hxxps://onedrive[.]live[.]com/?authkey=%21AJbOPF2tnEGLnQ0&cid=A974D3F8C4F36B77&id=A974D3F8C4F36B77%21241&parId=A974D3F8C4F36B77%21106&o=OneUp

Resubmissions

21/02/2024, 16:27

240221-tyk68sbd93 5

21/02/2024, 16:23

240221-twa89aah41 1

Analysis

max time kernel
150s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
21/02/2024, 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://onedrive.live.com/?authkey=%21AJbOPF2tnEGLnQ0&cid=A974D3F8C4F36B77&id=A974D3F8C4F36B77%21241&parId=A974D3F8C4F36B77%21106&o=OneUp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1118208250-2584473247-1767544961-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Batch_Video_Processor_v1.535.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2192	msedge.exe
2192	msedge.exe
4120	msedge.exe
4120	msedge.exe
5968	identity_helper.exe
5968	identity_helper.exe
4012	msedge.exe
4012	msedge.exe
4108	msedge.exe
4108	msedge.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 3868	4120	msedge.exe	78
PID 4120 wrote to memory of 3868	4120	msedge.exe	78
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 1340	4120	msedge.exe	79
PID 4120 wrote to memory of 2192	4120	msedge.exe	80
PID 4120 wrote to memory of 2192	4120	msedge.exe	80
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81
PID 4120 wrote to memory of 6072	4120	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://onedrive.live.com/?authkey=%21AJbOPF2tnEGLnQ0&cid=A974D3F8C4F36B77&id=A974D3F8C4F36B77%21241&parId=A974D3F8C4F36B77%21106&o=OneUp
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb7e903cb8,0x7ffb7e903cc8,0x7ffb7e903cd8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2806858801758452085,2552602126529176477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:5432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5600

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc9ad6481dbd849d589d50f5988c7fcb

SHA1
87cebc5ed3afcfda307b9a4972d2eadbaf0fa854

SHA256
7eb4a4ffb8ad7997365e51b970221549031ac53f87816263fedc1a594cf22556

SHA512
79ec0e21d8bb64c9ff746e93a7a16e37b20c7aae47416697c967306393b738ef27a3ed9dd11881cb191289046e49df3c714fbce697e5023cff67eb8ba17a23ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
94f30665748a4a22a8606e8b00c7d49a

SHA1
2b499f57837ff6c902b30305e499bf906fadac6c

SHA256
450fd7c8caa3f15cf50df499871abb61acda3feb3ca5bc6c7051a4ce6c0ce17c

SHA512
99a4be62aeb13d8c3e9b90f7aaa3ea7808a35ee01e6bc97fa893b3b465cd3d777ae0ccf8953206ff432a3741958d89aa739d04950c890d17a2ea56a599e0a27a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
660B

MD5
0607641af6caf5e1019544dec1c0431b

SHA1
aacc9acbad445f277b51eb91ad7d8544474e26d6

SHA256
f8a3db5e28fd23710af541519f727ca3a03da8b84d5076fcdd0705e15eb19c00

SHA512
a1590e709ba57f1ce2ae1336e33fb3c9ef5c941e77afe3b9b69286cabe207376f731a87edc8d96a2ae6761b05acbd73b949ead6771225dd079b8c8e3c390b6b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
777003de7321557f23267955d455f795

SHA1
eb6e9f117c862e75063065a8b0c82e245accdc4f

SHA256
49da33cdfa70225479997bf3c6fd4beeb6e8669fea8622cf6934ba63d26b0c12

SHA512
07b1c7c1c2413b957ca6d425bfd0b912a65f65db7dbe0c48065e7b42c9c1c8f77b743fb5ddfd4c0c06095d0ba0a17f7a906ecf002ac3b5557fd2c6d6f1c62cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
66f413d49585156ab0c50eeffc280fed

SHA1
0fd2518b9dd36b5a90d73cb0672e1cc71294df6e

SHA256
ac4dccd977e8751d30fd74de90161e22bfb12cec0b0ebb0c7aff21b8e4928c8a

SHA512
07326422d73b2332c68eda941928c480466525a5a77f56933b499040c068906e8202efa27868774074b7faa739fa186c25a86c269fb4ba13963a1518ad36a79f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
44d02b54606317e76db7be696520bf93

SHA1
c09699c5399c4096696702ada8e9c5ebab9f65f5

SHA256
513608d8aa75d106ee1972605f99a6b9191182d646c2134cf1f21227be8fb940

SHA512
10a3c14dde600ecaee2d447ec7b9b779e99d13c199190c0ab76d5738c9c09089b989c431c39e409abfc1de3a1b85075dbb21a0fc29e9265d7e8a9f7097e0e69c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
6eebeb9a797a13b043f5b62db4f35dfd

SHA1
78509b1bf703579a1df798428e88727e802446d5

SHA256
e27034dcf63239ae5f57bff6dfed2c4c139c9a5c5183526b1b82e65e20c442aa

SHA512
19fbfd65018b2fe66e8867b676be2e90efa9b48b4bd4d98ff0e6c12f9cee6129dcd3344eca50097cc1879bed4c5c680a792ab219d7ad00da4a4d0d62d02d8cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de7a7c2d484ca904304834a472c34263

SHA1
8cfe3c07355f0d2e9089770efa815969b45e319b

SHA256
04002fc19e5e92847cf2e7872e5f3879bc0f492664ec497f3dbb8a19a52e99fc

SHA512
219aa7a177045118f502d9c6fb7c9394f0bb79e6f86918e962cb8f777e1cf4365a6777ff79566016b323901fbee7e9938d1b882d17d024cdaee946ee9b9e7b2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b7e5860b1b5b88ef5f8d1e69588ef766

SHA1
c730f92727f7040f305c2006c7c38d500a217549

SHA256
99f8b5662de0ba09d491f4568f9d5cef4ec9a821a65fbaea910d47efe6517d10

SHA512
c6042639753dcbdb107674d255b3c32a0b7e342e6fa6b7ee2fac63c88d1c7fd3cd03018ee0a05f6ec6fe59602d69c46eca3ac1fa44a998dda875f256e2bebaaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e0ea.TMP

Filesize
1KB

MD5
6c20c9755a3b450867640ca47828a3fc

SHA1
bd22b11c22a049f80f670b15cc6d740c07cbd2fa

SHA256
d89330d6ce2c97340531e0565b3905ef04d4748ce5f1897120fa19fbfbdf1167

SHA512
1396e4b5cfd94aec4025eca386a5ff0936fe4f8c307843f0b8eeefa17dd7ce9d9ccbd63ba7ce093c85db06e08fc93e704c4e020f5154a7fdc52bf4f5640c9d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
501b4b77520ee68a241138d238b2de84

SHA1
4717a160f6c52b1873f61311e1766e1427e5a4ab

SHA256
4584e93ac02dac96978860aabbc25c73e97e3ae1dc863d922434da60b6fdb85b

SHA512
7103988f17571e6c5e4f5da53b5aba836b2dd9ca060bccc01211e4da285c56def2361a67f04a0aa08239bfe29451dacbe1d5cfe4dd0407a7ea0c05f85db64763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a383d43ba7f0d3b95e6992564737e53a

SHA1
20e9029d1e6bc7e7bb3524cf34b0a5f093c2acb2

SHA256
e762cc81f98685ef3a9da68bbebb1463c27024b556b2e9216276d6510dad5e61

SHA512
c475360eaa5162b0a16cb3e4c05d2da17140657f4391539506a05330445260f5ca98c821f5deb8abdadbdd775685bcc97787aaec386417d2a000aee3ff674d65

Download Submit
C:\Users\Admin\Downloads\Batch_Video_Processor_v1.535.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit