hxxps://resolve[.]picrights[.]com/433434174370

Analysis

max time kernel
159s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://resolve.picrights.com/433434174370

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
3620	msedge.exe
3620	msedge.exe
4588	identity_helper.exe
4588	identity_helper.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 1140	3620	msedge.exe	88
PID 3620 wrote to memory of 1140	3620	msedge.exe	88
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 696	3620	msedge.exe	89
PID 3620 wrote to memory of 4988	3620	msedge.exe	90
PID 3620 wrote to memory of 4988	3620	msedge.exe	90
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91
PID 3620 wrote to memory of 4224	3620	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://resolve.picrights.com/433434174370
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff967fa46f8,0x7ff967fa4708,0x7ff967fa4718
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,13460897235351305803,7047177809606734204,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,13460897235351305803,7047177809606734204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,13460897235351305803,7047177809606734204,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13460897235351305803,7047177809606734204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13460897235351305803,7047177809606734204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,13460897235351305803,7047177809606734204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,13460897235351305803,7047177809606734204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13460897235351305803,7047177809606734204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13460897235351305803,7047177809606734204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13460897235351305803,7047177809606734204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13460897235351305803,7047177809606734204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,13460897235351305803,7047177809606734204,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
35c7bac1889f2923dbd311e630940415

SHA1
883d01df811968b00d8f22d7e06ff4bbed5182c5

SHA256
b2b92d8b18716d68837e15baa99fd576a9ad709ef00e352c3adf5303aff171c2

SHA512
9527334cc1ee6f888e4e9b291078000c33bfc05c4dec38daf826a80e8765be11f353a918cf67b8b570b84a0b8b9414445ff48a2be9373e07121fe3b2b2df5322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
74ac7d886fd1bdf7c8a72f979e6a42f1

SHA1
9329836aeb132b3eefa6c4f6c001503061e9a753

SHA256
46ccae08e242c9a08b540d0ea56db0f9d989bd3ef7a2da4cc1f998fee7ef73b6

SHA512
ad7554cf2b5730869d818cc480f07c7f9aa21561bc4f40760fd50237bf121d8a15eedcef5ad9c89fd86c78cd74716bcb40983a11ed5b2a3f5d4ddbd038cc367b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
43b1b1c3a456a99e2e7034e6b369ac1d

SHA1
b029b9a8c32e0b3f5e58a0d5acf4565ade5afed3

SHA256
32a8377acff8ac76a1028de77f09fa7e6b7c55c957b5e0d2528354f6463a8005

SHA512
36ef807babb2bf1dde3d35df63ba4ebadf90ee823917ea29c43fe1a4ddd3981ed42ea14600ae46f19a9b66decf57486ee26e014e3fd28946fed2d952a7bcc2ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
67f65a43c7556190bc5010141540c97b

SHA1
5a01b60b12ab0b233db825d8c9b87e6a325097cf

SHA256
8df7c72a04361ea22fe97e9de01f550f06dd65fbb311e33b938c4aabe16edcad

SHA512
140b1228129e22aa5ce3502a88eb351c68ddb1d690a669d2c262c7acd61911def097f0acedfdc9ba0b31468eafbf0c7cb4046b5d73ad72ccc5d37ee33e4af240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d1759dc9868e690a8f1f71d79ce884f

SHA1
a14e69173ba536ad4e08628131198006ab139195

SHA256
7f7ec4436d7cd93290c63479ca029c0726b19b1f2dfaae6e8221dc426c673467

SHA512
1580e602ffc8f362e8fc5e9b2c725fa1b882dfad24218792b59dd6b0b0f2e1b8d774024f9d85c4da9129e4bd648ff89c7c69797b3763edccd19571a5bcf82605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48370fca14e3d1345412ddc7f08d40ee

SHA1
8552cf6dd14c1d979bc2c2c3b73e2fc5da9fbc59

SHA256
9b0e23890c76ed5d2413c88a7785fdb69ac5473fae0caf5fa3839af6e2dd3f27

SHA512
276393046fe0b42a4c2ab64f423fa3ec890fd08f83ca08c4eaae45ef6ac3739e122d2abb51c3f7836541c8b5590edb5d132cd0cda8ffdb15f9390f03acb30344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b44c0d556e7d22ab3ae9f47590388463

SHA1
7eea89897bbd9769acb65eff159b1287d845c23c

SHA256
904c8b597c9693a938e1ee200270815761a1311c8f880b3b0f803ba5b4ee6c4b

SHA512
c3f3acef0139d6251bae2ce1e4c8bc989cffcbad0bc5ccd4617a405f5ef1c24909920ad7bd5cbae723ff4e721dcd572efd772f2e2ad7225e8288063f23a418cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9aa3bdcbb66a49902fed713c1ff6676c

SHA1
04ece0250a4227f222d27284b97adc0e7d615535

SHA256
191e6a2e32a7b2225aa6e703c62c61abc8f42b9ae43047fd7bfb5c363e799ebb

SHA512
0f7402985a888d638f8bcb420255e08a6a0e5cae633f0b9ff996b89aff79270688d778cc7135de663926f0dc853e057f30075fbd6b3054efce18b17c2dd4ea17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
189c9c630331131116804f9b68ac3757

SHA1
7b38e297ccdbe691ef6def6e9456db281462cdba

SHA256
7eb9cbc0e93c7385ef02d9f0cdc2eb0da1a17eb140739b51c01c48fbd594da24

SHA512
4261601b071ed9aa92464711634bf1f0b4542c2b0a78b53009d1810535945f9a351767e015d0eeedf54e772f3cc5a6641333aa50c0aac69b7fd0c385f1faaebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
37612f63693452b74a7fc3f31267d552

SHA1
1880fc641633a2fae0be79daa85b3f1b684d0bc9

SHA256
bd70f04297a700caec32d2973b02f5ea2115a6eb08ee79ff75c886cab8876617

SHA512
04d1ecec96ed4e816679289569fe8873af4448b1e1bc1a962955e935432fe673b5aaa77d8dbaab41ae38c00caaba4fb40445783931bfc769bb0d72f08688ba24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
8a4d8d01e37708cf0f0338f05576982c

SHA1
21180d0693052b7f7a611297092672ef248389c7

SHA256
55ba375944f63e2abd2b428da01ef5fd5ac893b3c1dc3928f110b5437b48ec81

SHA512
9c875c814e02496ef84079ab45394c4c974c6be1ddbda82a39ba7087f0739ae7784aa7ec56446725502196a39951ad42ca157a957bc7b33866e4918d4b0e35e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580673.TMP

Filesize
371B

MD5
0e080727f60876431c11c10e7583b5a8

SHA1
d9bb9cfcaa4c2fde3716b29804c02c1a104f0150

SHA256
712e884fc2f35663711797ff1030b56b06d261089d281626f82d023c4dbd7113

SHA512
9fdb38e22cb1b6ad72a5ebebbbba1819fe22fc56214df46c46a9aa25a0dcb1283e4c75d9ebd19be7cb17fc80c9675bac4f3741bf8bc06525a012264dc4132f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a47a32731d88b4f28b348d5c8050cc87

SHA1
309e8dbb230abd8d8ca037a953d05cc11c2c8b2b

SHA256
350d7b4b9d568283729a428988692fe67c0cd6d9965dd3368cd93364e6f2f95f

SHA512
d6047a47638c2d72409575a4747eb78ec26b556e1a32ce8ffd836cf7fc4e8094eecd854b6ca4bfda2ea3ae6a371971d3f9113d983d7e9f4a3c5b747480e914c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e6434c0f2fb2eafe735f7ce4bc1c3fab

SHA1
36d2ca02ceb6ce4533170cc4e9f3021f8a64f673

SHA256
f2fcbcfaa93b2f6762077a9709aa76f3d03900197da1005f29f20d2eb07c7a41

SHA512
69817b7b6f73418700e7dc6158236c3555866c9dab039ca99e19f8592c820374aa0b24164787d68afc65456f6e2ad5b476868dc0dde9982c1bfa12e66db821cd

Download Submit