hxxps://onedrive[.]live[.]com/view[.]aspx?resid=FE2D647D83621BDA%2110489&authkey=!AHE88LAurlwJvto

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 14:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://onedrive.live.com/view.aspx?resid=FE2D647D83621BDA%2110489&authkey=!AHE88LAurlwJvto

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
5104	msedge.exe
5104	msedge.exe
4240	identity_helper.exe
4240	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 1232	5104	msedge.exe	91
PID 5104 wrote to memory of 1232	5104	msedge.exe	91
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 64	5104	msedge.exe	92
PID 5104 wrote to memory of 964	5104	msedge.exe	93
PID 5104 wrote to memory of 964	5104	msedge.exe	93
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94
PID 5104 wrote to memory of 2704	5104	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://onedrive.live.com/view.aspx?resid=FE2D647D83621BDA%2110489&authkey=!AHE88LAurlwJvto
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff838b946f8,0x7ff838b94708,0x7ff838b94718
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7358625570018004430,6023335511809801589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
65add6c97af063e1bc70211d45a7ad15

SHA1
de341fd4ae129c4278a32bb6a0c998e746fe0aaa

SHA256
5db78391e545ad2db7166cd482c0d49f65823e1909d6cdcf9faa92bb2a80ab3b

SHA512
9eba95a00ce54b0136f3cee7744bd5abcfae9d30f758051a300f0b358fb6fa2edc984225713d6a2ac4a7cc0b498ce46728d589b8f2b0613f8b682d0592851b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
81d774c4d924673655f816bb605016da

SHA1
8625c934ca658a30f19e1e18637faacdc9cd39c8

SHA256
1c96e101f34b840a6cf5a5a59a895b936aafd0482c90c5d4ea72c721b8b97a62

SHA512
cea8b7c493c52e49589120eaf7d6df42102fed8605c7442bc557bad201e3affe3d62a4cb25141ec3a0db8f49a218607e41f4c23f8bfdf67f199da5319317d582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
710bf414f9eb64dbf2e5e2e10619d2c4

SHA1
f7c7dd6795a760d2464015e94ea86287a6eaacda

SHA256
61ce6ce46e112d8b4ea2b7cf62a2a6a0cb894e278a0e2e2990adb5d3555020da

SHA512
4e233eddd14f5d21f2404e0d1c757024967b78aef4b289c32f38ead885bb6249c86e9e583f3b5cfcde6688db7e3f1b797c0001b35d80f38e20dac63e4685879b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8411362c3e2ddf8890d0e8de6e5f8d10

SHA1
70fdabac1616f6e39f1e9987ee6b59952416e904

SHA256
bb0c75fec19aa5ab296b170d2f6f1d593b51e0091c9a595f892531f34f352c7a

SHA512
70029ca7b52c5fe9f44660d81a3cedcf020c84ab6eb80513d446efd6c9d6c25e862950d59f63438f819e4c6175a8cf9cfc7465cd5405d0af5f3d98400332f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f28ddc160263d58550f78af7bb36f119

SHA1
14aaff2caae9acb20838c9767aa0a7d5e801c88a

SHA256
396285e2726223b6841a77d92346a125f996c47d949efd97da4304def3b5e375

SHA512
7a29a2e0547598822ef2849d58166fb877b1b04fc92a118e7211a7968714e14b25b5468eee0611579fdcafe452081cacc2c3a56860bbd3a0510f44c2ddf1ee50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
527b06bcbc570f319652897c16dbab1c

SHA1
bbca4450a7a947909d982147ea54f92c0a218362

SHA256
289a8d24546e85ba0a5041e13e2671e5f56ae9d6cf397082403c9c984098831e

SHA512
1382d436ac1d767b9c07529b889a4cf34ada0206d48572f120b2100808cc30730170f9077ad63e5f94a46c147c34ab94f24607a0c46db7ee854a830ae3c38207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44c5cb69ac53f1b1688ee4b59d948a5b

SHA1
3e5cf134fd9f0821363326342e5fc8b4e24d86f9

SHA256
56bb42a6de726b561cba08dccf1a4a2eb6ab6f89d28712652cba1eea90153709

SHA512
23af145ff1083345225f69824332e4d66bba95d95a658426c8ffa948861cec2619870924f24500f371f40493f3ee1438ad103820664e9c2b7435a563c94f357c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8fe17545e30e3e4840f20e42bc7aa42d

SHA1
16ee11a44adcfe951e18afc0a9b483ad44fd52d5

SHA256
179b10064973ccaea4d890721fee76213f8a6e602fff4beb1076a2f041c9485d

SHA512
463d256567574d11ad6234ed76a7c02282aa4be91436f496035bf1ce42efe2fd2e61da48766e2fb4a8f810eb80497d758b5dc62870296ff8be1cb09591d6182f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
99467257ba3ced1d2795644b211e5a5d

SHA1
1a4fbfbdaa546c39f89e9e8c107cffea7943568e

SHA256
dbe7fb2795dffa1b3fe650adef355407da0af8bbcb8e1722bbe07078aff83fe0

SHA512
5b4679a170b631b686c4fbe1618d5d7c19c29af8c4f46dc4a6955cf1e9318772540330f6ad599c3b855a773259394a7fba2cd2220a7bb0189a3c5f8f9fca535b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0dab640b053947e02981ccf1bfbd46e9

SHA1
870f4c7a66712bf67a363ed7a35b39c4a9245571

SHA256
ce6477cc9d9f40f0a7c7771eecf9493bbd35884c9c9d93b57cda1b49dace8fac

SHA512
438518a165f3c62aca11f2601d7f1deb6ece642e91a6de9aa0d62d45b392c5fec502352a601c3f9df921226ab411fdf02a6c1f5470762994c4544aa7fb0f3155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2316e7d852a489c1fe008e2ebf84d3d1

SHA1
613a530c01ab6f607bbde28f86f3a8fcaba9900b

SHA256
87100a65c327e06d5c3eff3bb0e3fcddef7e4c02c8f692a142b99063bc701ca0

SHA512
34f3625e46a87cacf13c2d07b57ebda5d697ce23665debbade4189f97b7e40227d3a306e2c9a5d974b90c0d2a76cbcc0930391328d8d18bdc0fc4da52eb332ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f14c5c5ca0e7a51a1f24ca0a2eb5f10c

SHA1
19c39e8a1e024aeada54d9c5aa9204ad790e0f9f

SHA256
bbb6613b2f127d35747994045a1f7ac063322ce3407323a050e753ead2f6dcc3

SHA512
840ec5f5506fca12d0a40073a1563bd6505df09bad04c9c882acf03c5cac89f3ac59a8494152a5eae084b29c57282a45ff696a3137fe87ba4d7c1326912c0680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fdb9.TMP

Filesize
1KB

MD5
3e477bb9cdf87c0d2c8ec7bb415f3e85

SHA1
d2a8b90e1f779cc6558d09500373b40ab629e8ee

SHA256
234b48f749de19e5d10b92db64ac14299d6e9c504f8cd0f7adf706a152671ec7

SHA512
acc43be525b6b88ff62868b7e3cb3c6f2f2b04f73fb665a03a83462fc9781871f88c2ff49b59666225e8790775816c7abf968c25466c7b67a60d6e769550938b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b02f0cc80aec3b08e7371fd43fe46dd9

SHA1
662ccf789b859099e56aca518c2f4621e008d4ba

SHA256
a3ae8d7358c6eb06bc4302e2fb8c7b120dd067d418b60ef8634ee9794983992a

SHA512
c6f449911eeec432f935405f8a88689c39933b97d10a913ebdfb9a55486870bdee14135aed737407ad60281716d4c9df81278a701f0e2f640a627a9e79f97cb5

Download Submit