hxxps://1drv[.]ms/b/s!AhxO2uTywN68gWLsktUf2hw46w6a?e=rdd6JV

Resubmissions

31/08/2023, 21:32

230831-1dtffaag74 3

31/08/2023, 21:18

230831-z5m73aaf84 1

31/08/2023, 20:01

230831-yrxznsab68 1

31/08/2023, 14:14

230831-rkb1asfa8x 1

Analysis

max time kernel
328s
max time network
334s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
31/08/2023, 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://1drv.ms/b/s!AhxO2uTywN68gWLsktUf2hw46w6a?e=rdd6JV

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
676	msedge.exe
676	msedge.exe
1976	identity_helper.exe
1976	identity_helper.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 676 wrote to memory of 2108	676	msedge.exe	80
PID 676 wrote to memory of 2108	676	msedge.exe	80
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 3984	676	msedge.exe	83
PID 676 wrote to memory of 1728	676	msedge.exe	81
PID 676 wrote to memory of 1728	676	msedge.exe	81
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82
PID 676 wrote to memory of 3836	676	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1drv.ms/b/s!AhxO2uTywN68gWLsktUf2hw46w6a?e=rdd6JV
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed01d46f8,0x7ffed01d4708,0x7ffed01d4718
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3868
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" ms-settings:dateandtime
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16703789403309774478,14281681987205176553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:1644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4300

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4884

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetInternetTime 1
1⤵
PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
acd3904b488bfc4d992791e4631c47ad

SHA1
b5d28c4e7354e7c785d1fcb35ff70ca6da6fb57c

SHA256
342747eec61beecdbda58844809a27e642697f447e82f51cb6f71b86014eebd5

SHA512
07bdc8581f8d5296b86224bbd873921dfbb302773fcd61c032092780552684d1fd863ddfe35e7dae1735b3b9ceb9c3c5fe5f9c04f3b14162204d4d0d679a40fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_onedrive.live.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
711B

MD5
a15de5cfdf8569078feb1ca0374101e9

SHA1
01622cd6819b369e819004316a004cc417168e27

SHA256
31eb832d268509d7e8ecdce2f2e653aa3c2d18aea30ce495ecacb83c6b12c181

SHA512
cdadc0869ac235e00f46610bb23c4d66c110d8a0663f934cc454250e0ceac1f690c1254fab340c877eece5ef86165d954df25d46fefdd68d0ddce1a6a4b80ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ca6e0de893ae53ab8abeb18993928110

SHA1
cb494f80f03c2622051c26120ec09087a0eae679

SHA256
4920040af8af78a2a9829172d1ac6be58734e3a043ed0b734f08f3b4a41bf50c

SHA512
e95ad32061b78ec755c2ac82f552ee0b19cffeefd029b55f64d028f3c6613ee788fb8dcccff17484cb4048868812c5fa422c3f99e7d63ecb9420acba9281fd12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
adb925ce7c1a1fdcd2f0d0f697a7e949

SHA1
08b4ff992f396b64cd812c19c53aa1e84b6e9095

SHA256
22d8ebd4149bc5bcab91bf6036ae3d1b3b9192de24e7f241bbfdd128763ffbb7

SHA512
617f1b9fa297f6102ea880355505657968370cd1f53390b0dd4dbba91ff822add9868d4fda61f5353aaadc7312fcf353c31e96a98e04c3248c09d85fee617d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
396390c5d6dc250c7104844e30bdec2a

SHA1
941dac1a3dbe715c3ced80cf6748b1012976ded3

SHA256
6aeae4927e7c416ea7e8f8d7703cfa50071d9918aba6f7bafcbf164f95e03f7e

SHA512
fcc2d28d1143d34d76de68c90ddf819243a4da1ced0972ef9e3d61a80c14151bf5b9e2813559c6349afe16334af1463fe6744ec7c2d0f415e3415de65b3702bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
38978ba10e5f889ce7b2b0a72f434bab

SHA1
30aaa9adf5e3765504208519dd036d7f432a7925

SHA256
b0989554ec8db7528b678813826c42c0b8afbd937e2979902df5f3f3902338cf

SHA512
381e87e568fd6340dfd15271779f36297c97c0ac4515e908555b2b4bd9b8781b1ecfd96503253731c447b441fc765afb9876181d2a5e74897916d3b13123bb80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf30f0275cfec4b0b3e46669394f0fcc

SHA1
48324e95a03437696c6fcc109c14b6bc71a53711

SHA256
6189655aff664521735bb91aa10daac02506a0b64cbf938307e603ab0aab9b49

SHA512
4e51083eecb6115fe03ad09928cc56af24ceb1d4a5062ca189c004ec949fd2bfc83ee44592f08d8aa207c4008658141309fa2ebfc5fc89c9eadc86159cf9a516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e1c70a0e80000c2003467fe3f380b49

SHA1
df797fccb802f473f9a9627422ba3ad09960063c

SHA256
c7fa25b95b83574a411d7c34c73f7ec81f46200975517551c3325e5fc4b03a66

SHA512
911c48127c865d3333715e3c47a0ac96f36ba73edb9c0c46936b6fe32f423ce91addafed42bebabc2cbe0577d06dd47ad0619cb997b3fffa99f2c21f091671a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9a5600216b07103796cd289c4bf66fe0

SHA1
4dd9c909088b4138d191959ac6415dcd326e1691

SHA256
9fd07b2134143c89dddb94cedadb157ab2cc0e35c410e4fa562ebb51f947797b

SHA512
4a9a26bc527ce6cf0ddfbf9da4260211985386fdae652276f8887269a77ed6f88e1a57bae28b3056e7809aced215c232828e1c8c615d788102c8a4225dfd6ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584c27.TMP

Filesize
72B

MD5
cd235056ec741afe33ab91ddd2be8150

SHA1
93700f4f890265e53b983c3112143344c01ae185

SHA256
0031b4f4fff3865bfc01ab8b8890dfadf72a2d46a739b91659fa621e5d51e12d

SHA512
7a9f28b4e367a251c9fae8a6cb18caf5bdc7cd40fab5fd871b2c77baaf741a5cf70c48b3ddc549b763d138b884c2af7e657f410cc3b30c80db097c25d95bf6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20a812b301f375162aff5be1cff28e38

SHA1
510cbaf0c3f7b8c3b9d245d42490065cf7294a6d

SHA256
738852bbd1543f83db9b8156c0b97eeae4f81bb18227fd83a88cc3a594ef3a06

SHA512
131fbf563daecd3fc6a5e7a905909deb045e34aea1d1288379f3096f40c920dad1fe2c7d1294d10797e8b909cff06e14b0d5f10703f638893117d766e7cc5821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d1f7a25c6f41905576700c33d752568e

SHA1
ee5d9df1a2e2dfb63bd1a011b33eeb7025dd4a65

SHA256
7c09143ca1eac45453d8d7be47208ab1b6ac69868f579deeee89e8d05d243c0b

SHA512
f1932c22475a41c2f045daa44cf8e4c5d80c37b620b598e5a22a3ba9b844958537dd6f0e0fac662c59cbe04b7f2573bfa2a812f97f797ad24c390dd60de8516d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f158ea01f8ce98ec6873fabf295495fe

SHA1
1a630fa6ffd48519b764d0d69f4f8bf77a6fa330

SHA256
75d75a55a1932e1cb3a5a9c821d309c7033fa5c5767cfa906c324796171e1cab

SHA512
a7850b211c35e4183f7da722644f6f6dac191d690447de27282a3e0d9fe5e9a4809c554fe404d517b7ddae1abed73c7c9353af5aae1b1f309678450053fe27f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b6169120942530c25caf04c2a0676f6f

SHA1
fd502dcec9b188f367e9809c48207b6ea41bb8ef

SHA256
d5be6d4a39df6e68460e64a71e7798c1235486f05951934c925668c1ce60b5db

SHA512
860292e17f0d8a0ee6f21a660049fb1297672c02128277b1a0c3b584374eb1dd6c2e1a288c59ca724a93f79a7e032f0512545d2b379e4bf0ff30b020917064f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5827a7.TMP

Filesize
703B

MD5
58f8d098545b8ea96b3532f001598e48

SHA1
673c89dea529998612fb60c721b9d80423602a9e

SHA256
00bdd08650ad83befc9ee6e3ce2bd6c5cc1ece21c711aef824d1cdb1b05a9137

SHA512
f5b9a6fabdd9c639a4c46773b5d43563e6bfc280f30b55812f9899dda60b879c5282fd88c80e441c2aacbe3b445b633131e5cfd4637f306785ae216468020ac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3122d20009790b4b4ef8e003eec15f7b

SHA1
4849c2cf454ecb0065480cc4348a89701ec28f37

SHA256
4cc7299b68e299ad8989fb83ede092667f5f8722eb2a9a113809e22f9f9f8728

SHA512
b16ee70522508ec8d6ce5cceb61fb0e7ac1720eb32b725c7880d6a17504495825dc3d66721ff7c976ae2a69269c51693fd70ad5a26dc9c22ec8c37254dd9a971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
82ff3e1d23f43026e4e276f4172c15bd

SHA1
caef09913c2231b0465ff06655d7ec3e3168e3c9

SHA256
3941f4093b0179e853da090be13a9f9e7f4d552a650fc90134ae616ca9b05943

SHA512
8ee22307b61fcf45864bc3a7e7fa82e4a65e5e7ef7bc7d64fcc3d7d28403dbd4aac6c9d177ae570ba864b26d61dc49c44474156aac1c31469de175a8256d3a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4f1e75bd639e134f3bf244f488cdd3f1

SHA1
89e78e2cd0add92fd9da7f9bde1ed5ae273b39af

SHA256
1f8a671cd5a16313812690bbc948938ee26ddf3e5457958a0b7b3944c7986705

SHA512
b38fb871377dff81aaf59fee22a026b85514be05259e2d8d40bc03cce0547930b68bf2ecf32ffdb8332228cd38ac0d7e7d769cbbe2c23261a1da06b0b0092705

Download Submit