hxxps://we[.]tl/t-XdcVKxPZkS

Resubmissions

01/06/2024, 16:59

240601-vhgpjshh36 1

01/06/2024, 13:45

240601-q2stpsef45 10

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://we.tl/t-XdcVKxPZkS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2580	msedge.exe
2580	msedge.exe
4920	msedge.exe
4920	msedge.exe
2860	identity_helper.exe
2860	identity_helper.exe
6112	msedge.exe
6112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3896	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3896	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5860	AmazingGame.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 4024	4920	msedge.exe	83
PID 4920 wrote to memory of 4024	4920	msedge.exe	83
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2244	4920	msedge.exe	84
PID 4920 wrote to memory of 2580	4920	msedge.exe	85
PID 4920 wrote to memory of 2580	4920	msedge.exe	85
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86
PID 4920 wrote to memory of 2616	4920	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://we.tl/t-XdcVKxPZkS
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d4718
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3700

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3896

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5216

C:\Users\Admin\Desktop\AmazingGame.exe
"C:\Users\Admin\Desktop\AmazingGame.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5860
- C:\Users\Admin\Desktop\UnityCrashHandler64.exe
  "C:\Users\Admin\Desktop\UnityCrashHandler64.exe" --attach 5860 1774103105536
  2⤵
  PID:6076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
1024KB

MD5
e26c9941c83a7050d5d3840e0fec69ad

SHA1
16e50e7f1deb07fb7557895061dfbfa846f541f5

SHA256
e432f7a425029939607585e5c9de240b749ec205b02b3bc9799fe4a1a01fa088

SHA512
8dc5fbb60f4f4bac8ce46569fe2f5ef81671994573f7bd92cac2e1bfc8150eb18909d0673e0c617918f5b11134d893e62e0ce4e6725b60d07cfe1e9f081c7c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
194KB

MD5
dc1f7ba3725be6424bda3b2d740ec8c5

SHA1
abbb422528a417e89d3dee422b268d0eef368e56

SHA256
038bc25211e6cea99bd1d1bb8213c7134ccf003fd3d91d8408beacf6bd966995

SHA512
11514d5a7f5a43cf496cf8f6f03da2465cf732b0af210327453e8eff9a75c33d71ed7a302cf342dadd6979bee783da6983ef356a053f453a5501e7ff246c7b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
509d351d4df20c65b390e9897c83efb2

SHA1
7c0a024566837ddac41597681cccf7b7f718739b

SHA256
88178032e1d45561f87f8378060e1e411d91f62590928eee1d754d32ad2fbbdf

SHA512
e529a1a69bbf067ce4c843010bb9e7466d588dbae041409c6a9438b0cbedc1d8012cd2dd78781d09bc4542fbb6b7869c9e19959ff9d281263c3ad3ea62cb9bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
509e1760252d468dd339a7026f753819

SHA1
c44095acc87ef62053cee7b4abddee0bded459e0

SHA256
28e30868077a7cc3bcf9cedbc5ea0a2be0fb8885472f23147418ac81349bc1eb

SHA512
01d79c7421602a4f98282db4d4a0e9cce43236080fcb7cbec20bb883db4bd30f6c9025fb9211ad02b6d652cd328a7acd7de2f7e8d69ce9e8ed391a31b58fc931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0877b0fec8246a0864ad9678e3fa2938

SHA1
2dea0afc9bbd6731c1afe4f033f8366e3cd82832

SHA256
5843922c6e334ade888bb12ab900ae5784366bb5c757813184a578d1dece8465

SHA512
51f206b36226ab588e5f1424dae6cd009c2bf899f83b7ed51796a2b6fa5bfb63accdb1fd20c5be8366c1889a90f0b0d4b1d1c57edf487c08f341890a305a4f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
402b578b2eda8847c8b4f2d82e64c364

SHA1
42259056f7a5bcbf7f7a68aac30fa111f7af1983

SHA256
1541a810878e91389f0d3db9b212349ce152898c1cd6e6b46a51d2af2a263150

SHA512
d0fdde6b29923e56faebc1bf7c8b1991aedd5eb1ffefda5fc0714f26014bd4cdb89040437969d81e82e544fe560554a4e4b2dd130077e039cd0b8e30e150f9c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb3ac89f87514e1da6bae4031af9f3a8

SHA1
2e7cd9a7018c77ff948366de1662c85a2c12581f

SHA256
c56a807890931cde47ed09d7e293f47a112cb3b7f84850c2c643680dbc035c81

SHA512
4b73340d4a25d2707ca0a705a53e303f8063c976eeca1ecbfcd008025ca473b84425ddf59dd36641ccc250381a3bf8883626050f0ff9ee42cd59b6296f4ea4b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
92abe55c14175c039014436319481a2f

SHA1
c118e0097d581e94e057fa1470a84311463a8b6a

SHA256
55db84770a98e4494c2fc4ad97a8e558b5eebaf6f71e75b3d65170cbbfa62073

SHA512
1804e47809576600882b327d143c145396e6cbbdf9e226e7ffbf4dba6a0313af7b2b83785430eb7f15d5b02c81ff070da6d94b9285f9d12440af79e8f8e4c7d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
77297ea482319a25a95011273d5ebd9e

SHA1
810afdd7d380d93ff1f24707292e33e66e887bd7

SHA256
f83a7f02bb4b8b141ac1568e2be51c0fe792191ce19cba204e50b3eb603fcaca

SHA512
bd4fb323a322a95f5f5fe853b8e8278f569aa5cbe25ebc68fc95eb0eee41aa9d16c92e2c4d8cd84b4416e163762623c45672518d382c2dbde5e7781de7026ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9a1b88afe2e6675f0f2d7d2d0b3233f1

SHA1
0b406a1ae8dbd56ba83a42d5c82ce29e9535c9f8

SHA256
8ec43c88cfa70453a4fa7d092f781670790a17afc806e1f9101e75de88debb40

SHA512
ca2a5afa1432c86713b69be0a8cbb1394bfa94756defdd69def72d3c753bcc4bb104dca6ed9f87fad8fdf8849cbcc0ce798c2c9113327e6579ef7a00d927e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a940.TMP

Filesize
1KB

MD5
a1939a6659f8d21dc17a8fb018719bfb

SHA1
7fe108d54ebad71905ea1ea07e83843e4f4c5693

SHA256
e5a142f27c872d6b03d7fb52158d2d1e762247303c94673b84c5af6d3c1a8a03

SHA512
e2e5a91ed36cc8784d89f1e042332b1a4386681cca9212c8ac5a1167471099ffe5478d21cd7c95670b0f1844cb58f53e6b2a44234d2faf46311e762f7f807d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb8283fe4c7326a62d80e5087ac99d79

SHA1
46e7d800fb36cd4acf49194e6653e402a341021e

SHA256
60b8b70c4b500bc943acb97f9715dff5b8d631236cf38174a5758309d77e4204

SHA512
8b2602f4cb8e7b97251b1d2a41af4c47366c1cfd2dd141b2086b2ebf05c11cf5c1928d3f5a9e69e69c1a62e0c2d17544cd8f3e85d90a60e2f480dbcc01db970f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7a58957fe33700ccbc90ffb84ff43971

SHA1
a73ac253af93950d03f26ea4d21c7799cb9832b1

SHA256
69183c58d5e62af6f898b2b6448fb4d01a8f942a2f532d4da559882ba1ac3f83

SHA512
fbcfca1e626f40adab8faa59ca7f39d5464ca28438a781f6449572580852283a74008f9f5c95310d66bc33246688c4c8674b31ab8af6cbfeb67191028360ee68

Download Submit