hxxps://charlesbarrette[.]sharepoint[.]com/[:]x[:]/s/CBSST_OPS/EdnxmrVfvtNJnHSTcJ6yMqEB1Qm7POvEYCckTNYa_pzZlg?e=4%3aZ2abBx&at=9

Analysis

max time kernel
148s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 21:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://charlesbarrette.sharepoint.com/:x:/s/CBSST_OPS/EdnxmrVfvtNJnHSTcJ6yMqEB1Qm7POvEYCckTNYa_pzZlg?e=4%3aZ2abBx&at=9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1064	msedge.exe
1064	msedge.exe
4944	msedge.exe
4944	msedge.exe
2536	identity_helper.exe
2536	identity_helper.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 4292	4944	msedge.exe	83
PID 4944 wrote to memory of 4292	4944	msedge.exe	83
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1712	4944	msedge.exe	85
PID 4944 wrote to memory of 1064	4944	msedge.exe	86
PID 4944 wrote to memory of 1064	4944	msedge.exe	86
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87
PID 4944 wrote to memory of 4788	4944	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://charlesbarrette.sharepoint.com/:x:/s/CBSST_OPS/EdnxmrVfvtNJnHSTcJ6yMqEB1Qm7POvEYCckTNYa_pzZlg?e=4%3aZ2abBx&at=9
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda45e46f8,0x7ffda45e4708,0x7ffda45e4718
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1265634593772475327,123478588904981395,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0d078192-0a2e-4a4c-839b-9c3f7b1576a0.tmp

Filesize
371B

MD5
2be433f806afbffe320b541dceb667da

SHA1
741f7a7b28a43a118a4ba596feb2f9f49362ff10

SHA256
38418fc83e866dc98fdeab2a0635712957dc9f3255044086f7e27acf8266ecd2

SHA512
268f0c645b3b3dca4719cb6f5adda58a04191aa8bce8e04b563b33c9d47642bff9f46c538281523d10d9f72c071a7fb76f0431673b6756b0eea117e44711ff90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
30KB

MD5
c7e5bf3fe12ad9741014e523d29df7a8

SHA1
4bf3a33fcf87ba327738b54d1f313cb7a254f3b3

SHA256
f385f5e947ba1118d5fdb5c1eb826292610fbabab9a5f7844d51ce72a7bdafdd

SHA512
a41ff49c2167121beb3c668a4b32eaa01f4fe3aedd7938bb0c5c6ac43af26c6e447c30bb974e1c0720e3963208cf1b65069aece6b41ebae81bf46b239000b0ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
0ea29e66686445a16f34c9364ac48eb9

SHA1
1c19ff52d48897c4b01e0c8de48b5b6d963cfcca

SHA256
50c627d0f5b661e8221302227c432858415d58eeb1d3e92a4c2cbff8a74f7db8

SHA512
b05fb1bd0e0289109679ec5ef556edc83417ee80840041335057e0dcfc309e6ef473ba4bf446de732ce238741814ee88657f11cdd4a11649e74c69acaf131335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
3eab6db97c9d9362c7d79ab2d97d6f4d

SHA1
668f6b6bc3cba428b8ccf0b6940aa85175468bd0

SHA256
6ea716162dc788e082fc4eefbdc24674272493ffc966f43bd58f808109b9430c

SHA512
c59e4ea03c85f20ef3f6dd829846791c260ad3308e88d2d2bb3bc01be5e78535047c74ce3b56bfe54552ebb79fe2d62e1d618a24ff903585140f1b0f1ed0c786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
364B

MD5
9df6bc3a24d2b9d4e30d04c10f9b2e14

SHA1
d9cb0a3b251725578ee9bcaf4cd266f641c97e34

SHA256
9e08748f86a9a772027b4b4c83934d8e0c1a1031dac15c781d2f933ddfca7053

SHA512
a2a9e92644f9add2ab964482769b2dd2d23e8add9218d3264b5e281085a6cd78adcbb5784ea4f863e55add8c7a119f940399db20ce52869f3d5dfbff53dd5209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ba76aabb9011e9453612f2daa418b2a2

SHA1
31473de13b5e4c80d7cd3054237d29d456b9d7ed

SHA256
a4dee74972e43c721732945630e930cd1e05be9aca3c663d17acd67b88108a3a

SHA512
12eb6dd4d2813ad74b5b31b7f607754c5198f1cd2e3086972524bfa8c5e35d25a46052acc9615fca2ec559eeb3b7268b42a6396be4c4a9196fafd1d396d4b833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b2507bebb606248efeaa89b7614920d7

SHA1
b87e00c069e425f0b20f739cef6028b49aab3170

SHA256
daf3e983d125fe0a1431467a96b3f3154f4511fb03bc2357bca85803dc9801dc

SHA512
08c403336b6bc6f5f176f14008c8871057003d969ee57fa49fb53c51ea7f98de1a9d896ebc7bfb5e47558c35a99f7899fe60c3df71a0d0fcda77d6611f74f8cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8d0cedbfd4d7949a20e11a694bb7a4cc

SHA1
06a352460e4c5dc51e8663971b79537f736a9efd

SHA256
3503e0ed8b8aa7ccdcfc1482f1831718eadb820a23bc336e7e892af39f8d5b36

SHA512
9455e250362f97fa4993886a048da47ea84ea92e63bf20f3a6606aa066788e9e753db35ac5277c48f8bcc928179026b1743e9f910e6a29de72f184d6bee4993f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53856d52d9a91cf0463af8fe28bc738a

SHA1
369876a4bd8315b043cbbbdd5ee35670f59b4bc6

SHA256
90308f685ad43f964cbabab9634cb561073af99459c56c07d79fe0f07273af5a

SHA512
b063ba2c929953df6b67d8718ba8cce522d379c0d932aed9d9966fd34bf0ffa78fb16178d3c9b6775cdc7db79010ced2c3f176502d62f9ac5eda42df3f2f15db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
07ddcb983ec5b53ae032debc7492a9ec

SHA1
14aa2f308b6d31d0ac989a452222cd41b5f18441

SHA256
51ddc3d7c049ff3316ac8e96228ad3b279c80d52b913f2408aa59dddd5232f60

SHA512
77685651a92fcc9a353e880b88c1ec10ce2fdd3864deb3fca56812dcfaffb46e59b51ba6e64b1dc4eab31127b0cf0f045a080bd13683625455c4174b3ae35ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
b4f580980376ffc6f461ad00089289eb

SHA1
95e90fa7635ca7b09bbc310680607e12e1f3399e

SHA256
f6e3546cd71d77252c2f1a9271ab8093a59b3abe966a3940a86b2b71eacc64de

SHA512
736bfc41b51ddbb220185bb565ff4e34234db03f128bd78e2e08b9586c6ced9a2709ef1de265a107a57a4791fc06f9949d01ca39ce971b9161a285a326075597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582006.TMP

Filesize
371B

MD5
91534dbf076ad28f2fb5732d88be0a34

SHA1
f46b8e0d2140501f289faacc9e0be00661355a0b

SHA256
8103de80e743070732433ce3901aee7fc44126d593eb8e9749a6f9a088c723a5

SHA512
5dca3c08ffd50fc1524f1f7a49bac5076be77e084bfdc57e699fafdd952d0db25ceb6c4053b2d8fb2a7b5e24c55af513ea74177923c7b11c67c1d94a1adf94ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
39079cfb9bdaa647eb614501705e2aa2

SHA1
15c80f96491846834463a7cc0df531582ed3be9f

SHA256
b70d33512b3f0c3a1ca3291347a541f0d597c64639574bf5b63ec5553f5bff4b

SHA512
3be636b4fb173dc71f579c1e2db812c11f59a680f574aefce02b343f25d79cd4e695bc3ae74edaa611aa350e2d1a2a0955af59d50a384bd0da30f8e85052103b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit