hxxps://1drv[.]ms/b/s!AmvZ5hs0RPsSgR3zUhb_ZF1pWsU7?e=SHwOCr

Analysis

max time kernel
1200s
max time network
1164s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://1drv.ms/b/s!AmvZ5hs0RPsSgR3zUhb_ZF1pWsU7?e=SHwOCr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
400	msedge.exe
400	msedge.exe
4872	identity_helper.exe
4872	identity_helper.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 796	400	msedge.exe	12
PID 400 wrote to memory of 796	400	msedge.exe	12
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4900	400	msedge.exe	87
PID 400 wrote to memory of 4412	400	msedge.exe	88
PID 400 wrote to memory of 4412	400	msedge.exe	88
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89
PID 400 wrote to memory of 2784	400	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1drv.ms/b/s!AmvZ5hs0RPsSgR3zUhb_ZF1pWsU7?e=SHwOCr
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fcaa46f8,0x7ff8fcaa4708,0x7ff8fcaa4718
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8621190923432144580,16020227606333591443,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8621190923432144580,16020227606333591443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8621190923432144580,16020227606333591443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8621190923432144580,16020227606333591443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8621190923432144580,16020227606333591443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8621190923432144580,16020227606333591443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8621190923432144580,16020227606333591443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8621190923432144580,16020227606333591443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8621190923432144580,16020227606333591443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8621190923432144580,16020227606333591443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8621190923432144580,16020227606333591443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8621190923432144580,16020227606333591443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8621190923432144580,16020227606333591443,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f30b8232b170bdbc7d9c741c82c4a73

SHA1
9abfca17624e13728bd7fa6547e7e26e0695d411

SHA256
0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

SHA512
587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
7c39e9b8a6287b86725cd96fd26428b1

SHA1
8deb63e9fe0517cf57af69d91b3d6ada58e2b4f1

SHA256
aab124dd446edf8a59e622f5758db456842882cc05e213c877ac310bb5814c2c

SHA512
e4b5fd75909869b2fbf6219b82f8ec312fb897685948cc1ec1b7dc4db2f3d7de9384e4bb639ca95266c2e20b7e5165f363dc9f89f3a39ecb96be66cabe6dd074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
643B

MD5
c5bbff3f0a40c2cb2fc11c5d389698c1

SHA1
ced5a421a92bb03a1d4ca1767fa1034b12625583

SHA256
47b5876eb6cdb7500e66c0e2709bc919a8c9aac8eab1e49273bb8c7a5d28e9b0

SHA512
4f5450ddf7ffb34b392a54010396e1b0852f7850cf1495ef856a7fc98c781147b5d81ff16a28d237e8fe7bdec6bf8b57ba052b284d0ae274920ae2b8a0e27224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
731B

MD5
6fdfec6533e642899da5735322235dd7

SHA1
490c4c62989b20762ae0d3836a9760cc32710979

SHA256
b8cf46ef96e2bd314509c473fdb5a5bb6099781b19789aa0261c8a6abe5cff70

SHA512
1ca374db31690e7c9de15a1785c33fdd65a66db65eae85989acedc5486f4e5038e2fa0b545dfc906ec7d0bbe4980decf0aaa69c477920a67e7c4a5a61a53190a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1a474dba5d284fee22bfbe298aa7d7f1

SHA1
92319d37c94eaab65fb2217bada3c2caad0d2fdc

SHA256
cc6cd71e92b7c89159ef4c3b3616ce10b0d646a3d91deb1767ef2c7f1709813f

SHA512
c9e389d6423036f6d4d3df26ddc1b06a124e3a579189948f879586b47020f17ae9c5eed24b0f25231ec8a761046e0a9788a4587d3fd5a3cad176a5640ec70572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
58d3aa82f350ee3d5441cda7c0261867

SHA1
98a2d2050fc581abb81b0ddce09e3dcc7611dec4

SHA256
da566f4bfe66f12b79411ce4a30f1ccab3bfc3a94563575b4a651c9cb7f43aa7

SHA512
9fa73579f3c85e05b6cce6bdcabaf1c6a8e37788ada8241babdb589901a3effb8aa75d01901f8b49a3fba1a4a8ed11505a9551d2da9bf7aec2db486c19cd5fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b8abe9b2d273da395ec7c5c0f376f32

SHA1
d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec

SHA256
3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99

SHA512
3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
365750c7ff29706e8b6526fe79b6abb1

SHA1
e24c3a049d8959fd413d5cc63a4d31081a7a1689

SHA256
690b4d3e30becabbef6b70d01dffbabd388f2b5ae518cac228e14093131aca6e

SHA512
4b20973dc4b4d34a7f6f2fc05adac31fbe14b78371856caed9b1a50f62753c7a88f9360d219daa451980ff3342ae49df4773d60b552b11f992fc2969654bbc3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
426f83ccc0a994e57cd0c59261575364

SHA1
477e537f1ffb112e5b6968045f2b00eab477127d

SHA256
b259742cfd25322d5c3a33937d89aa503fcb8b2cf19b995326de7b596db5f3c4

SHA512
d9fd6691e720014df2b9b617e473768f93ee2ecbc5979f7b3f8bb1e16af0b862a566b2e036d022084c8f4febde7e7d56dd3dc99bf11f5d50bbb8bdfc8dc12707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e271.TMP

Filesize
1KB

MD5
9c94791370f136019b531d5f915149ac

SHA1
88705487c1dac8c3251f2eaa03c09f14f4fb3494

SHA256
58f402c6bbacd1b3277a22b14327c0eac808d6214e3a7c9ca276c5f9a665da7c

SHA512
0ae7a130e8e803b88ac50c05b26bf6cfd1c90d59953bb872e20b97a878c251ae5e79ef7df08a4eea4d1b5fb9acc1a7928c1426e1fb1a38827d44e1af49230b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
140dbb95a18a22d9ba5dcd3d233cf9c9

SHA1
07dddc28daaa4970b7f76d3217616874f8dd6f72

SHA256
17931cf2f23bbe18c3b8f6d1438e6ba98fbd39fd2e3d14f2c95a3a0d8dbead38

SHA512
932ae9f63ccfbf3b8afb34001d4a381873c6326570abfb49614fe8296e732c85de4b228cc3ed9640fe93a6ddcc639d6c9f09a54f3a678b9d0baec722897ebd3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
5KB

MD5
7ec5eeba157057311b7e35ddcb4f6967

SHA1
1073a7662c64fbeed0622bb632c16137e388a3ef

SHA256
c45b94aac7d05851d9b380e70a8c606d3ab975bb3547d059b6f869fb9b2cb448

SHA512
4f799c088a976ebf3b6dbff0ada0c5ead1220ae02d9f9e9f060713c07e89a02b3b1ccc32c0ba4e19c87a45480cea007e893786f879c97a329cabd78974ef0235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
8cf2aca38ea58f3a4de832ec93cd3a66

SHA1
9f311db0d3f0720ee10974d02089210ce5efbd69

SHA256
8357e02a17cafa81268ccbd7f45ce180c316907b7698fad652bad46b4f887679

SHA512
e0075edb57eae8784efebb0da903a86d9c966c39614af1c82c18c06131cdaf5e5611b02f5c2659589801a4f775e197e7e4a849de050a09e8a3ec676fbb87abbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b21cdd935df3ac5b96dfb860ff2a34a5

SHA1
7fb6397611417311805d706121652762d57d4519

SHA256
f44abb3b80c67a4bd46e27068dde8504e33d7f2dbb99f20c98c57567b1831903

SHA512
3f4831fe92d5bb4aad0fd25a17dc305f801e936ed3ccdb34801040f4278e60a7ec92c0c0f00cee5f70a9b9ca5d88d977556c5e1b6db70f2f5b4f29d9e62558c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
650a152402e113a553fdc1bca536b71e

SHA1
eae2f1f7744065e7f6b3cab11a4cb99ccfef6b0d

SHA256
da6b06e2a2db3ce12ef2fd5f04c22b7a65f9080f412f7245fe35398deb52a8b2

SHA512
902f8c4df242e5e8f67350f4ef3053ac6d72a7d37a1ee2d584b0db72fda12927d0dad8827d449fe5bc9275849fe4a6a144bbc78801572b0b025586b833ea69d9

Download Submit