hxxps://docsend[.]com/view/8q9z76tm6uk69q7u

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2023, 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docsend.com/view/8q9z76tm6uk69q7u

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
4900	msedge.exe
4900	msedge.exe
4300	identity_helper.exe
4300	identity_helper.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 1296	4900	msedge.exe	35
PID 4900 wrote to memory of 1296	4900	msedge.exe	35
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4972	4900	msedge.exe	85
PID 4900 wrote to memory of 4624	4900	msedge.exe	86
PID 4900 wrote to memory of 4624	4900	msedge.exe	86
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87
PID 4900 wrote to memory of 348	4900	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docsend.com/view/8q9z76tm6uk69q7u
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffb8f9346f8,0x7ffb8f934708,0x7ffb8f934718
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6399712828012095640,9406112081780708980,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
ca65bc0d4c30fc00c91ffe38534c1915

SHA1
e239108c87cd7dcd3914aee50941e68084171efe

SHA256
ca81eaea48bf606d14586e9b3454e3c8819afa35947ea885d3a4680369524317

SHA512
161eab52bcb2911976de123822533e19512ecf8ed539041d416ffbc8f728fd33c8ef9b49e008733f836ca37febe3f8faea463fa25c7d4fec4d22fffdbda12ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6ea8015c655bb3f4477ece7b76a9230c

SHA1
d745b7897b7d68ca36a57c4ff9cc3959bafec133

SHA256
2416fe3a7db12b374a1cc0ceacb4f96a50891748c8f56baeeef9c78d21395b72

SHA512
b5fcadecea066dbf3dae268fa1cd12ccea2d4ab2567d4ff952cc0f1d3334865e7828627f646ed23453437e252f5d703c27bc656880eb1d7c2e08e0613f4636e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1e7bf3d05f808b729a9d86bd7919463d

SHA1
387807768b2436a676ede02bd2c62448baca39f5

SHA256
c62dc484e97a56c1eacbe862563433a57975fff313ee892fa5c7e8a0ae2c87ca

SHA512
75fcdc8891a9c42917525ff87bef4fb6748d86226df6f692df4fab14e86bb37ce70855f2ed774b539f81f6685bc4483d432efc2d0f41ab76118cb757aa7e3af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f1881400134252667af6731236741098

SHA1
6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458

SHA256
d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75

SHA512
18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3573c1dfde409ff937d515ae12ec0383

SHA1
14a020b7c9a7f3a2fb3284fa2ddfcc1429dbfaae

SHA256
f3137bf382be522e70bbb87dc918ee2845a1f9c4c0c269c1e02affd03d2eb008

SHA512
ff873be9ad189836bb7fbf9887b4cf430f21f4620787ec0bbe5a35d0afd5defcef711abb8ec379b8e5c031fddb8d086f1e36de28a8b56d62da35707d3e017980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0947bae492d7d0e24d2dffa29bbc4633

SHA1
74175bf3eed9710f86c5d539aa36fe405cbb70b1

SHA256
e3b1b61727a7a9611ce42b506fe3aca24a45b7dd775028dddaed1f73a19bf518

SHA512
c3118754e8f996edcd7f8d74acf62c7dc0c5abe74bd53cb40afbf782a887384f90fc23f72fd82d6203793789dd171d30f9d2dd203021ca7be13853fd44063d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
51624d3c59c49195f320354e06eb9929

SHA1
448d4ea36ce1b373c6762f5383de8857d5e745cd

SHA256
8cc6ea3938b8efa632ff87982611eba9f9f723d461915ca94acc2c3ff32b8ecd

SHA512
ab2739991bfd94458de7b9d06e7f8e76821ca437a8fa6d642a5d037344160b48aa485e5814b2bd764cf65dbdcac67e9a06bc3116ecffb607e60b5500acd95696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b0ca8f27a272e84d55f9f38067ceb91

SHA1
0e6b4a6c1eefa9e0e7c079085b69a3c80e7f1c29

SHA256
531f0d82338e5c5fcf746e4c59996afad6102b1e14b44acf5539fc67e1f51f26

SHA512
1858fbd5d45179c19e0c99284926f3914ed6feb4d0aec01ea63600018f37b41314a4aae00457414d780eb13c4a4540f29f236fc47e42553be7c46943848695a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
31de6c1df6943d53f5f3658116b6bcb6

SHA1
909961d7f2c43ff3e77a4a59bd3dea94fefb71d6

SHA256
1522fc72f8c66370f853aa5df4594efa2f362e92b0c48170533fb0aef92e65f8

SHA512
462af4cb105c48066c65adc636e6d983dbddc3731500038cee5b3486b155e26a93f049d1fc4da056635ffc05620b57cfab02b932a6da2d541ebb4f0091b1fe21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586c03.TMP

Filesize
1KB

MD5
9635c2afd103eda3fcabf7f367620c6b

SHA1
71a71a5dc7b70e16485b587ea7e24cc184b710a0

SHA256
b0acf64acbffd2e549e09ea58d40b9590c285c2723ec7850ea7ac362509dd2d8

SHA512
b23566d3edad26e702c8e958f374d8dfdab1c583d3544eff008c0e3cb9fd798811efce8bc2d2a517a084934e9b149923ad593d20fbf7d3a4478bd73344ea960d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f0157929-9d6b-42d7-8fdd-8def18484eda.tmp

Filesize
1KB

MD5
ecadd7f3c1dc67b021b7df441b4a58ab

SHA1
c2fd6d3bd0d8e51d18776de2b5b337b9761591c1

SHA256
81e7277a2ae7d74dd54d9cfa4dbfcb988c9051a4dcd692f7d4bc6cf1207540c0

SHA512
863f9a9dc628154835a625ec61525e0be2b70ea05d7d92233d74f63208661eee40f7d7196c011d68729b418a010def355f565b518bb6cbbb06d4b574cb6f0cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f7a2144c48c697329d383941b54def44

SHA1
7860b45e2ed3781a3e0e7c4c729b299db0533466

SHA256
5d4fea2a8b2178e8bce79e57d8f97d76a77495af72ca920f2554c0cae995547c

SHA512
8742652310eb490b99ea1c00ef5108a9dab3ae93913881b3dda25b5055819ca7201c39073e9a332f75820d0a9ccf7fd6ebfb68ebd41d97711b8e5a6f260ddeb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
caf5a49a1c315d6a5337f2a23c29683a

SHA1
56da17fc37d88bdb567a4f01e38d8ac9059e05dd

SHA256
f45a1ab7453c48ef08c7aa75480935943aa01777925802f3df1e79cfe1006dc7

SHA512
cc9f2060d8fbd0c2f48b333a623bc6ee9681320792e41e8500e6dedc84a9db848a648aebbce4e5642f62cc847080f709027095ae1722866a2d623dc940a43f36

Download Submit