hxxps://lorydos[.]com/Larydos[.]zip

Analysis

max time kernel
314s
max time network
323s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lorydos.com/Larydos.zip

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
102	discord.com
103	discord.com

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	14	https://lorydos.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8c2c87de58339523	3

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
3016	msedge.exe
3016	msedge.exe
4060	identity_helper.exe
4060	identity_helper.exe
4500	msedge.exe
4500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 4120	3016	msedge.exe	83
PID 3016 wrote to memory of 4120	3016	msedge.exe	83
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 428	3016	msedge.exe	84
PID 3016 wrote to memory of 1872	3016	msedge.exe	85
PID 3016 wrote to memory of 1872	3016	msedge.exe	85
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86
PID 3016 wrote to memory of 2240	3016	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lorydos.com/Larydos.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9c0a46f8,0x7ffd9c0a4708,0x7ffd9c0a4718
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2244,8456866225918674618,11026439744174347503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
c557f5323598c4ffe7cd5125658edad3

SHA1
990e00fffa44bfa8f8dd6a71fc70810a2d9eec7e

SHA256
198344372a866c3601c162a316aa11c5422b6de4c54aa0bcb7f1a14ec0c22f23

SHA512
066bd2c02bec549d5fe09d991315834822eeb3d4a1a7c82e44234da477400529c122f5e31316eb397b5e665d50623cb78c769ba8809c8fec1257a62c33adc658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
69f791c8e8eaa5844d71c27aba0580fc

SHA1
5f215235d81967718aa88b3c7c890d3e563b9b63

SHA256
df3adb3d4e5b24cac8e40b33b1dc8433200a16a610b7c87a7c0a6e6cfefb5d75

SHA512
673f38580904d07f441b6ae3bcd7071524158a4db9f07c2ab1c11e49f16c28c6d4d72dd894d98c6aeb57e39b085d852b11a9dd3b37eafc474e102197e8820d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b1b79514dbef0cedbfa96c12399382bd

SHA1
b2e0f3c881711054d4e1ceab2b631ed06bf2cb29

SHA256
8d40dcfa03ed71dd042d4ce35df55396cfab32468a48b875d2c192ed9b313dcf

SHA512
d37b837c3ca8f1458143817b57c45b0306730331e4de343f24a1ee9e8c3023759c1276c25a2bab5e376cc0f12c9b0a7d1a50df8f177c1303f109010cdd8fea6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ca20ed59030e2318f60e5313b785cce7

SHA1
3de7af5a43e9c5f325fe272f2482f7dcba4d03c2

SHA256
6fd16807eca3761b2a0c46d26db0c294e44fd6dec2bfaa86dd4078135f7349b5

SHA512
a3e24cafb0ff483de89df2c3375bd8e0c834f8320f898ba2c205f2c5b9b1c42ef34a7e5de7de1ac369df668f5a318d20c196ae657d683fbd7b28b4e1de98e603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
106046f7633d4cbc8f0786479a4d730e

SHA1
d7dde170d4a07b51a82aec0538f0c2cffa3ee47b

SHA256
a2e936c0b9794276ad23b7bf9469a9db2e11b21ec0c4394fd7d082727177e2de

SHA512
d121b5cff72c07ada38c0558e3134e6d2d5e6d8362ecc98fe2f46e8278d08d4d4e9bf1151842cd8086260f4d572cc905b0d4bb871b990c54d70dd92f35056fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d7fe0e8a4bb018950f593d6d5f02e02

SHA1
019be82de29e9d7f7f0f80a77ddf9edb8e6e48e6

SHA256
901902786bc0fa1e57fafe6b2dc24f5ee1bcb77134d6bab395885ce57c6b3a4c

SHA512
8d358d9d269a757dab2c607bbad91b942dec46de51b70b29ba027b6e27e2d5d17a4e313041c18543ac28b1a4e6add32b48c942acb79995161c09d159d8470b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
065b469d24f3aa3477b3dc3d8de89fc5

SHA1
396e9f4c516ed500d2d0359519446b6763d6193e

SHA256
a929782e530a8850b6191ff974891d0c2cca937c5ec9bd1dea07dcaa1c1e9626

SHA512
1e71942c88dc742072e3d799f5fbe75d64f5c080e5b740f6fa6654c7b4ed26fe527a0926cad184b1d6e422d71b8d2848c17d1163d81e7066a62680d29a0c92d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa15f781fadca1b2f24fcdb909026f41

SHA1
64d6e55c95719649d47fe7ac8f1e596a92c68143

SHA256
44349033b1bb760d5855c5b4bb18d518b933bffb1b50ec9d7fe6d0eee810bf2d

SHA512
4db250fad0cfdb26f77d0013048ac605405a899b345bbced63c145b925bb5c3a8d35a7167f7e632ffbecc1116b5a53d15b1af4dcd7fbddbd6b59d73c28266e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
bcaad56946ab5702bac791eb24543e4f

SHA1
dc6cd33773660d306e1c4dab90a0279ba9dc7971

SHA256
3362b824e2ee30d0d29456964e933d3da4b95db3bac1b15cb7572bf01ca9d348

SHA512
6f1686888e751e3c1cdaa7e49088f51ee6e9640788673dfae84533590fcb16f45cb37799445b512fe0ecc9a77d7072d28b3e6ed629789563df8ca7e604667d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582ff4.TMP

Filesize
706B

MD5
892e2d0110afb0689ddeb42e095b2533

SHA1
21121620977aad8da05ca91797959d6022f77754

SHA256
43f091b7a68695f6bec51430c5391c19eb58ccb1384857b8112b77ff319a6e93

SHA512
b77a11d409df6a4928d370e5dc8cbcba7bff5e6e0ac070b5c799ff82f92e04fc754d1b8e0f48c6d038a8979526a356926f83b4b1e10889b643851aa4012601da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
77940bd82dd2c571f511df3bd5dcd394

SHA1
ceda81d7f3b4390cd899b0d41a9c00ab7ebc404c

SHA256
fb12ad4a67054fad75cfec8053f6a76de8cc5a5e72f19674d595486df3d01b31

SHA512
750bb3906ac19f4bd99fd8ce05c5918746fc0471d2b335eaf58933252e3794c9391c16ded8b38922da0a9eff12eb86694fa28ff2ec288ae3029ba1c7602d6a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b211f2e20539cfd9342179d85aad173a

SHA1
f7a7bdf1e1e9c3d3b0dde0753b7fa38d2fca7f3b

SHA256
0d4873d6ddff5dde6c4b17ab78a2ed482a9639e0d0c6f460eb898645f811d386

SHA512
d5f620e3f73eef066a3dc8c71c42417c3ff3c5764d2de8c4a47b00e2a215b48c32b98ccac805ab4137e177b2afce4d4a695f1bd90bbcc0008bbe82706eec87a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0cfb8463bf0d2b698b10535c26729649

SHA1
3198b8e0c0d1f11aa2953b218c101aef545cb7bc

SHA256
88b6bd52215d568884b114b1e97822f0bd5bc1856a4952845d9a99088cea2817

SHA512
80864ae64a21ea1e606961d44ea4045164327066ef686cd306d872f73ec3db62cfb8113d9199d15f5c585493611d1b244383ce36f6df9edd3677bce605cf8d0e

Download Submit