hxxps://www[.]linkedin[.]com/redir/general-malware-page?url=https%3A%2F%2Fstoriescover%2ecom%2Fnew-f&lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BWIoC4VCISxCqpbc4F8GdgQ%3D%3D

Resubmissions

22/04/2024, 00:48

240422-a5zhnadb74 1

22/04/2024, 00:47

240422-a5gb3sde2x 4

22/04/2024, 00:46

240422-a4pl3add9z 1

22/04/2024, 00:44

240422-a3hr5add8w 1

Analysis

max time kernel
178s
max time network
180s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
22/04/2024, 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.linkedin.com/redir/general-malware-page?url=https%3A%2F%2Fstoriescover%2ecom%2Fnew-f&lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BWIoC4VCISxCqpbc4F8GdgQ%3D%3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
3960	msedge.exe
3960	msedge.exe
3704	identity_helper.exe
3704	identity_helper.exe
792	msedge.exe
792	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 3672	3960	msedge.exe	79
PID 3960 wrote to memory of 3672	3960	msedge.exe	79
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 4816	3960	msedge.exe	80
PID 3960 wrote to memory of 808	3960	msedge.exe	81
PID 3960 wrote to memory of 808	3960	msedge.exe	81
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82
PID 3960 wrote to memory of 396	3960	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/redir/general-malware-page?url=https%3A%2F%2Fstoriescover%2ecom%2Fnew-f&lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BWIoC4VCISxCqpbc4F8GdgQ%3D%3D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff87a463cb8,0x7ff87a463cc8,0x7ff87a463cd8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,15216317615624973736,12518144458840798220,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae7fbf62fc07f0bdb15169d2de3dc768

SHA1
9155eb973df31a7d6fb95f03058dd523171b4f0f

SHA256
ecfebc84b01ed9071cc68bc2abc4eae4f891e1dea41a16ea6010f7acfd6cc624

SHA512
1539bd6c522e56685399616d9811435ff0197c9471404361c53370a261feb180a38aaec9aacd38ff52c94b2cac2e4da19a3de50a9b6541f6f3fd0497bf15bcae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a5e869975d65ad786022d6fc8b47b747

SHA1
14b030f53bc86bdbec766b2f3942804ca742043a

SHA256
d5f8f63c67fd06a2ae7da80cbe8cc96bab5932087eb70432df9147ba818d758f

SHA512
fd8d2b8ce13f4aca312f4856096edba99310a78a5f4c4148046a06e873a3d2514fd2dd9b4515fc89e83306d251929f2ef9c78863f85a3e017a3029dec63d98dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
31d482df5191d15edc019ad701759e2e

SHA1
fb417f961a08a3ab0d8d04374cee5db4f3233f74

SHA256
15cdf2b12857613fd83652f8be2ab0737473f7a6ab6e12c4cbcf1848251b0ca0

SHA512
b00aa8c4c8d4944a99f32ab855fbb4f03c053d3141de9dbe8a5698e884bb32743b257112b601916bf3831a9a1a3df53340b2a64408e2e001f510791242440e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7eb22ecdb96346cd498beff58e5acb0e

SHA1
f4c8a3f0f39dab551517f16a68331e74e8af3947

SHA256
95118ec9a1441ded7bc3b06add6b894d53297a85969cd7ad46861e9dd1f674ad

SHA512
ba1b62484ab21b785c4e2fa1250600dcadf5c5c7ef6d0861331cb638658c4ef5402e72f419d3d93d611888d0bb6ffee172860e14efa71e38a3883d0ef16c7306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fa42df4f87f88b36b7387f9e2b9fdca8

SHA1
a1bc6b6dea82487570f0bc5647c32959a0eeed63

SHA256
562aa8fd4030a0578b9133ac18d9dd4b94fe559fc35b272fd65d2ba1574ea243

SHA512
9d7ae4940fd7c0f6b8abf719331201edf68c6e1d4d5abbdd91015711226dfddeca993fb7509c8f41f2660da7b78e8ae4856db39b9ef047ced76aa695ca6622dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
225638937ac9b93b0819540df7840c27

SHA1
8bd5a418d4015f044ea16664edb513206d10891e

SHA256
2d9de42befc2cfe61f4963fcb8ff1b72a7646aeeb2b1c6666e0533f95364b810

SHA512
1380c566373ee826eb4fadd3d14579dde29a5a24355624091a54d5ce34966583427ca7116e51e70f8becaf0ac572297bc8036439595d36e4c7aa85501454563c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
335c6492005c377f24cec497ebed0d79

SHA1
6937408f7865f42c007de418cb55c476b381678f

SHA256
6ad17217f8649e4b2badc61942165248c4a48812c6371d81b11b700625a1416e

SHA512
b6295d34b3c5b78506870130edd69366b7e351ed832f78c5b77b32236c9cb59e54f687d12e25921600984bd97b62156f7b8e7b504e6d56073877b91424864d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
29383e1fffa2ab0e092cba32b6c28966

SHA1
1fb702188bacc9b7edaed7eb7c87aaf867253551

SHA256
81ba52778a76a9f36d84457ec9d54cd9038782f633f26769b0ce849dfa1baec7

SHA512
4e02e809cc28d0744ee89015ed35092e8e04c28df0478baaa39ddd01b922430e79ed007232155e0c8780e8e52e701cf558432a67b3c112ae09d78ec03ef32d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6730a192ae7e3bc2eb35d248b506e5ca

SHA1
91d5ab876c2f7d0272113e3a5052db5d5775e299

SHA256
41b8a1626665cb31d09278c47e938c2bd2e6bc115e38018f28dd2485d8e004b8

SHA512
ecc7c1b8cb826a6b245a0eba884819fb1a45d7429e50ce28fcf732f49c063f27f51ee52069b6378a6fd07c1082197db5d3ba6ef7d7f83d1741c8c7520def2602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9bb1c0b8bd56138a4a149cd78e4e5334

SHA1
d895e0a22147a76ff89422ff88489238187c59fe

SHA256
2ddde90e1d1646ace2d78ae10589902f8f297a76570eec13ba9abc350fcfdecd

SHA512
9dd4ca385835f6d86ed6592a49446112a63f9884e7d3cdd3633d8889f851a525a51eb4e5559f41f7fadfd7b52313a1c9d7d0c0840787772d4674ae1acbcb120c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579858.TMP

Filesize
204B

MD5
fc32e63dd74d4b705567f9716df95ba7

SHA1
ed6ecaf2263d77295f1c342d6364d361f257f2cb

SHA256
25ccf50b58bfd73261d47e168aa22f4239748190278c8cee875a85638244605a

SHA512
fdf8612f5f63dabc500e423468909e762e667af0be4d1585ca565e513253d04a2c2830808afb0a53b1ebbfd705c8a3eb195c7b737b32810864a43a5c0cce9eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
54906214048d9e98ae80d9ba42d373ae

SHA1
d0f5c655a2f0147d6c4d460eb44f558435b595b6

SHA256
b90808f19e42745fe56624b7583deb8f8f4cd4fc321ec97f22a5c2e86969c8fb

SHA512
bc79f90e93a85bf6157108924c6a99b1e97333de53e71f40d6fbeb235022baa49e141e766c6cbabcb8fe308509c603aef65e7bf149b024006671dd92054b0a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b4837735ff757023ee0201780f9f7bda

SHA1
5b2721d4297246be4a5fc1bba79484a3bc6335ad

SHA256
681e838d58360c7b22455eb15f0bb51f0f408555a9d470c99596c89a0c42845b

SHA512
2a9979aea3496345a81e8a05f8feb00722ca37ccd0a3968d1532518dd8d104f10a8688c90596921add5c37fcddba5fc1d19a534695f186c319b1975e36e47395

Download Submit