hxxps://www[.]vumedi[.]com/accounts/register/invite/bet/280543351/?link_data=eyJiZXRfbWFpbF9pdGVtX2lkIjoyODA1NDMzNTEsImJldF9tYWlsX2FjdGlvbiI6ImJjIn0%3A1syRhd%3AcX904B5ySUYYEBozohNfmcUmjCUBmHVXGM31Qj01Gp8

Analysis

max time kernel
147s
max time network
157s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
10-10-2024 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.vumedi.com/accounts/register/invite/bet/280543351/?link_data=eyJiZXRfbWFpbF9pdGVtX2lkIjoyODA1NDMzNTEsImJldF9tYWlsX2FjdGlvbiI6ImJjIn0%3A1syRhd%3AcX904B5ySUYYEBozohNfmcUmjCUBmHVXGM31Qj01Gp8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
1084	msedge.exe
1084	msedge.exe
1228	msedge.exe
2116	msedge.exe
2116	msedge.exe
1408	identity_helper.exe
1408	identity_helper.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4408	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4408	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 668	1084	msedge.exe	77
PID 1084 wrote to memory of 668	1084	msedge.exe	77
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 3324	1084	msedge.exe	78
PID 1084 wrote to memory of 4132	1084	msedge.exe	79
PID 1084 wrote to memory of 4132	1084	msedge.exe	79
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80
PID 1084 wrote to memory of 4508	1084	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.vumedi.com/accounts/register/invite/bet/280543351/?link_data=eyJiZXRfbWFpbF9pdGVtX2lkIjoyODA1NDMzNTEsImJldF9tYWlsX2FjdGlvbiI6ImJjIn0%3A1syRhd%3AcX904B5ySUYYEBozohNfmcUmjCUBmHVXGM31Qj01Gp8
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8fd703cb8,0x7ff8fd703cc8,0x7ff8fd703cd8
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,18401171719348742305,1871104317515197234,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2732

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4408

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
e416a8f77ab1bb40dae8ea4790afe97d

SHA1
9ce8cc14f00b3fedca1ec7405511e9a022d0d436

SHA256
78e7c752a00748640c685424eb83b4d83ba1a8dcd3266b1203a77b4d7ef2f9fe

SHA512
681edd3f1aa45b29db42c340ae487850533f82fa5295d50fcb153db5f36c6ef00dd84fee0001491f4b1412d9fad1952ccaf7f944cdefc2b7602e6d6188ab34aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7406cf83eea351c63a58bbf1145c6a32

SHA1
89ab9ecd181200639d81107372eb4d249160ffb4

SHA256
2ac7edb989bd7ecc5b7389f6a399a8412e6c0bb2c26462baeced8b06f730fd76

SHA512
0c517f5c213c514b420c74859fb54a06c44857088a9f8fc2eb13d829704171811e91bff616d386cbc9f1d40d034aecd1d4f119b42a43be3424ed06a0b56c3d0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a2273a9a64e28f0f55d96d12003a1b2

SHA1
bcf3ddf70c01402ba8ea018e46649613370e0a7b

SHA256
b8ee2a7093e99c5530f5d04ec1a3c36294e545b88f38b556083c141153a8f578

SHA512
3d7fa4af039c7613bfc4ae4493c101bf03ca68090800487f5e866360fb78265f2f2150d81b1e57651a1bdc886774f9ed82ac94f149f6a465cc2bceab9020debe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
38f81360326a997df86055a1e907ffb3

SHA1
0346cddc5ce4fa95c4dc0dbb73a01c09e56fcbd6

SHA256
7e8058e7fce00713f0fea256692114202359afbe0eab67f99af840e5b6090c75

SHA512
474bce6bf8e218e903a8d6fec66a3bc7e3c5779c07daf2176074b3e9fd1086a93442dabcb5268d6fc32040a111df491c8f692498f8d5f9800768f845eecf244f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb8041b4dc9c254705d041131148e30c

SHA1
7e4851a36c7a37989f3d2bcd5ad10ec882c744bb

SHA256
af3c5cf2bbfcfab8eba71e3c95526f8262abcdda55705de4d07c2f04675e845a

SHA512
68e70f877f73c82f9ecf61f7a86761eeb14706ccd4c7e9bb49966eaf3ee71fe8af66ddec1a6dc5dd34a6b933277c5dca83ed3f3a5afb06ce644551086aba899a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
1202738d1833d4b924d807f93aac9ddf

SHA1
561849ae1e17aae80ed7bfc4718ac35da421302e

SHA256
8b49fd46dbb58e695a1c3ede20b8186a89d56c41fb11e7c0cc39cb7e0cbd067a

SHA512
af2cdc6e77ef3aaeaea99d14ffae58dc2ac79c2c648642d9ebbe8f0646966e237743c69495d2707b0dd1137790d665bd409fa11b9aec6e33972352ee3c647e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
bd7a5e1f87d105c99f5fa6697ced0bea

SHA1
bc520421235d35c26b5c1aa3320ca5ee313c6d59

SHA256
6b4e620163539086a4ed39510df8b39d77971e899290545d11ca7e9ceec93cc5

SHA512
4df1affa926c0230edd0591fdddf12784aab34f528096e4f34fc6e45dfa97bfab3e67521f5f9eb80b3589812c55f5ce3636d775bee219cd603c3f055812940e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
35235079a681131c509cb34426f3f268

SHA1
d6a74c09e235d4d915454e9bc1c4d182c63dfef3

SHA256
c75a1dbed5502c17d9314cbd026d90254b45fb97aff8c8cc11269330921b8d59

SHA512
f03be68bdfda69a4ff7d885889a4fd964e9d34abc1575425168d091e2a8c66b8ff1b208699eb6a0ef03d332177abfc2153f7b88f161a3c2156ccd87784b7100b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
b88109a7c813cf0b3f92b09928e26d43

SHA1
48c07d6e93be6c4fb29d7e2bfc169ede9c788986

SHA256
f92b0548a71b95703caf4ef7ac2713cc565be8dd2646d8f319827daac7fe6887

SHA512
e0139642abc15b9700ac6eae8e85e6a8c3e2bcb7948ca72eff44991bc8b2f65ae243e5d25fc3c1a64598090d9eede1f4b10f3158c510138d4a1bdbed491e9bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
43002e034af354b228c7ec5bc7e35b07

SHA1
75643550a8b2017296a0ffd723ab8bb9da48a7fb

SHA256
f7f5ec27f431d20a624915f671d0616bbebab99eea75329ff597d33b6744ac61

SHA512
51463dade080f31c2cc39f9ee2cc636ab8fe16c0a347f07efad6ce1f5a911eebe5bc76b2decbcb6352beef2c47dd5fec385a96e780dc0d088e495121af3da3ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
f9e57a6cab56c58fbc85bb1c83ba6574

SHA1
3a869ef2f98c7b4d15e968567e01afa2c7883aad

SHA256
6827f9813dafef579539d989e5838d06585535bd0928856d1d51e97e516461e5

SHA512
a0775a6079ce7f32690ce4498796df826a73873d0c94111d761812861ae239cd7591367931f7de3a53e2485b7672e1da6f8c8e58c2a9871913e0e1e067807dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
5ebcd1167f5cd0c905c043abd17a10ad

SHA1
87b95a3f40b19bbfe1cf0f3a6e943afc673c7d1b

SHA256
a64773e745c4c7710fdfe8201ab8c5c6b060567ecbc662d7cded30be63163ce6

SHA512
0b510ef0df880af71a326b0740bb8b29ba6f06f6d02b7c5d52e413a7755f0b38c9565221c159ee8296d4c823f7dc1a56fcedb4bfc6e2f76a22379d44508ccf2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
413595e64d7bf0ce3bde316c49a40a02

SHA1
7ecfcb93f0cf81271098ea3084f580b315a8e743

SHA256
6215ff0a3f870b9e2d9c5da2e3c3b22b87f8cd3a76a30d3d24f81c8d019ba128

SHA512
909b729cd091fcddb6779fc21c2b90f8c7afa5fd0df6ccbb5098f07ee4315f02f4792943d73c70ed662cc5543c9ab4836e79b7bf16342d57a7fe211be37494a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
679061d00a049987544017051cb1f027

SHA1
7138e7a58cbf0c5efa0028750d5155f486197e6b

SHA256
2d025f69542c1092acf4df129962d3fc50a69849e4d6c71d127be1f5039984c8

SHA512
54dfd1419d04de8344aeedec3d8cff2f97f47cbe3d54483d5b2764d2c48f9bb5366dd85c9551ddd0c69a78b6ecaeec2ea14213bd96ac2cfe489ac4d9db127745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
c011daa248e58d877ee09ad31de51a66

SHA1
4c4cbdca95f7bc26cedc2c185feb56c9af2178e1

SHA256
d36c7dc362736d24cc807962fa3f54fcc7a961b98756fe17f7ef3fb1acce8547

SHA512
964c3bad9f109be2be8a7b62a55fb0e8ea1bf6030a875ff9481c9cf715a13efc00e442207df5e9b28d1bb2f60412dd27dea5356fc6288f2ec853e287caf0ed05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
49adc53365106cd633b8c76dc30037d7

SHA1
77a773efb5ab22a7ac4a101a0365bc5ecb94ccba

SHA256
a4bace510833858338c6629fe8aec0dad861fb8ba76e344abe8aa44e8417e0e5

SHA512
ef6850350d34cd6472b6d8a12baacb3cedeb5f7179388adc33567be39bb2eace0f483e4e09e487757de3bb7762a2a5aeb3a979e658bc30248841b5e45b9c3040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581c8c.TMP

Filesize
538B

MD5
6720c50279f5e423d2160308aefaa32e

SHA1
84b02eb4e55d479ec8eecb0e7e82ce4763a699dd

SHA256
16b33ef1cd310ad81b9eeb4ee704e5c85b7915ecb8f060fef538f90cad33d869

SHA512
2d63bea4888bd60c1890620c5f0aa13a30a16bb2d10d4212e0db369537ffcca18853b73ab1c0e3df557b08b6bf2f70c96f6194843ea58127f9fd76730da8c5b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f360f2542df60506dd31bbcaa70c1fd6

SHA1
242fec7debcd329ae066e95929c2bf57e2dc1d40

SHA256
8b23c2c5715788ce2096174856987c47eca0a99255b80776163a0c14d40942af

SHA512
a00d18dca221b7716eea5390ec7e865ab60083b4aab8a6a0f35f8a1c3495f573c1f1187a917460492800c3e141a3e9acdd88ac21d99f17bf6a37cbd26ccdaff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
99a6d52373e224a456cd9b304c05b1f2

SHA1
b91a7cc711b197d69cc54cd92be4ede6f2acb859

SHA256
4dcbff49bc25d3af7f61fadf592da1eed0a3086e95976660342c993427f884c8

SHA512
366c15a49871635fcbc2e38c5b6f38ddd646c649dad55483380e8b2b2ee5e9f0c5b34bfb5f868fca7232b7a00349598fecbc4d34b55335f4b5abff9be2539e16

Download Submit