hxxps://1drv[.]ms/b/c/3543f5843c34049a/EeOHLkXfkqBCoR8QhP2PRVoBSJDGct3H28LJUIcS8_cjEA

Resubmissions

22/11/2023, 00:57

231122-bazqlsac4y 1

22/11/2023, 00:54

231122-a9edaaac4v 1

22/11/2023, 00:51

231122-a7vbqahd73 1

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2023, 00:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://1drv.ms/b/c/3543f5843c34049a/EeOHLkXfkqBCoR8QhP2PRVoBSJDGct3H28LJUIcS8_cjEA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
4740	msedge.exe
4740	msedge.exe
4448	identity_helper.exe
4448	identity_helper.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 4020	4740	msedge.exe	71
PID 4740 wrote to memory of 4020	4740	msedge.exe	71
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 2416	4740	msedge.exe	84
PID 4740 wrote to memory of 3092	4740	msedge.exe	85
PID 4740 wrote to memory of 3092	4740	msedge.exe	85
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86
PID 4740 wrote to memory of 4928	4740	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1drv.ms/b/c/3543f5843c34049a/EeOHLkXfkqBCoR8QhP2PRVoBSJDGct3H28LJUIcS8_cjEA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed78b46f8,0x7ffed78b4708,0x7ffed78b4718
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17692967364950514085,1227832165803558915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17692967364950514085,1227832165803558915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,17692967364950514085,1227832165803558915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17692967364950514085,1227832165803558915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17692967364950514085,1227832165803558915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17692967364950514085,1227832165803558915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17692967364950514085,1227832165803558915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17692967364950514085,1227832165803558915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17692967364950514085,1227832165803558915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17692967364950514085,1227832165803558915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17692967364950514085,1227832165803558915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17692967364950514085,1227832165803558915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17692967364950514085,1227832165803558915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
27KB

MD5
3ceba565d70fdd9d53470d803ff2afce

SHA1
ea846ef303b6e045a1e1e16ebc7522ec94ef1015

SHA256
8322713ea6cdd32805aac9d42002770e48277993d3d7ca523ca783cda9d2bab0

SHA512
cc301f1f9b4caa173380f8090c17540d8db03618be00436b4bf3a8a5975e77a8a25db15366b24a61f7997dcd43357c0cacfab78319da7e7c76da32961420f8be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
33KB

MD5
d1f1a7e2fca23d74bade0964520f90cc

SHA1
b7bd5cbc2430ea160349ea0ad517680e7c0c2af3

SHA256
b4c769af035714d178750bf22e95048263948fbb14cee689c7c607bf2726f330

SHA512
6e792faaed89e043fafa253889f6f5958ec6e30d9819d3f1bdf1886f5200e5b21fc6df05c25a5237ce67ec8a5a9a23a71a080dbae3300b7f63f64f4136ab8980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cbdaccc50e3f648e8c6743192864a03d

SHA1
32af5fb8d2a60763815642fa26a7116841dc7483

SHA256
5eb519e8765d79dfda5a851a79a4c739619822641404202919b45bb3a934915d

SHA512
88af1cdefb09401d9bdc9e4e31b0cb4424ed28e253bf5cd4abda3dc1b2a83c73541381df0e22406bdb9caa6400a8c7ba7980b2b62f399ca3986bcfddbf383fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
885B

MD5
8fb6cc092ac18f6e632b20c8bea5ed29

SHA1
90fa3ac1ed9c49ae63273703c6d0a38b015b2a39

SHA256
58a9a36f30efdc99da8e2d255b1b11ba873c77b9276583099c60fad72d904c17

SHA512
951fe6344c8eb26a97801da1a3f6b142baf6b54907ba0ef1c687cfafd2a97c321f7618cdd0bf6fcb97d9ba44050724fae5d4d67bd47c572706e0edf36500e5f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
47fb0aaa62ca9d992a084495258aaa1d

SHA1
da68e18f73a957777625ce3010e3d94227a622e9

SHA256
5eb056c5ce2d4860c16b01e03c9c22d52db2f46e3caba2ea0b76c2d3bd36ceb9

SHA512
386aefa4b2254581b8dfabb844855f7914ca84824022385a218ba9e50dfc77c733520bd642532948e86b0be8dbb1f60ff8a5b58354fee0d502e35f1fb8e41f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6f9b3872459432674b637bf16c56e669

SHA1
055fda009080fe139461f36b8a8f0a42c7bf9268

SHA256
4bd643576ed38f26a7ca7e09fb667b618a0a0fa169a020e5c279108f19b9e900

SHA512
8bd41cd3d5f36e3e1859e99f62ffa89e1f4237873919716f3a50ea191bfe0dfeb33fa13b9a64116e50226efc7f945a1d5c959e20d0305747ea78fbda6017a1f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e00691d9f7e0aee9e303e3fcc46d612c

SHA1
c0163b55369e5002e49a0bc3846b479c2b2623a7

SHA256
5b2364394183d1125e47fe86251b924a14195510a0fea258b5f5aa1b62580224

SHA512
0c00b5b207a666c82895455f084cdac3d62df78cd3b20919d3fe0e04be55c0f03d031b34894be35373de8a89d76bfe9af34d26cf420eeb5272922a4e8239f0b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce379f64e9b8a39b5927066cee6083e4

SHA1
8bb3b16b8dde063c9342d15c4fde4da7fc357b2f

SHA256
bb700b929d0fb16b929243f0dacba1bd1c14eb5ca0803df7709d493d9af4f430

SHA512
3c1e7ad7b04564a364c248ead18336b7fa298336c4e30ba1701c3d40684bfbf7dba749e7da2caa678166057d1b3780361f5e0a05136b68b2dd9be0d9bc7d679d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
550aaac2dcd405b0214edf87226c574b

SHA1
d647c9ab99269b243fcf9bf53af84410576e6327

SHA256
d42583a9d28fe9fc93f585cf43bf688c27236671947b9aec48eb007d069a179d

SHA512
7972f8a2306904c01d771c1b22642b73ae4e888c357ad3b69bca5ad71663a8926f0d59ac3ff8205c2410c13ad40223a9b794b38e06700446fa91345096e4a34e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
38febed397890f0ebafe6920e1ea08da

SHA1
916f060ee9df761e9599c3e7b1fb041e46324e43

SHA256
29699673ae2a3d60b1a370b9e7131f5fd63c9a9e6dd0d93087cbaec73c5ccdc4

SHA512
d444c72e0c06ddf0ce3588470f4275db3e466ccf28bd70949de86e3f53697976ab33074190b39cf5bab993b87f9c5cf5a766cab24648a61993e31058f4111b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e05436aebb117e9919978ca32bbcefd9

SHA1
97b2af055317952ce42308ea69b82301320eb962

SHA256
cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f

SHA512
11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ec7534eeb24f92b17fdb00d267c8c744

SHA1
4a9af65c587c476eb6971dc2cea67d5228ab385e

SHA256
459ec3b6a80a27dd419e87bc087c9ad8beed1121a30515a30fd876e50b174e3f

SHA512
2ae0d808e7941ba7bb8860ddfd28880a4f488f6d9223100cc4522d910b25632f9268b713acfe8c109de1e0c8ba5cab709cf5bd6144b8a51891ba6d50a1a06896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c9208ab506b057b1b55d7618ed97d0da

SHA1
7d43a2a0e96873fddea9fa63507ed4f84cb37974

SHA256
43683763591929909ab8c56621597210a4c0fbe4f52c205818beb68fd12ff01c

SHA512
6cf429d1fac58067afedba75be189efa4d586e52c6042b702e37b22eed8f497c60d0c26418d417f9264a3b03fcb72cd0feff716ebcef02359b093458fca8a36f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d8f95c2117fdd66c3791918dc62efaec

SHA1
f6d79dad1c4f59464e5b33d3efddf60c08026678

SHA256
4ca6d61c11eacf62b0ab6d3926e8c04be5aacaf08c370d0037124bcd3a8bbbc1

SHA512
1afd67b081dd2f90caaf23217698f5fb29b64e79ceb66669662e13914798b86f353c92085b183ba1ce3787a847d4be446e53df3b00bd439e007c1a9b0d6d8e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
14de3ba8e82e80ecb229509647024be5

SHA1
aee0dee39bdf9849c4df508c7dac0f8d16c06ab3

SHA256
deda3c06453b5e6d7e6bcdee27a00ff770a6db7ffb6de5cd10c40b497557a89d

SHA512
a8a5bba928f0b1b04baddb53e7ad658f0d17791da83e1109b1c46b12cb3c0e080a8e06cb121e5542cfd99bfa0026cba976c74a18f6ce6823a507e4b01b4ea9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a004.TMP

Filesize
1KB

MD5
d41f296adda095c8721065f7420b8a2c

SHA1
a30cc4891fe258e5096a0e144fed6105a4ff1754

SHA256
f981daab90bc7029294918d5f189caf0cc868a904f593ef0ca74f8ce05323eb0

SHA512
dc16619bc45fb9353af7dd2a7a22f94cb866c7b327127da1b59d597f1ce1f248468b47b4721d4048ea24e2edfa4db1065314a5e7a71703d7c55460a9c758bc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
560b1905ead8ead6e81f54d8b7d0aa5e

SHA1
ddf2c0395e8c74216919b680f3f55c658dbcfddf

SHA256
0673803322ff765acf6560e69cf114d9da8d28fafffe997d9b9dc086f727973c

SHA512
25cd440d150f7c89853d70c7f5d7641f0126b1a8048b70c47ce7ef14f5a6a3dac630a35310e0387ac7ca90ea8f8fa59f6d3b83fcdf2d1f2af2b82d2a107f5486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8072ff3901dd2ad87465c0c903d58530

SHA1
e48529a669e2a3ab5bed469ee01595e1ffc7881e

SHA256
3ea08c363932e6580e6cd4e7c3076ba1e222b1d3b53d7c003f4152323c698438

SHA512
4847c94e7bf8abea8ecd0add54402244f9b6ec77500d46531026f4d13c60d934793a5b51e79e20513c383416c70f20f5f6799b0fcb5d5ce8728de35f62f33677

Download Submit