hxxps://we[.]tl/t-xhTr6grkUG

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://we.tl/t-xhTr6grkUG

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4924	msedge.exe
4924	msedge.exe
1768	msedge.exe
1768	msedge.exe
2284	identity_helper.exe
2284	identity_helper.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4400	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4400	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 3788	1768	msedge.exe	84
PID 1768 wrote to memory of 3788	1768	msedge.exe	84
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 524	1768	msedge.exe	85
PID 1768 wrote to memory of 4924	1768	msedge.exe	86
PID 1768 wrote to memory of 4924	1768	msedge.exe	86
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87
PID 1768 wrote to memory of 4192	1768	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://we.tl/t-xhTr6grkUG
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2e0146f8,0x7ffd2e014708,0x7ffd2e014718
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,13471670865705706389,14449325304998087958,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5632 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2716

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
1024KB

MD5
3768fbe44c5960744a792a76af4e8374

SHA1
3ed0233f64203346ec540058d10cbd1e728c8391

SHA256
3ecd8b524e9414171322478281c6c1ecfc8aaaea19aa1a3b288db0952a2e2255

SHA512
6a2c863d535048689038cbda344ac7eee59ec6aacc98c365b9c5a903c4d1a049dc8aad59c9dc11d587d39ed76c77da05d2fd08205b7cba214edad0d42743a774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
46KB

MD5
6dbab1c1c6f168db27cbe727e3ad7fe8

SHA1
e943de16537a3fb2bdf66e204ee35def9d0ed817

SHA256
c63eda1f9ed0df863719c3f5e229bfc00557354cd4a0ca9c61c57ec50ae97d71

SHA512
0b0128954c4c08ccb423544784ed0dcf3d529647fe4abbada963d03836b3a4612f88543b4281991abfa22a2c8da4c0d25f07f1c2c389b6981191732e57401483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
27KB

MD5
ff4429feba146d5a8e608db1b13cd9b2

SHA1
d459521f7418a066c06d1fbffd02f86101cea571

SHA256
234796a01dd3b44e82e1868f1ddd7c8a2ea603c29d7dd36e97f849cb058c13dc

SHA512
cb13406328f7bd8c382f8a6ddeecaf6be43922535231fa8c30cd07bed58238f160e37f924dc709f635dadd7c8bb3138acfa2a99d38e1247ad8c3b23388cd7469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
7ff50e242a0565c08e60f8a112969034

SHA1
43bb601322e2cd76710f593acf2908b548c6cf09

SHA256
d295b364301835d06c027232b69624da6a88f686ffef4eff9316ca9c03c0acd6

SHA512
9d9e0d960cd17336b39ba9b117ff0bccbc7ba698f11df1538c92cb3e3fb568234578a31dfdf6bccaca809352213e9e67d72e2c1753a8c9fa1ff51d41c24e4a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
87ecde87939b2a44fd7614dc55222204

SHA1
31844ff980671907e242143aec1931b537248263

SHA256
658ec98a4f26f2e5d6c3d48b2ac64502eec904a746cdeb8b11ae6836b05475d0

SHA512
b65b28dd2f35fac60acd0339fd4cecba68b8812aae699bbb913e205cf29cf25dedfc87b77d8b5cc19d3cc06f7908452718249fdec20dce410049a529bf7be39f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
c295f7f7b1d9572e426b8cd53a84d1d7

SHA1
2e329f50d7a9b7453d22dd011bcdc5df2f5cc4cd

SHA256
3d22e864c4d580d74dfaf2f90b65db1c69eb2557da91aeaa75c7bca71c7917da

SHA512
a782f846e4909ca10b04e906c49ee6d4f13ced1e71eb37c485dbae483f52ae9401fd1e0a3a09867741d02931c57b2b3a07f3b7bbe9892c9eb1ee10f97d70cbd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
2ad4f9ce3dacbdc0b17cf117a43664b7

SHA1
910566e8f79b7eeb06159b6bc70b3acda07ce4ca

SHA256
a74e645af3972e0e9a0044331bf76c3c8c07a90506200802ed00157de56a8139

SHA512
2a7398a13a654a30548b1650dd4b89e4a0e66617c1dc3a6dfe327ba109565e81acc7514476b9d0c8dd422b4223859020bb82a256003a63b2bdbabdd24d87f6b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
71c95983037ddfb7e195079d08fa3ad6

SHA1
7218422b38ed195b33b91864ca7a04dfd4c6b66a

SHA256
36065313f6acbefe8cb65e8a54dbaee7878097e531483858374313abb71779dd

SHA512
15c5b3b9fc1f66d590dcae89e1b25ba41e14278e2ef184b3c446739d98d91ebe9b066457faca32a4fb9e5372c164eabfee96b47959277c71019939a95366c4bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a5bb17335fe9bf5040f19860c181844

SHA1
16a5fdd3ac7589036093142be176d79d9e8f6206

SHA256
6a55406a4cae8d8d75f8cc7d18acbf3fd16641d2cc62186f3316e889e5f0fe9b

SHA512
0ec5ec1c0dc4be031c427f1dbfb2a0c859b9ab3ba6cfd724e1cbb481ebf8e6b945625ae1e790ff4e19b8b792aa96b02729ee29872bd1cc8ccdf2a1218c5d8e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
799d861b23867c6ffff55221648a9214

SHA1
a318499b69912ff2a57d745e7d1bbd9a4a9eafbd

SHA256
5a40cae41d3cde1cea26722ce6b475e518f44590dbece4856ae57e978cf26959

SHA512
80a08c14feb2c70719aeff82cb484ebf8c6e6b11d73deeaae456df6c8be85c599f809995017553af71b271f2b1c85943a39175a21d3fcda612f8fbe938f8cc36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
756249a44c1a44f2c974956c41757763

SHA1
3f36561397e92eedbe08adde3dd0b20bc45f4e00

SHA256
8e6496b013c2c7a422972bd9e8b8c3420a50bc1397c8a85eed499bea836c4647

SHA512
55bca231af8686cc173324b3e4e7e025a5616702a0754acf167ac410bcbeae3c606607ac34514899d2cbf11afdfdabfacdd8fc2338b7cf70981336382056ab7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e057177d8398bf3cee069bfc5253b060

SHA1
640a1b1810cf4e5975c07f5862db2708954b427a

SHA256
8ccebd659bc6e02c1a0072a2cdce26b6a0c93c3d25652ea6dca2f18039344369

SHA512
005797587748d1d4376cb07daecf98347c79d3782441110d1962a30b7c4dc3fa6b340d1f2098baab99cf828024446755087749d5eac27f0be04010ff3c8f6a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3030f466cf05487b5c1295db6cf0c36b

SHA1
425b20949fdd8ca9fe0bbb52dccc66d24a833b90

SHA256
99d4718e12b8a40513024a48e06816e90a3c5867c5d41cf86a51b4be07e15f8b

SHA512
cbfa98558a4deedd61fed6e5e9682664a7750d0a7f5be781ba42f42861cbf45cf11294fda580fcbdac18a7ee6d2546b10516f277212f74eab2aec6214de610a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4ca0d9f01a84e60f0dd61ea5c5d3837

SHA1
1d0dc531123d96fd796ce3562fa9e217eeeb18c8

SHA256
11627318d28236638f22dfad2246236bc3373712652735ae0f98ecc9bfcfdacf

SHA512
ff31bbbd297bfc4a224e27ef22caeda0856a25a4e834badf6a96c29e971fea7e8dfb789440f180315225dd3429ec477ed7bc42271b94de4296daa4f7d0bece8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5931e6fe5fca4e9e6a0f6e01b223bc20

SHA1
f9ed6f86c34b2c31291b9aeb0d587a35986d04c9

SHA256
31acbb8f824fb58b33a3471f1dbbe4f13414b12837f575adf4219b2f397a70ac

SHA512
7948ef950aafb383f003d70887b4de05133fc131e57b756c57b05b169a61504a92d115bdba2aa007daf8c4e7546c159e360a6f60d85036dfde3d3375dfc2edcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e167.TMP

Filesize
1KB

MD5
c936f2e6cca2ba0931ea233173cf151b

SHA1
b89f92c09f51c194d9c624fb8e1c65b53c04ffda

SHA256
899ac31a97385f55569d59f6a11b7bb940d9ef41910cea12623f5e62ae0100ce

SHA512
dc95b253103ebbc612a5b6be398bbe5c8b10ea872f3cdc78efb89c9403eab3cc6beaaf454fcbec0a8bdb1db0cacf5cf4ca22184e384a2c2353b73bc8420adfd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1095aee1e3a058804802751b89011913

SHA1
72a3638d833c5e8f3f5f4092b8db3ef23e2ce38d

SHA256
dc861605f8218e36e5a8ffa9fdd169700132cf86ef1f09456178ba609b278200

SHA512
895cd5e9617d0280f897a105f974a2e745494b72c0de5556b97a112eb4d2c42ae7ebaf5bafc4f10f41fd032b1a042697d79e577af9a6eaa2da5d1d4a40736370

Download Submit