hxxps://onedrive[.]live[.]com/?authkey=%21APB31J09Oy43Keg&id=BC57A25103735BEA%2160757&cid=BC57A25103735BEA&parId=root&parQt=sharedby&o=OneUp

Analysis

max time kernel
42s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 15:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://onedrive.live.com/?authkey=%21APB31J09Oy43Keg&id=BC57A25103735BEA%2160757&cid=BC57A25103735BEA&parId=root&parQt=sharedby&o=OneUp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
448	msedge.exe
448	msedge.exe
4044	msedge.exe
4044	msedge.exe
1536	identity_helper.exe
1536	identity_helper.exe
5496	msedge.exe
5496	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 4216	4044	msedge.exe	83
PID 4044 wrote to memory of 4216	4044	msedge.exe	83
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 4424	4044	msedge.exe	84
PID 4044 wrote to memory of 448	4044	msedge.exe	85
PID 4044 wrote to memory of 448	4044	msedge.exe	85
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86
PID 4044 wrote to memory of 4548	4044	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://onedrive.live.com/?authkey=%21APB31J09Oy43Keg&id=BC57A25103735BEA%2160757&cid=BC57A25103735BEA&parId=root&parQt=sharedby&o=OneUp
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc284846f8,0x7ffc28484708,0x7ffc28484718
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3260 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,16539828518625608613,4814224530318253127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5780

C:\Users\Admin\Downloads\WordPad x86_64\WordPad\wordpad.exe
"C:\Users\Admin\Downloads\WordPad x86_64\WordPad\wordpad.exe"
1⤵
PID:6104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
725f81f5a6c1c87e3f786bbbc4f558aa

SHA1
d3681364344304827df3145b49242502979365c7

SHA256
93fab101aa3a170ea08b440b2714825b0c93203b3622f8aca78b3032ea185350

SHA512
9bc2413a22befb5baf63dd1642bd407f27c7b0357523a723a0e5df0029de7010b198a9f3d2a225fe03be97133b2293eab1a131039df3f570b1726a028f713e20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
75c690893abb6fa0696d351b87326c6f

SHA1
fc7a4732127df8a094d1804cf29ed5a6c4c984e8

SHA256
2cbf094c11cfe4fcfaf9988f8eb00db9883b8c34196dc467d5f9314adab3cb7b

SHA512
667970b84cb8c7b3250ac80920497db971b80f436e6b3d10082c228a8ce50efd29dde78670291800a68fe4cfb54b82b81257475a8503d813e41e1800a0bdd8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3006434228b7e690e787b11ff5d6d4c

SHA1
978b62b1ff44a9bb45781c8f6aeae2b6a3a93a63

SHA256
09b2204f1bb844ab2a8f75a22946c43632deb927b112105d5f76a86837eb4497

SHA512
c641686a52ad22314bbfa4ef811b5a21a8241d4aa5906d1aeba28f91caf296815b17c7e95e6aea8b4f984f38793227ec5227bb428b356dd333a2932aa07ff889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31215f30ce5405f119cefbd4c691cc04

SHA1
4609aafdf14b131c00cd7a0f8d84fd5794c7f1ca

SHA256
23907f0526307a70b6485217bea9fae2764510d1f02bd5ce83d36c80ab50a5f8

SHA512
af82a4d2f8a052c8b70e5be44be06a475a98ff9d6dc28333fea8129b966544257c6ca28076f9583c7e6c97c8bda9ac7bd00ecacf3c5885db3f732de2007b379b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
62b354d4d3630d3dd3f363d3881c2e57

SHA1
0699422519c28c5fd39d0e3f200d243b84a0b289

SHA256
945d09f562be1963b57c73f9661e086c9a19ec4cf8e4ddff722192ec60e6fbde

SHA512
ebbb41abce31e916ffc097ff3a121c894e00518d0238b17128742f888749defc8f29753e022c35be013ca45d15b697635bed2e02124b4d32a0af6a945af79aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579e63.TMP

Filesize
1KB

MD5
866e82be6e509fa50a4773867e5b3de1

SHA1
6cbb056a5f3bd6e3a4b377c11f817fcb77d7fc56

SHA256
c129e8d49428eb4d79f213c6f9d9c31396e8fa5ebe2eda22573ddefe6fd02c39

SHA512
99c2c0e7fd13d81b122b725d2845ef74b99a061db3cf3fee47474a74d6eb41de80be9ec18026e59a76f5efd2d54ffc68aa3c781ab356becf676db45ca3eaba41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a2eb51a0238b4508da594f5f03594225

SHA1
fb69f08d2608f98d9152ba9a146d65922ba10c4b

SHA256
c0d53a5a9321af63915f63fd34d98691b2e4d2170ccfa920af50bab5b96e92b3

SHA512
ae029ebf0b2b98c41f38bfae7bfa9b2dc248de59edc53e7b8c831a6a4bb63f9c74c1f9000e0735a54ffbfbcb53af94ea4e0a345bf487ff925ba1cea6a57f16ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a71ea43c74694bed06d83534d4931b1

SHA1
e2bb7d4c59fa13a0fb4829a905baaac13399a71f

SHA256
c8a61e70acfaf763999084f87fdfd68ac519e2e22c1be3d35ccdbd6f448c62a3

SHA512
d4d56a24325dcb392289e2e7e27429352cfeb96bd07bccefd2af390fb5e032a9d1420ad721a6f3729f3552817d57dde2ffb46beab66f7d4a1960b777226c8f45

Download Submit
C:\Users\Admin\Downloads\WordPad x86_64.zip

Filesize
979KB

MD5
fd3efbe70365bd281350e57686b0722b

SHA1
40b042c4c35a616c94dba63a3bb4263acd36f83b

SHA256
1f700fdfd58b077e03ac6f1245a48b3043536c1748500c4b40bce607bf122945

SHA512
a56057847fd5dc89b35d72797e87e2e0cc7d1989cf0335b19fea6df938a10c0cd75b759900bfaf8638a8427e5130afe84cb9183e602638d44a9ca2025e2a4abd

Download Submit