hxxps://opnsite[.]cc/bc81c2c9

Analysis

max time kernel
150s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 18:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://opnsite.cc/bc81c2c9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{8DB180D7-5350-45DB-857B-5B788D0E0739}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
3628	msedge.exe
3628	msedge.exe
3684	identity_helper.exe
3684	identity_helper.exe
4576	msedge.exe
4576	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 4520	3628	msedge.exe	81
PID 3628 wrote to memory of 4520	3628	msedge.exe	81
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1820	3628	msedge.exe	82
PID 3628 wrote to memory of 1540	3628	msedge.exe	83
PID 3628 wrote to memory of 1540	3628	msedge.exe	83
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84
PID 3628 wrote to memory of 2324	3628	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://opnsite.cc/bc81c2c9
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe931046f8,0x7ffe93104708,0x7ffe93104718
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,724510951584291487,1983035075198902570,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3fb7bbe2-262d-45da-b5f7-151f43ae8954.tmp

Filesize
7KB

MD5
e7c0258ad7a6e6da836410bfcaf393c7

SHA1
57bbcaf7769d9e3d10e265ddf16588156091cd79

SHA256
845a3714f59a43192afa676dec9bdbc8db9ab8fa2cc872e001c91d9d4a37941a

SHA512
758b167d7ffc44ae28503d3e263da05381adc697c73776ca908b9387ebb9414fef40dfa6ce32ac1b4e44ffb969ceef44f812fe1b5b9c22da5f202d4e5c650533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
665082d571163fa9230df43e1fefa3a9

SHA1
76e262ccdd0ddc8162df74e2fb2def2b34f99c56

SHA256
fb69707ebc417600c5a13cfbd549fbfa59caad80a1a7e15aab966df83e22d74a

SHA512
8e8d64d3572749a5619322d1594bdea48c75fee8f48e7330f3ab6900ac741c33a050bb039b7c2bc226faadb7ad484f0f311bb5b6008901b99ea08e3a0e8c0f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
44f2fbf6b0851d9f79c0b5f826182738

SHA1
9eeaed1345f4664e69e6ae46b3c88b6d3fc27f57

SHA256
9a07dc3ccfd84b1b4fa29493737be32b044c10928e99616488c30f3aa6973a87

SHA512
fbe559155350ce8ffed88e615419b595ade626b027d575cf017651726acd4ff047066898df273cf3f238584160d1d333500d6cbea474b501f8bee3763814a9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
522aa4adf30785e4dbaa3d7fb738d179

SHA1
e4346b2704316b202bf6dcbb44a187699c17487d

SHA256
1618137a0c1b2251ec205078b42eca9d63ddcee5b3b29ea0b4a715a499d2d5af

SHA512
6be5f036a095b39166d8a294cc4e3f2d2592d22996d90c54f46f2a9ce7c5ab23e1d5472c343ebd437a44339485b4b5c070ab38c2235a899a5f6c5b54503a1fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b60a1349cd4e6867ce4e5a98bf22aada

SHA1
c1ddf977ea4c8c1fbac9ec4fc0ec6d9cc21e7937

SHA256
8855795fc84221b38a9647e3492e2543853adf4810e279438150d9a225cd0efd

SHA512
f6f60f1564f9e75caa6998452123e8269f1512df1af7e8429cb9e7f0b9fe1bda54039c5d376e1067ea3512a77535f149b1d03153cd3266fa0025af24c4bf1fa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3eca7417d0554ecd506c53caf2447b25

SHA1
c23e24049880eae74c6ec85e50342756bec4bee4

SHA256
e6715bd6b1018ef286417f42bfbd628e6a8009828e07a719aa8e3c0f45cfe397

SHA512
674802ea6d5bad3cfde02b4243228366a41ff32d76a6be81fb530021d685ddf45346371cfc83644023213f332e7b93ce91a2b1aa8304d7a95af66e172f9a93bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aaba459e5f6bb932c1cc3bca12c680df

SHA1
fc149478a77ccff8c27d753ff774edcae41a9db8

SHA256
f1eea8ec2b2ed3f459e4dbaedbb5810f422263b77334f81da7a4d2be84ad6c1f

SHA512
5c313f0edad395f7182afec7f0d9d3f694baaf3e22741eaf4b377113c2a39e65fde2a2f04becacdd51815bc27d025a47ec7308438b5fecd95225fb366d0bfdda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1fd0a0eefd3c89d15656d213260e5850

SHA1
31fc15ed048390805b55898617e18047c0eebc1e

SHA256
dd4ad8ccd6afa6f25101664fe756e8fbdfbf7a12fdb28c9cad4e41ff0700490d

SHA512
d9c4906d40834a8ac5314dc366f734ffbafaefbb5503d3a77ea313fd927afd49545775ab78370556e702f2c975f7c606a28f7c4469fb92fcf60657b40dea1b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d44d51b980962be7b0500b7286c2b7bc

SHA1
953168db976bbb5b08b107310ddce664b30c1209

SHA256
33309ab650ccb1b11e86fad4525e2fc1f312e05565696fb1b968477bfc847ce8

SHA512
e4ae82c815a8854fbf2a8c486101a59640f3c2828ee1bbaeecb3332ca34992493921c3bdacd8cbe2c734565f3abdbb835007b6205e1c66cb40f1c4bdfd69ccab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a2b8.TMP

Filesize
537B

MD5
dc7fb9ce64796600c810a048e42b83e2

SHA1
edf555ab926d69184b56a41aa4c6ac0cdf6f4b4c

SHA256
2ad010367c18e89c8e327b2c1bc36b2e385f2f9b2cc9b09a2dbd1103aadff2bc

SHA512
960228213117f1192bfe0658678d8deb45fe604b680c0f4a0120fab76b2af51dc9e4df6b75eb8ea929b071cb33dfb5c10c84a6ee00b4ec6fe2136441c0ee33d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1fbd8738b45a71f8313bfc650b4f1bcc

SHA1
419d30d2255d362b653408315edf0ef762292a9c

SHA256
43c28262500c48c34a69cdb654ecb3de133d3d459f1ab35b10f9c501f8f4c0c3

SHA512
779d1c495a70105dd47fbce319447eab3d74225cecdb0ea49d3192fdf9ae152db0d25d5f3d296d6a163e4add1a9d006283b0a4079bf973cac14dcb70edfb96a0

Download Submit