926eb20aceedbd65f0e89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67a218b02117cc097d54cbaf11cd0eb2

SHA1
b786c797e924157dc5ec4a024297afcf73141f78

SHA256
889467a9a36afe9a807ae6be1af97d737756f4a30645c4049f943a367f8855be

SHA512
2ffb88eda89aaf0152c9f5fe854b174decb13365e0508554bd220d7eed82f2be88961466e38f19766eee128bf38334ca4c3aaea068c666703d22932a687aaadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
8b1bb64278a8933adcbca7e57ecd170b

SHA1
159ec5c533b0f12dae0fa90b0f7d4ff01f7ef424

SHA256
81f032c67996783e716b920f4679b78d3e5f2cfc577e14c5ad74e3043fadeb10

SHA512
44c3cc2c8cf752368e3d33c1aaee097d1e33f5ec517bc9ef26b1682bd09d3585fffd20e48fc32840f75e98322a2a328cc7c113cda16e461906d46936bcf88175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586627.TMP

Filesize
372B

MD5
4953ef822e220b95be79a9667c727000

SHA1
c23fbc6d264011950769cab3a285ea62dc889c0e

SHA256
2f42361ed9ff10bd2ba7c817a086652651a4c75ac42aac6d0998bba92f9a9776

SHA512
4700d7456cfbb72cac081e17fac7ebb4ea04ccbf5665edee3a977bf6e3b0d7458e40bf17b2153ea3354861c728d4168312e5c048bb734b77edd3b26f6b0189b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7b3a2cbb676898048abf134fc671e81d

SHA1
511c38beea3765d3cee1d600b5a788b615b2d424

SHA256
2e36af2cfd7e2b6392f56b32a20cd388cc52c4e29d1848ad852bb4294cead211

SHA512
e9b961b1900be9e35a9b62b21ee99aae94bf648c159cbd0b3bef4e508cc5daee9ecf0c926611cb0879cad7ec13e7f4d6a90817eb204b94dbef992b8d3d45b608

Download Submit