hxxps://getshared[.]com/O4zyLLUF/c0ae45421176532279aaa8641913ba0e

Resubmissions

01-11-2023 04:39

231101-e91nqsae4v 1

01-11-2023 03:57

231101-ejdfhsaa8y 1

01-11-2023 03:42

231101-d9qm4abh72 1

Analysis

max time kernel
1698s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2023 03:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getshared.com/O4zyLLUF/c0ae45421176532279aaa8641913ba0e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
3692	msedge.exe
3692	msedge.exe
1808	identity_helper.exe
1808	identity_helper.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
4340	msedge.exe
4340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 3852	3692	msedge.exe	74
PID 3692 wrote to memory of 3852	3692	msedge.exe	74
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 4100	3692	msedge.exe	87
PID 3692 wrote to memory of 2000	3692	msedge.exe	88
PID 3692 wrote to memory of 2000	3692	msedge.exe	88
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89
PID 3692 wrote to memory of 5104	3692	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getshared.com/O4zyLLUF/c0ae45421176532279aaa8641913ba0e
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cf0946f8,0x7ff9cf094708,0x7ff9cf094718
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4328 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,1851704585372990516,15026186732037619204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
39KB

MD5
1b5b93572a52201551f589a2850b65ca

SHA1
6fc6031b316e13d7589b92840dd99cab87593f8f

SHA256
d33ca1f286bcbfee8d52c03694ad8d1e98a3a1e5d69f0418ce55fac4a6322fcb

SHA512
5caa0078cb528b8deb7bc8f945187994a788815e074095a48f3eac1b86ee876f39c9e94990aff82d3549abf518829d6ba89db1d0836ebe8df2f25533814b7920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
52KB

MD5
aad59c0d621961328f00a5b72d4c7871

SHA1
5bf12f52f688e4f1003ff808ec27ec350c656163

SHA256
af09b3978d17d36f2f40c55a6e642ac4f93ee625202b7d589a33744eb13557bc

SHA512
e8bf9d7f8f7e5f6314b36c0346acbac09cf1cc0b61d76a8c37d88189da0627169df11db10cbb8f4176c0c4ccab8c3b1c65fecfbadbc43e9a297f94148ed567f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
184KB

MD5
990324ce59f0281c7b36fb9889e8887f

SHA1
35abc926cbea649385d104b1fd2963055454bf27

SHA256
67bcedd3040fc55d968bbe21df05c02b731181541aff4ae72b9205300a4a3ecc

SHA512
31e83da1ac217d25be6e7f35a041881b926f731fff69db6f144e4fe99b696a31f9ab7766ca22cf5a482743c2a2d00a699ca2c2d67837a86c471a2dd3bed9ea1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
da858a14d6560faba352a5579aca13ba

SHA1
36020f5ac3b48f34d99b1af8305f9efdf5dcb58c

SHA256
166271056aa194b2ce8c2e5bebf1253011a522211651d31b2452d5082cb801d5

SHA512
d85c01bbae5cd93cf6cf970e3fde5c2f49d9c034975daae5af1ada4412bd55d6ece3d0a6ec336cd6c0faa1645fa271bc892b5deb6263c3726ccda1dfdd9016fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
904b94f9c2790d9be8fb9c864e782a4c

SHA1
3560f8c83344ad4bb0aeef6a1202dd373985ce1b

SHA256
2a5f2498ec03ffdd860e44b64cabc3785ee1a66787a2e001f068cf616a41b930

SHA512
f1279b6deebc5eaa5546b1130d9ba1784d7f683298983fc9b87d3da2dbba44756ed769343e7ced8bc225131c20f7d06b83ba0c2a131a6dcea39c18592c189964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d470cee368863602efcb8cbd478db219

SHA1
2e39cb32b3acc1085c0953d4773a720b9a616ec8

SHA256
26376b6908ebe8f5eca7b80d2ee4e01c6636c73b7912b7f320afd189efff8746

SHA512
17340c663073daf08b591b60f6f409fbf76ea5e624c001526f2a83975cd89314d30f929c247a2b9ab34aca51c22ca6960ebc0e5c56fa07c4de3a13b3c597cf87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9ff69640edbdf317e2a7b356e1b6d1cb

SHA1
0dd0ea88605493549b3fb7df4af2a6db6a86e66b

SHA256
461f25a33c0b8ea11147821aec9c60bdf8ff221013f6b1a7ec047eda0e3837b1

SHA512
85d16e42c282bfbdd6a5dfe56149c4025558128bc65df34d5cc3a53671468e6e82dafcdd9c8f5194b07888ba97186303c44acc8ff62d360be470666f64062365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3c2792227d91bd21169dbdca9b40b44

SHA1
f3a71dad52ecb2365d324ed2f1141babb3ae0127

SHA256
2d172904e1e9081ab7efaebf21aa30c06be13d649992566d3b50638a85c72476

SHA512
767573ec5d994cf59cb12fec8178e0af5a293713f61ce745832a43ab0495cd308ea8432ca095fae4ee61d417b7cda307685cf333f1c5b14e016f13f1de1e1377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
e06c56aae168b8b07493a0f6753188b3

SHA1
021b4e2bc0b98fbdc035554cb603090d10a2f350

SHA256
d4a2790e66d6e662e151a081e1c94c4a17c8030a2d8f905e8a43ade105b8f5aa

SHA512
ac4a664b73136f73b6984aa5d1d2b4780bf0c06ea0af014d1f8bbf2854cd5e60ac6fb6ee38318cae5530ac93e176c9b6b0d86067f0419202ef5ba77e6e45a82a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5815e4.TMP

Filesize
872B

MD5
0a4730bfdc5dd394962afad67eb2a5ff

SHA1
b2edc8d0170378a595fface029acc342ae8a342b

SHA256
5bb46b56d04a5fa01c62f9953a9bc64b0c6ecc9619ba8f1e9eb7712fc8d2d920

SHA512
f09140f4828d6af8e5be2f2874a9962273651766c48e6e8d0ac46fc543c52c457e9c3cf04da37dd4aecebb7d0f0843ffbfeed413fad98ee485f7df6f85acdac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21bf202b8c5e73bc3a731ce246bdd1fb

SHA1
80465e220373aacc10ddafe88dbfb6c48f98fcd7

SHA256
0b96a4b6e6f4c4bf028fef5b9d1ec3414a784cfa786514f1e0037b559d1aead1

SHA512
4ff9acf2fe600c1fa26112f89979bafabed0c168e168af78732d4682db0d641a2a45c4a21c4df99f04e7c9bc848b432f37f0ed3a82e040af7fd01408c5592b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
50ddd2923a29d2b27757a91d158f6981

SHA1
59080b6d17e919b3fb8cc6e2dfc7ecd41507b32f

SHA256
80c8b34386e1c078a495ec849becb7b13d6bea94407434a1b41d3e20af71eb0a

SHA512
45636e6d951032ee5d3cb0d25080e5c4d93dc95b511145c6726216a4be609a8b8a321c5fe610c3f2c85783554bda9b5a7906c41131777bf348635c76498a847b

Download Submit