hxxps://app[.]peardeck[.]com/student/tmtdhgqgx

Resubmissions

20/02/2024, 21:07

240220-zyqplseh8y 1

20/02/2024, 14:59

240220-scwkeaab5s 1

Analysis

max time kernel
1800s
max time network
1689s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.peardeck.com/student/tmtdhgqgx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1752	msedge.exe
1752	msedge.exe
1852	msedge.exe
1852	msedge.exe
3296	identity_helper.exe
3296	identity_helper.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 2628	1852	msedge.exe	57
PID 1852 wrote to memory of 2628	1852	msedge.exe	57
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1420	1852	msedge.exe	88
PID 1852 wrote to memory of 1752	1852	msedge.exe	86
PID 1852 wrote to memory of 1752	1852	msedge.exe	86
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87
PID 1852 wrote to memory of 2188	1852	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.peardeck.com/student/tmtdhgqgx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb74746f8,0x7ffbb7474708,0x7ffbb7474718
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12278706633661389303,6069199206906345202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,12278706633661389303,6069199206906345202,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12278706633661389303,6069199206906345202,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12278706633661389303,6069199206906345202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12278706633661389303,6069199206906345202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12278706633661389303,6069199206906345202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12278706633661389303,6069199206906345202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12278706633661389303,6069199206906345202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12278706633661389303,6069199206906345202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12278706633661389303,6069199206906345202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12278706633661389303,6069199206906345202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12278706633661389303,6069199206906345202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12278706633661389303,6069199206906345202,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdf4a759acd43c3d54213b9de2bbe047

SHA1
81da78a0894c8742292af1057383e39588df4e95

SHA256
60ad530f2bdc411f4c0e1437b28896dc9c45a950a93cb3c2cc9e1ae70b629b7d

SHA512
4569267b06df28b47f87d666cad4cc63151ddfbe494a26a8ccbc9375fb333596c329778372d2dce5cb53037ca6b731bc9d0bec52eb18e0899e6555600bb305d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
89cbb20cdb08953be45a7ce57ff680fe

SHA1
8dac492c4f5fdd777f4947d58cc0948664688d9d

SHA256
9b2cf9b97e1df21a5591ea406c579d3d62949a085012b136a06026ba48ce9ff4

SHA512
b32ffc555641fed2fe0afe144dd5470f6eb01fae9f891c43e5217e231ff730a0bf7239030c12e54a7f3ad2c2c43d7322bef5bc5f57e002246fff3d0d5a86a464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9cbe4f80-89b4-437e-83a2-f44c04e08264.tmp

Filesize
1KB

MD5
0aab2e4138b9b735a78e124b6194ce63

SHA1
68d2a10a6f2a9cc80ec7e534f1844ed5755ed13e

SHA256
478cd4c060d79ff9c58ba910cd2f6f1f85b12639453c282f8991994d851461be

SHA512
01fd77f24fe13cdf57545f17e224cd4208dd09d078e4ed1dc7d51e4d01b30cbe36e00a7ab0cdc5ef9e00257f9aaa4c2c46b2549371077b19b0d76003f9e70703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
f3a52e68efd9f10bd7a9e2c28f80b9e8

SHA1
ac18ba372a09683358ef9980bc5539859fb3cbb8

SHA256
356be69cf116418955ab0bf4344c64b8e99a89e29f56bb391d1299b851b8123b

SHA512
597be8936f8fb148dd9cbb498e6b2e63e1b605d604ea7206fcc477abd8e4691680be0bc7053056ebd9c3884429a09bc5670b4c997c2c1feaffc1a50a51fce428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1ba00683224a2b8f7d1a4d89c8e5088a

SHA1
197694de5d0a13e704c3f25ffc1e813dfbb395ab

SHA256
af0e2ce1b22322ca1fcd87fee142bd061adb32be38ebf19725fe279dbd8b90b9

SHA512
c90a03bb4bb36d70f344bff4a3afe57cd8e4f6508a32a544c015e3605962dc1c296a348a15ade8116195ec8f258c85f51278a66922e60931e152db75b2bbb767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5fe48661469a4be243f1f1701eee72c2

SHA1
995dbb1feea413d025a085bdd2180b6085a22f73

SHA256
ad2fda038c48c346803474febbec3db67e96dff8e4b5b1b82c92aa9fb7f0a7f8

SHA512
d83ec029003b623d313b14ac939b2b7a1e8cd2aec39e0bd5c5cd29de0ab86b4799263eed762c57cb88ebedff9b840baeb3631bed3d82cd099b76b0e59eb85d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
383f4f95892122fa51bdc040cdd1d9dc

SHA1
11bd3270fa23491068ae98c033653ffa37f4ebbb

SHA256
44260f7484a1708030ba90abf26e1b9b0d9a3dff96f13e75bb379698ca49c3db

SHA512
a62af16c1dd82b93a8ea3f7b93d80e1576a62a8ad3be2a15aea0afde7a5a55f79c50104d490a4bdbb0e0c8fe3ea624cb4dc43ea231ca2e8bf58017d58f7c957e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0df2fe6cca5e0cd77eb2ae1660608dce

SHA1
3bd095d39dbdb16907176512d7f19f4e002bb32f

SHA256
a945ea517f7c694bec79f87e2bc7e8a42ed762c37fb8b4de718993647b10982c

SHA512
a843012196abc8773756b5b064a153e7e2fe368635ece57c1a6da5191f58bec5fcc5eb19559b397b5f4cc340d032b7185c7a5ac7f4d58f63bf4d110a88a39c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0044f3635b07d5ac0aad3a15ba6f3c48

SHA1
7f740533d13304eec0daa9bb04ac6e913f5d3325

SHA256
2316521bf86affe6bd5ceb07bbeb0fa2a0ca037e479bc6d40200c893a8f63630

SHA512
14dc06198597fa6f9c4cd47480d97a4ff1279bfb32265e78c906b5b99c8876c0a12dcb4f4287c6a5864b8c9db348bbd8f44672c3a949a8bbdd4632fedcd3915d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c9e96960518bf5b84f44d0e2d37f006c

SHA1
5612a5b26a15f88b9797586b277078d771b9dac7

SHA256
2adb418c7659495e5ed253cd1328d4fad5028f6dc6e0d42d63c6343f51924570

SHA512
df7214ff173431f9cae564cd48edb4ce8f531f6009d2aca3d1a8d2d486110a987321fd8920b86dc76ef6e873e3ece7afa6de5df278ef6e690355da5326bd0a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a551599f415abab86e3e842350b08352

SHA1
2ba7b66728d86cab68921c1ef48e21621ed32157

SHA256
5b00757881a0b3df22663d63250319d08a96faf7165a464290876da8348f8b90

SHA512
c22de891fc0239eacf3de77e0e2e9ddd8ee7d2cc8c6f92f6c9e8d17da5bdc2a652d9f9b12edc362b796c08c7df817328a576beff3e9560b5752d447fec46e43f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
429b3cfcadf8895b5a75b163dc26d374

SHA1
fc773a627f854716c386208a741774cf69291795

SHA256
44176049c60a33d2b8e650a0892a84bc7022eef70737cd1f17111b61600ac2df

SHA512
f04bd135f41c83f35843634b812d0d52420f3c5d0ce64ecbe11ef7dab9fc26b0a96db3bd5e2e5b0834f501c3ad81911072a7b023a8b5588bd4c671fbcd673957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd4aed6ab3fb301e0d84bc93f1675cc4

SHA1
dfea87dbfe85efae75c93ec855470072e85028a1

SHA256
84da60753654814bea5dad235d044c606482497611bf770f58ba968ccb1d6328

SHA512
05b3ac088cd9d47933317a2d5ab773836368987038a1912be2a43976aec69dce494c520c51cf3ccb06cd754e2a5cb2e2f5cb90934330d03614f95920b796ba70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b63bf049ad3fd685c0d279a67f378ab7

SHA1
94b27b08abc2b2fc728b0cd486d7b96086ae63cd

SHA256
88a8a27f273acd47c800cf84ad099d276634b6c8d32b46fba7a448d130d44cb2

SHA512
17f9180c6b28956d1d36cbbf895f8be27cf2b1bd18cc7b7a78d70354a409c03c2e9af86b1027fd3d3736c4b1d08a9b6840be039ca3f2905d3b529c72e8f2ce48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
fdfc81db1157a95bdd01b61209de8c0d

SHA1
6f0ef146b880d98f567f19cdcacd95209c6bc960

SHA256
d5242c9792e2fe00c45e3c55593a59b1ecfd29adc7bf3c199f863407b17f799c

SHA512
061efa0235de7153aa81ed012a36d028f87cb5b4be12b57c7a98b1e5b3cd950954e7abb93fb823d6f170bdfc7e899f60919fc4f4e194ca8e0c16d3ea7e11ecbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
07f2f9e513c01823178a542b3f95aced

SHA1
8d3230d17cd416875cfc0a6aeb2d581b322a4931

SHA256
5676e5fea3f4d646482fd547f33900a768df1946d5d7c675b5934eea17fc212b

SHA512
b8c00e683f14c7d38b4312b80ceae79b9106a305402f307b14721f12d6c7336d62a65a4cd9733a016cc457d7f84b4a4271926ae975665ffcf66917fbfd77dae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
5e83eb36708f7783bdc1386b76059ada

SHA1
cb43db2c278744e3e254aa50cf08e2e2b4deb4ed

SHA256
737ed39c922ff9b86d621be650a862b4fdd32fba49fb56bd353ea0f941078361

SHA512
917c11e7800833a70d7113c05dcc311bbc5970fb9335e5cb530e14906a39b1800e3f9975a20034b6635a26a5df76aa09d98b779600c43a1f43b9b294f5468b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
07c3d273719fcf50d5871038d69cce7f

SHA1
884e35299e19c5283eb0b4868cf921d6db92348a

SHA256
a8f4bf36e136705f31009b7e24f37ea560aed496b51891cab62147291a41d403

SHA512
60c4373a268c1bcf1d337c4a5139bd4e0430d2318eec9fc04d2ce348002d08c2949aeb3e6ba61319e69d9efc1af957069adba0b1d158a441369718e9d95be0a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
e7160f689ab42f2c7f1ca04896124aa3

SHA1
eadc220b906813dacf0ea24b8a8fbd4a61ef23e7

SHA256
e84c18334990316875682cf29c7a50b71e0017b3575a1f07d7205c81b340a9ff

SHA512
cfed6d09195f560be9605e2e40d9cd0b8e451da23cddaf0427be66ef8e996de2a68768dfcbb15cdd7c9343c19a7c4cc097acddc0e8b8315d88c4fbb730797829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
325c31ab1560e04762d899942e91e2e0

SHA1
40d00cc5a3c8a4a0179dd5a32268a02d989c24c4

SHA256
22a0756084b3a303460b47ac8a20004a7e5cd5672def21388018c972b6e67282

SHA512
171c3407a45fc7cf8de9d8f43de26ba1d2d0128ba636b220cd9d3dc4e42993f9c4247e2227f91d83237385e8a6da5429ceafb47b8b40ac8c01496f43ba08c58d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
e569c2654d4f6e7fd79153a713bf7535

SHA1
0a05f8400261b8c221ae99f4ec6d755a3478b9da

SHA256
baeabc4dd52660bd570931f581021f96a8a1bbf010c7265edb83b0c1e615e06a

SHA512
a87eb6cada50db2b00f70f01070bcebc4800a5f64b7daa38396ec8e81cc33570784eab17d6e69aa00d7e15dd4c10c38d326eebebe61693fad29456dfb320cde2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
5ecf094bd47cd212309d96bb905d3b5a

SHA1
ae7afbe9c361d8f8065cc6029199865152fb1856

SHA256
7dfe84f6132f85a400edc11fd923060624458ed2763622933ba4040a70db7ccc

SHA512
4ceef0bf9ffc1a265a7646d5ad42e14613fba7aaa6146d0b3a7d80caebf57a9015e80862952649e01ba7a2c1aa653542a5546aa8f2a729ad16b9e710c06183c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
a7f735995da809ec42a6cdd1c740e90f

SHA1
4630540dac3846b804f1266b7eeb5cb0427ef37d

SHA256
39d54180db6eb6da455d79e453eeb2a16b76cff2381ce1e11ed6ec7c15532bfa

SHA512
10dcc664bf6f651a29cf4b8b6063cf7239eee052749c74445bff12e365052c7b4a85068ab8938b5281276d2e546365e887c7050a6ef4471ecc92b2a45e223585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589f77.TMP

Filesize
370B

MD5
13d5703847d6d69d0f7645bb60e0011c

SHA1
9832e14b4493c41c19a4a37774760a32c1de93e8

SHA256
fa1a9dbe5d953cfafb84269d1f076c73d7efb48fc6d988f14f07cd367ee03186

SHA512
b71491cc653c558244cab6ab82cbfbb55e08cede271aac882138d108ecabec0ad83621dc339a2d51bbc1ac52000c08b7793faad3ecf992d49fae14dc60fcfbd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0f8c2a02d252bb8f067b4fa4cee082cb

SHA1
fbc09390342b575beac40b3ad46f346f2f859032

SHA256
0398d5a0205c7d69d1d9fa30e1f33cce4bd6abeafd23469d94abe3709567b157

SHA512
db6f8268058c00aaf63d3f31eb45d87ff4dcc59d4117eb2d57c8c567258ae988078df6178eee1b92cbc10439fcf5cee2ff6becb5b0fa304c92ecf5ea5e39f5f4

Download Submit