hxxps://we[.]tl/t-oDtTf7dGIM

Resubmissions

08/04/2024, 20:45

240408-zjt4gsbd94 1

08/04/2024, 20:43

240408-zhvcvseg2w 1

08/04/2024, 20:39

240408-zfkqmsef2w 1

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://we.tl/t-oDtTf7dGIM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
860	msedge.exe
860	msedge.exe
1516	msedge.exe
1516	msedge.exe
4808	identity_helper.exe
4808	identity_helper.exe
5048	msedge.exe
5048	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3564	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3564	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2220	1516	msedge.exe	85
PID 1516 wrote to memory of 2220	1516	msedge.exe	85
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 4092	1516	msedge.exe	86
PID 1516 wrote to memory of 860	1516	msedge.exe	87
PID 1516 wrote to memory of 860	1516	msedge.exe	87
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88
PID 1516 wrote to memory of 1644	1516	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://we.tl/t-oDtTf7dGIM
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff967ea46f8,0x7ff967ea4708,0x7ff967ea4718
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2323638978610901685,7638821887055053327,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5056

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x520
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_wetransfer_nitro_checker_2024-04-08_2032.zip\nitro_checker\start.bat" "
1⤵
PID:2928

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_wetransfer_nitro_checker_2024-04-08_2032.zip\nitro_checker\input\GiftCodes.txt
1⤵
PID:3968

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_wetransfer_nitro_checker_2024-04-08_2032.zip\nitro_checker\input\GiftCodes.txt
1⤵
PID:1588

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_wetransfer_nitro_checker_2024-04-08_2032.zip\nitro_checker\input\proxies.txt
1⤵
PID:1972

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_wetransfer_nitro_checker_2024-04-08_2032.zip\nitro_checker\output\UsedGifts.txt
1⤵
PID:644

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_wetransfer_nitro_checker_2024-04-08_2032.zip\nitro_checker\output\ValidCodes.txt
1⤵
PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9daa159b-c78f-4a81-8bad-1823179882c4.tmp

Filesize
3KB

MD5
fc917b81eb532b12856006ea5fc347e3

SHA1
9e99947136f9b45d17f1036233389ac3ff622e5a

SHA256
b08023bb8f714e71a38e4b57e07bd05291617cfe4415257e248f898f819370d2

SHA512
5046d171cc630541d7ba5cb047f00b820e235719785621b877de88b67b65da6b37d858d57c51e17ac1cdc915e8a56d65ad7ed7f1242d308475c3fd52b9a48738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
1024KB

MD5
65dd6d56a6e7173bf74c5f36c28496d0

SHA1
8d057d4bafbfd90edcba0db528065bd81fd2a0aa

SHA256
665389d92ac1b28ce91db92330e31eb493d61b52ab651b905975985016892a90

SHA512
139a50a42de8d8a02af94733cf3483af0703c11ed6c8ddb0e0b78c0e5c5e45f62f77750cbbcd9e1f7fcb00341d4c48f473e9471a76fb82199e29a5d665837394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
99f04be39fce03967601bbb176a4f9c2

SHA1
ed4bba327c67033c03f71d2d09e295e679c23e23

SHA256
5a7e43e80cc329d279423e84e27c5fdc30619120dc59205696a1bea0811f6670

SHA512
624f0ead7e64cd5471f1bb636db53120aec4420fa01835b36f33541eaac0ec265fc58fb5bc6c8446f07dda45612affa3ff87083fa474dd9e00d3d04948eaf0c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
364c52a875a34348898470aa3dcd4df8

SHA1
0a24adce4bc120fd1cbe6ab846ec70c2fa0118da

SHA256
74765890ea58a6f1a8594ddf41c004c212794ad7ba1b51d24051bb6a50e3d69e

SHA512
3862e1acb5e3d9472705be92bec6f324dbd932f8d5ca77eec4f78b37fa3a0fd664ae9902101740ec4f10fd701125ea15d0086aa14ff157a645fe4264b87c98fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1a32c7ab1dcb42e1d09cfe857efbe814

SHA1
8835625dd7d2828fba7c830aa82d63b2ebc6eea6

SHA256
b45557918531e1bad56f5341f91463dc1801ed7351a2553120db2649815f7fdf

SHA512
b38b415b48104b304598a756611f28b0ac7edda1f6ec7c139d5b1d710a7cc2e2ca460d77ef5701f20fd5e331513e5fff77677aa3982b1a18fb4ed8a2fa9c3e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0d7786091ef26d755d84450797e98367

SHA1
5f1d8c0384e54df0be8fa193101adf1899af226e

SHA256
87e13ff4ecc9212b3cef6bf406e4c2dffe1847289acd1342e6d19ae530878958

SHA512
6b988bd089bfa125e79de5376b1d6a4b4903fb59e6faa72caf01f1738068942da90e419ee4f18602b79c4fbe2120adf88373c450e48c74c6f09c4b060b7f4e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e049b3717cd321540ac19b1763f1421

SHA1
c4d00a5cc5bd1640021d836a66cb8cd69e7189e8

SHA256
65a74fbc6eb5667218adddae46b6d34b8c4ea50f265ddda1def9b907b3a3bf17

SHA512
9b226881604f9e12066c5f995286b8ba057e14de22f7936d2928a1c74251e95fc2caa93cb391ef43fb54beb7980125c6d2639d481a3b25e3f0ca1ef1d0cb9c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88f042369634e0c211332bff91ead7bd

SHA1
f5a4b69a92f104f5edc8d086ebc75e3905da9491

SHA256
0e6162744edc025afae9e5e29ff5706529b88c3cf8242a83de6e75203040394e

SHA512
67ce8d06224eee63036efd6fb8cd563dcddae4c770032cb715e2350212b63e2e8de93b68dbc871b31a299ff5e1f52c1c9e6816c02296da098b4081807311f12d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8df5f863c92ef1356667960654f472e8

SHA1
ec6c21606e49c446c6ac4b68407d3e1ed5e6947d

SHA256
d492d3257553b01d38dfef26b5e20a88754f170a11ecca6ee7cd4a72097d679a

SHA512
e22e40bc61961719ff8a377708a2d76a6e0e2ad9378e6a33afa3af1b3b835c3d46c34809af56d5c77cad8460fd69e005328238a162b2ff70bd5893624bd44ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
de6901c83c80588324386d0d22e41c40

SHA1
b2de3440ad1189e57993f1abfa072f82717a009d

SHA256
4ff1d014532532534ec62ecb273c4455225e1d3e0c5c8e2c8c8527e13ef5fa47

SHA512
2dfdd60858e605af7320c36576f6c7df0453cf9db46fc5d79e17e46e1c3f781f1e27f0b56c047445833fe185929292ea2bde9e46891fe3dcf352e7fca7678499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
49bad99ee390c499b7a11ef8a358049b

SHA1
d91c713e2993dc0d342e2f6961c5f75696b6de50

SHA256
1afdbd9e356effff9057f9715c0689ccdf25d4bfbb90772952b823dbb9307c55

SHA512
f56f84ea789a37d4c5988c083e3a1a01a93f16ac4fe8d0f8da46c555d65c3efa9ee51161a01f4fe0f3e7bf6a6d753b64b716cadbd24f50cb3023305128b7dafe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
038bec9ee53ae16577fab414c3ca9e58

SHA1
dfc8a4eeb104ce17c21551d6248272f0cb1351e6

SHA256
59ef2b95df89f6e328a5cdd76b258b9c665c574b46ec2eb52723c50f7a425ff3

SHA512
2439f75af617256c58fbcf6a80bfec17491631674944df9d5f76678520125838f386a901db7070b52e18016beeb21cf5346adf89f4d0e4fde94b35159df948a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9e7548ca60669d222f9c62f805abc45e

SHA1
d4b7b1a0619232c33c15a0eb452f1d424a5bcc07

SHA256
59984967b9e1b4d180a738006526a7a5336895cdf12f20cf32365eddd28cffd8

SHA512
827abdc5c213b9be31e7d272491492e7a3c1740ff62a1ebdb18d15d41227ca67b925933a38c78f00e23d045680d067fab4a472d3b259b73603ef0d0b7f9f6867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
88c0d64200e95c867f37cfe8357676ec

SHA1
8b18b27fcefbe579c7bdab96294523ab566d3095

SHA256
dfa6dac1bda79ce75c8e9eb1862684a5d29d539ab18b9f18af09f974b0b0ef40

SHA512
4787a134fd2be834da6b9e4fb89f33b57fc7cbd3b2befbcd90c6d264b706df666bbac600ed1d933ad5014ce39f186314bb20f083c3dc5e9395ecc80e9e672d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ce2183d0d9745a4899bd48a4289c486c

SHA1
4636f769486f630803115ba17e51fa99ae90a8c4

SHA256
602b3026d4d634811c4f4602b946d85596240ffd392efa1c7de2c3286b525542

SHA512
facf078e56f7951f2a8c2990bf9410ceab79dea349bb5ddb055ee3ed7afa8a760ce3996b00f935adb1c1aefe3a51111e0c97d2452d4573d1752803a05973fb50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ccb6.TMP

Filesize
1KB

MD5
259abb2c57786c575c3b7c4a5df3febd

SHA1
aff339525b450d2a1d224abc4cc755645c5a6f2a

SHA256
de14924966b14db3ade4f7c3c43e65e96af6cc4ce5d1825394369ef8b7350f43

SHA512
efa58349baa153faeb67e6a3354527f784422adb0a66892bac760191e372f4c1577563365264fc45ba671b9c5cc3ff40add2a4b7dd6911831f196f64ee670c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
994850dbb6932b5f8f059d462ef1af0b

SHA1
a55a0b023952710b8db2407f1c36a024dd3d1b24

SHA256
294102b33acfcfbf77dcd56877cad62af0e5e2ef135deea0eae3a60f9f30cfb9

SHA512
8edd3bce71c7ce74a1f388b3ff75d7b2abd0e3b299f7f6606bfa2b59be334e309fb374bf513e8897ec57fcd3f2f2b0bbae20696869352aa7b910cb2e4db0fc8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e4f0456b6a2c1eb994446839424d0b2

SHA1
1fd61024e5ca26edd713e659e36747a273afef97

SHA256
bab16d12d3d05c934f207447ebe786eff45b6bf2cbdbe83aaa32c4813c12cf70

SHA512
125208c02dfc13cbd797cc9085976a452a9664b3837ae3e0f09cd6fc8fa2ae586a008c19e68a5af54b7b770af7368b6eb95f49b59f34e9347d5760cb485a1f09

Download Submit
C:\Users\Admin\Downloads\wetransfer_nitro_checker_2024-04-08_2032.zip

Filesize
215KB

MD5
b38cecb8b5e4917b66e21cc562798afb

SHA1
fc0aff57d01d09a445e7a77a5ebafde07f16dd1f

SHA256
cf552c7c4f43632f4631e351f4db5e4da6fb0bb03710f4d5811a77047e2ce4e7

SHA512
521ddca372d2eaeecba9011b9add6ffbc957ff5b3135a92cd3373b0991633186094aba43c48bc1f56a4369ddf35aeb8726850e58af3662af3bd993810ab71ec5

Download Submit