hxxps://linkr[.]it/28pEDC?fxD=t2hGgbHoN7

Resubmissions

31/12/2023, 13:17

231231-qjjs3shebl 1

31/12/2023, 13:14

231231-qgvgssbch7 1

Analysis

max time kernel
1698s
max time network
1711s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linkr.it/28pEDC?fxD=t2hGgbHoN7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1815711207-1844170477-3539718864-1000\{BB1B872F-DBE5-4BBD-847F-9E6218D9F810}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
5064	msedge.exe
5064	msedge.exe
4744	msedge.exe
4744	msedge.exe
3132	identity_helper.exe
3132	identity_helper.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 3512	5064	msedge.exe	87
PID 5064 wrote to memory of 3512	5064	msedge.exe	87
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 2292	5064	msedge.exe	90
PID 5064 wrote to memory of 3088	5064	msedge.exe	89
PID 5064 wrote to memory of 3088	5064	msedge.exe	89
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91
PID 5064 wrote to memory of 3496	5064	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://linkr.it/28pEDC?fxD=t2hGgbHoN7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffc37c146f8,0x7ffc37c14708,0x7ffc37c14718
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3144 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,16544442272852954748,7412697661751508995,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5500 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\16a046fd-243b-4df3-859a-61a966f5cec7.tmp

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
a09ee8725492b95f427cd2af5b3eaab3

SHA1
61f3914f74e236a5557ea7880ff82ac35f1ffa7b

SHA256
f0f6778d9c6efe73dffe7e3420a526dc4515a6625788457e60f29a5c7b8f7373

SHA512
d3c227c757f24daa6480ba42ae54fd4b44c2f6183f683ba139d80d11f0359be32530f6c55816e6f634cd17e14cb6be241786a194ba0ddc0f43744c0e69822d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
0bf91d1ecac681b2c0f58aefdcb8481f

SHA1
d1da7a33f8beff9a0c15b6c09c22f92427d3fdb2

SHA256
31b2817ab4d0636dd04b6a32a1dc9f30060e6f54b7c9477c9b821c6b5e95ca1c

SHA512
a4295829c0b83e62075e5a041720d14d96452f29a29c7785c023ca577f6574d23ada0823b0b9fa8855e2482133793bc3cd2672685bcc8797defe83615c915b90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0f659d7e1ada17ccca46e8cfa3e00bde

SHA1
49260af35b114706b0dfe4f734dcd7de097801f4

SHA256
9a5c9663eb283cb68c6c45171b8a82f3ea44e5b97da033584d58a3965713f011

SHA512
7c654db69c83026fc50c94e7470b5340cf160582316340aa50a030f4ac990112d33df9604478ae593425023b7619e78ecb295acd4339b3cb85295cc87731209c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d29d7a41ee7d3c84260ad901f8c3e2ef

SHA1
59de0d7d5334d8d4c884e513db084852cc349350

SHA256
7efc1ddc289964522df5d960b74471ee602f42bdda53f02f8fa4e5d5d2bddc41

SHA512
50be9fd7fabb38fa958789bd9388b911c83536899aa2765e96f14d1456a80df5adeb3d4d1ed34ead624052f971ec6be94a69fdd0987ad112727aca59aeb67f44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4e04da006a222b737a8bb303e9b95adf

SHA1
b95523ebb2d2060fb61287a21b1a816f60474b1e

SHA256
bf26ba644f81230eb493373a0725e9bea9e4ef95960b0ff1fd2b054ebfdd0bf4

SHA512
4060fe1a3bc9316c668617a79c65b73ddf2b8586e9b590b4c353a5250a051203590c0d8dfd3900b26d461877b9050780c758ea714f8a11a41cc72ff55ede5611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
37b4b46481e10083f93731755162eade

SHA1
679cbc1371cbc04f5629e80a6cc877ea8801e53f

SHA256
322f3042eccaa6358f3e7172bd0befb6137cb6e3b9ae697acbefca096f48640c

SHA512
c4ddf9059dbebb3080105190dfa61f24cbe197b282b9cdc72de27cd70ff3902ba791049d028d47750fce6916219c289eb1c3eeb399e7bfcca47c45a16475c19d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ee990c196030624993751146b91f0558

SHA1
982172673a146907ad4ba8555dcd3f65928db50c

SHA256
760da2d7c8e674f0128d286ec137dae032cde0f024b4a0a784bfa57009668664

SHA512
725caf0b50558fe53a7de29fa1cf746cc790e55b08112c5c7708e9f12a845b5257a045e260920522f1859ef741890ea5a4a475a365c0a0d322cdbd5a6284e4db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9d00433d93a11a72b00e6e326887114c

SHA1
6caf4472054ff40c89d5a6ea629404cb951c4f89

SHA256
d29a1fd07590f9f8f39264664989dc1da7c318e350c211de8996441a923b27b5

SHA512
4cd495988165578b521739d8042eacbfbb8378e829cf338029316288c75ab261629961263bf5c6509de293e9a991e848471df6f9094354f522d8d55e535a0330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b15302c13679f164eb37af4bd2f59583

SHA1
2053d78d4ab9cb74633334fd42af57d44b6c5ffa

SHA256
ea90fe0b907acb77aa3adb4260bd3f1397bad2d21b5230ef0b71d0e80a3d5af6

SHA512
651bc546e89f0b56c5abb2cf53529b8ce6a63c6dbf1f9256c3c8ae74dafc0a672a0d1b255695d43ddc57a6d1ba712a8e08faec4205c076eb61c7aad2ee89e16e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
83304b7c7847c08afaa8a2145d393f1b

SHA1
89372e87e5b10de2ef4976259c51014df590b7c0

SHA256
d9c4d8776b601aa77a7f426a34834a57ff7719bef71518a9a84f6c79eab79114

SHA512
d03e84bb925f718dfd2ef8d5c3c392a7dff151fa958a8913da0d844def96547a0a69fc750fa5b764b8b2e98a05b29740432168e5e4f216bef341130ac4e3876a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3bd255c07832746abde524c1ac366a0a

SHA1
34321097ddd848f2d66e4c3a4dd382f9dd5fa845

SHA256
95e32ff5a3502025ddc49313cf9751bfdfcbddafdc25a406a36826b26a20c45a

SHA512
1772fdcd2fdb56a906460ceef9aac900231cc95017f3f020896840d2d86a4dcec7ba8332bee84498b377809cd132c288c1628914df8faf3778b04d7fff74e678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fc42980cce6c4c4c24047e9ce42395da

SHA1
72b6cbfb640885c041fbc5eee70def8b848f6bd4

SHA256
f6094fa6c4c995cefdb3300b36195933d42a7240ce2298f0e3c9c2b2f6edda37

SHA512
e8b953225c5f0d05a32cfd65a71ec53a49e2a6ccc24ce583395fbd17cde4a652dfa550c6580395ffb41864e35a355936247f16abe8535e31e148683e7affcc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eecdbef360796e052e98f0fad17c5889

SHA1
7fc53137b80478781f0a63aa249cd44d1a0e90c2

SHA256
9f97d58231910a21be750a4a0cda0d4cace978f91187b3ffd8a4db326e692ef2

SHA512
1903039b3eb340c616c706d03884d8e9e73cc1ffd286e0476d40cc5cbcd90b62bb1e019e697158eed4d4b679a85351ed7034d7266d122e5cfbfea444124f9269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
726b82acfe696a43be2ed9c189375a3a

SHA1
20e49f889e0698479490dad7a798a95543d9edc9

SHA256
e737fd593fe1cc7029553b88c220b27e1c4f62b4e7a70f17a097756c0cb497c7

SHA512
e078f466317256907b44636ed5f9c0906f394b9711ab010f8433aad5121c5657feac128fac13fa91d074e9d75de3e669759478c09505d3e0199cb4118605c2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5484d030e4fdf44f877311851bc0b6b

SHA1
eeb0c16dc53410236a98195792ac6e10508e41f4

SHA256
03bd7c4a586c15a67106d8f59d55258b7cadfed77d7d217069fe65f2ffee46bf

SHA512
8caf7e7f6766ad0456dbf263da5883c4b8d5144461aca7d5f64e21778fc15fa9de2534ef0493e7fbf990aca23c4eb6d62ae77da78bef6ab4259b12537792c753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7ffbe30795d638fdaae485922fa286c0

SHA1
af483e33e34446392d2728f8ea030ab857f5dd71

SHA256
47929e84db3c3a1e5c0d809f797190266cc24a5b4630bcf589a2ad5219852241

SHA512
40a90c508dcb6e1f614a9b122ce1835e1e56da1efda0a14b9007eeabd98137fb357e88598a3424c26d960c2cd4109d0acf33febe176163045625af34906080c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f4b5e6a0412eea5b1746405f42d9e7dc

SHA1
47594521f09993b661e05ad929e345cf0363c0dc

SHA256
b72d68ebe30f968699809ac1b7bd6349ac1e3101a948e286f2f8872d807fdd5e

SHA512
c5d106ca70d86f3ddf08e3ec3922253eda717fff7ed336a4d22376b50bc71dcab4ea4f222935d583ab0c1a79eff5d296a2801c838b2a1ad2a281c79b9cc7644c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589882.TMP

Filesize
871B

MD5
fa03579f48fc9307b4b7b5925e7af7c2

SHA1
bc8184916967197b99fcd75547743b026c1b024c

SHA256
977131be7e29608a5a0067349c28546fc1b63689a3d10b9f5d9e03e959d7e28f

SHA512
987d6b0224abef4cf486501cfbc0169c5eee277be80d42e3cddb432d23cc7ef3e9ec37d48eddf68dc4ecfb8b987ae4620c5fd2c0f6de19b8625a05f61aab1a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
057af3f39f0ad6df73e187b1059bc6a7

SHA1
14fc657814e97a0681c5e2d26bcd86f022c06ae1

SHA256
3f0a18b2b09214db3748d5f8f59be7c703c4139eebf72b3f2897fd75be841cfa

SHA512
827909fd99003738affee9830ff468c5b4299fb119f5d88f987c820e584a18663f9f266c17712092fd660c895ca72a4a6079a78a24fe3baf0b2c7594627745d1

Download Submit