hxxps://romanbeldacz-my[.]sharepoint[.]com/[:]f[:]/g/personal/roman_romanbelda_cz/EmPO-Zn7jU9JpKIFY6Qh2vsB3VZ8dRjCnjCz3r4xBLOkSw?e=oY9omJ

Analysis

max time kernel
108s
max time network
112s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
23/08/2024, 11:42

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://romanbeldacz-my.sharepoint.com/:f:/g/personal/roman_romanbelda_cz/EmPO-Zn7jU9JpKIFY6Qh2vsB3VZ8dRjCnjCz3r4xBLOkSw?e=oY9omJ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "14"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4540	msedge.exe
4540	msedge.exe
648	identity_helper.exe
648	identity_helper.exe
3408	msedge.exe
3408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1460	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 1504	4540	msedge.exe	79
PID 4540 wrote to memory of 1504	4540	msedge.exe	79
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4184	4540	msedge.exe	80
PID 4540 wrote to memory of 4612	4540	msedge.exe	81
PID 4540 wrote to memory of 4612	4540	msedge.exe	81
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82
PID 4540 wrote to memory of 3456	4540	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://romanbeldacz-my.sharepoint.com/:f:/g/personal/roman_romanbelda_cz/EmPO-Zn7jU9JpKIFY6Qh2vsB3VZ8dRjCnjCz3r4xBLOkSw?e=oY9omJ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde88a3cb8,0x7ffde88a3cc8,0x7ffde88a3cd8
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13625452512448522129,12739420464971419013,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,13625452512448522129,12739420464971419013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,13625452512448522129,12739420464971419013,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13625452512448522129,12739420464971419013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13625452512448522129,12739420464971419013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,13625452512448522129,12739420464971419013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,13625452512448522129,12739420464971419013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1924,13625452512448522129,12739420464971419013,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13625452512448522129,12739420464971419013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13625452512448522129,12739420464971419013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13625452512448522129,12739420464971419013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13625452512448522129,12739420464971419013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a21055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
38KB

MD5
0add9ba70f77949c23f86e1ee173bf9c

SHA1
6c84985bd1d87cd2173ccec691754bf74e08ea50

SHA256
fedd26cb2cdc29b369beb999e221bb0de53e00e8f344ac6b35a86a17e6fa5268

SHA512
72d41e49c1fef0ec0a59916545affbd520f421a6c72616432f6c0487ae4543fcfe83f7bf1c95b43af35b93735ca9907217d8420b7cba8616d581c55e8e10bfea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
354f8a542b95aae2adb6b0815fa5bfca

SHA1
e74780ebccf1ddafeabe5780927d9ddd456a0f7a

SHA256
d327972a30284fa642c64aa6feed456220bc44ffe9f30df44202ad5cacedebd1

SHA512
f2972190cccbe06ec0b876383f6be683553ddb8c494c02872c13419772f2b335d50fd6b1400b1e855abbacb3cc2b31f9b01a29c0f94b6c2a39eff39b50cb3f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
7445df5bceda461ecbee03e15ef79a57

SHA1
d377b243214e01bf81d0087e343f4d1ac4dd88f3

SHA256
8aacdebc798bf8f9f6a4622ec856cb77d94945114bb593b3da5a433f033a7772

SHA512
6347cde818869394351545710a073ea17b6f69cd137d8da654ccef12e00eda6c6cc1215c01cbe86c16f192e9ca0f0a9731fa058a804a48a361d9e1cf4f21887c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fcb6e435f2998b2f0a51f01b48db9878

SHA1
7b6a96f6e56f8c779bf7ab77e7e388a09b603c50

SHA256
3fbf9f56f2db5969c53273cba8c64a720d02cb4266ffa5b22ce24e72361379a7

SHA512
67605e95f1a360f2be87dd9f4af1dd078b0b0030bc1494ea3d372ace90ef2c62c9eecc699ab606db54449ddeefeead497a4b49b809e82d2c4a550ec986587b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e8b4167f926ab8a83f09005334defd0c

SHA1
17af6dcf14fcb20e10fba47af77e3840af1d3c18

SHA256
005e03a8852c4efaff44b98c10287099071c6308eda63b460a9db41e3a1a9bd0

SHA512
895ff3a2f7d501404bbbc46b8b943f84ceca8a56a7fab7b498f49cf50f81d3cf69056cbb826c6f56ae203fe745e81728f2dbe1ba878ccaf7c7620387e1190551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0762ae001c7e2183a40fc8ad46fc4993

SHA1
3a5163536a71f0c4d7f5a124cd60e39f1ee6a30a

SHA256
5140a4ddd0ffa424ae34e607510412ffaa4e56aa1172888e7089ae78d1a2eafc

SHA512
4f522c961eee23ec4d9b919d55df170cc5c8f18e9027475e72e23f02f5245760ad5cc725ba0ccfe13ed25919a79259d06d827f7ac350323aea78947387284ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e24ef4635b386f4ec09c3e0583c7795

SHA1
b0d31d6ceca7b221eb3a6401df259f591029a092

SHA256
d2e68bfb43c51379c8133a2cd3b99b231329b14e7ba7b46fd5a4a0300479581f

SHA512
26d9b6e84ed7bedb84abf51fd916540729a15f1f569d94259dbab93f31c5ec7b769c7a3781171d0bbd2fdc1c1e5bab0be0e158d9cee4a60f1c7ead2427e257a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e7df6e77ece3aa4b9a0101406b93ee4

SHA1
1f2c412fd129b4069bb2f0e0088e2119b7cf8154

SHA256
5a5936d2985f2c744e21b741560ce76a0450a9fc87095bc8277bae6ead12f717

SHA512
1338b02f51593805321bf955c4ac8bc4921b3bab808968482856d46456205a7afad94e08718c6975cdfa74cdd1357db0b731235894317f70c18d2d092341cbb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88a29687539afd44d89bc3a7f43a979a

SHA1
5710a1fac534a31563da9e156541b06dbda1c9f2

SHA256
0f739197ce651abb9482114a2e877685e5bea1fb4b3300057517026e256af475

SHA512
5c5f25a59720729a29e0803b11d0608f32f54aed8884b5e84a1e1a1887b1c9f0f9f6ec0f826a312ca22ac68adb5b8943a33cbe7809faa8712aea18817399365d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\180ae02d91a4e8c4e67aba575dc88f27fb167511\4caf4fba-9acd-4949-aefe-0191a215b7db\index-dir\the-real-index

Filesize
768B

MD5
bd7d2cf5a6286a5428df08a70003f96d

SHA1
5fb8592c0a9f2ff81fb2ebe4d13644394793dab6

SHA256
e459c0016cbbe3c0f6cff4d9f8c44aba9c03b56b146ad4d5bf5efad0e3f42946

SHA512
ac65ec9ec60bd0d195919a94903542f75099944bc3bd9846d1141fc9b4db18aa062db349a488e56edca35bf282ff01291b70c8d9bf6bb500170779ec9a12af04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\180ae02d91a4e8c4e67aba575dc88f27fb167511\4caf4fba-9acd-4949-aefe-0191a215b7db\index-dir\the-real-index~RFe590c99.TMP

Filesize
48B

MD5
78458f0759a60491526a47ff31a393fb

SHA1
3081f9c80f955a0167bc44b670801747a856397f

SHA256
89f8c4f55a914f86430c8fd1fc47b5867a180078b72ec086483da37d85dc7eb5

SHA512
042f31329a0e75e7c7a933acca297887b65ffa9a844443816e16124975369135781bf10aec8d00700bf0e8bbc83fc6dc3009ed3c80185af3370d9c488776eda5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\180ae02d91a4e8c4e67aba575dc88f27fb167511\9fbafc12-9c7b-4f7a-b67a-d00672ccce3a\index-dir\the-real-index

Filesize
16KB

MD5
f3dccf556b9cfd4c90da3ed352075f48

SHA1
b6e8227761ba0319726fc4b949e70f9d4db8af31

SHA256
ef715c1fe61cc7c956e3596b0a1478df9b8c7a5ea3d0b717b02bb69e47059dbd

SHA512
5c650b677c610c0598a1ac0359dbf54b55cb803fe57f10605bac14e581e196033a416cf64b6471c7cd65593f1343059755778ced96d580dd834a485996fa02d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\180ae02d91a4e8c4e67aba575dc88f27fb167511\9fbafc12-9c7b-4f7a-b67a-d00672ccce3a\index-dir\the-real-index~RFe590c89.TMP

Filesize
48B

MD5
af7dee0adec245e6db1b6f0556350823

SHA1
491ffbc9a91cb4cecb20d9472ded071db87882e6

SHA256
b77af2a19b664cc0e00b3817b0f35cac75d04a73046384ca81750fc506e0f4cd

SHA512
41c875a1f1c45abdd8676c4f52307230076fae142f1ce50ca959f3f0e2d5aa48de08ceb0addcb75f3dd2636c195f3754a2da508d99bfd430195cba9f46ff2e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\180ae02d91a4e8c4e67aba575dc88f27fb167511\9fbafc12-9c7b-4f7a-b67a-d00672ccce3a\todelete_7a48c130a6a40c0e_0_2

Filesize
142KB

MD5
129879a77da5470f847c451230618dc5

SHA1
c89ccb7e9c74314e166ac253bad056cd1d46ea0d

SHA256
8b605deb16d447e14d438e5c4fb53854c3be923498f30806d5e04a66ce4830fb

SHA512
f57e04bda30d5daf3d1b7aae1829cbb0add77d03d9414191f2df67f3c810ba0e2ab5689e4f1b15995d5372b7f2031dda6d16a8ef8c1eb17a97b36c4b885a925f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\180ae02d91a4e8c4e67aba575dc88f27fb167511\9fbafc12-9c7b-4f7a-b67a-d00672ccce3a\todelete_7a48c130a6a40c0e_1_2

Filesize
292KB

MD5
45558b75dc0559e4c4092bc9caf73b80

SHA1
6857245abfa11dc1ca53ba8d19e07855b49314ec

SHA256
50cdf48dc9647baeb7dc8b9a0f83ef8c4cd1c8e8a5c7c03fe8840f93d747182b

SHA512
4ed87b745d0ce8078de6804dd8337e3b37acec9ea8a0e2e4f46f541892d84e6306a95115b0ded5959a88b04eed2daa507c8797a4324321a830bf82a22e54e9fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\180ae02d91a4e8c4e67aba575dc88f27fb167511\index.txt

Filesize
182B

MD5
9c676428d7acda7a37fec4ef1e0b8a4f

SHA1
5a6bdbe76c1758db8a5cd3ba145b7409c3da6c0a

SHA256
5d57d8e40db24583973d8bc58c07ecda2dec947a3e702543cba954d86f582798

SHA512
83cf9c848b02300219cb2b1e3e0dd8b6e3558ade805ca352409a833dd7de0cea664e8cd3eca0a5895a1521b33a2e00c6edcd039b7476593526d9bc7625bb83c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\180ae02d91a4e8c4e67aba575dc88f27fb167511\index.txt

Filesize
178B

MD5
b240dd1f0bb7c135e7e24c84ef3a2d80

SHA1
2ada25eaf4ef7f38927c8e6217b6a270d3153172

SHA256
ff70ec255b169f97793554bfe2837abf5fdbfe124bff2843cb78e4565dba18a4

SHA512
c2c058e1a72398bc6a5d7e87ef7618dc45bdcaf4679de26d324751901d265c0a96db8ec09e4e66902febd78d9d7267b2305ea2236ab3005533b563bee353cde4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\180ae02d91a4e8c4e67aba575dc88f27fb167511\index.txt~RFe58cfce.TMP

Filesize
111B

MD5
2114014f2e1660194ace0f4357be3da9

SHA1
ffcd660d5aa25697e6ae13a9f7f7558595b913db

SHA256
dca808042fc395959a2dc455b56dacecd650cedbc92e61ccc22b04b4bb48b87d

SHA512
d9059cd5074f464b5a8876429ac601877addd900beca58331fcf6b4a8c674e4b5b588ab0e5df3277bc3818898d70c3a2f3e51694668bd82b296d292195ac8847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
6c0d50011d75ecb0fa3254a24422c82c

SHA1
ade7c636748458aeabc09a45ea0c7c5187f45176

SHA256
0626fef315c772f0446f24818aff4da06d221c8d31c5a6682e9f3eb07cb0a7f2

SHA512
2a72512cd4c0f5a47e5cc022709a1668814a7882a26fede7c23ccafed540c3092d44fa1b9b92813d7e301a13fde42af907a603e45e7cb255c7dbef0ab06c5a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584532.TMP

Filesize
48B

MD5
bbe2640e674c8deece9ff5465274c933

SHA1
16d85347e81a72741b978036df214e260291f23e

SHA256
f7c4930c61df47b97ba3a7771f989330d715002857a1450a40b27c7adca60940

SHA512
d983e2ec293cc35d64aff131ed179e324413940dd01e6c345433e6dc8b9a98ac32206c18ed89a4d5ad91987124710520a341294d952685a0bd8ba51ea8a1dde6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7154fb4c28c20cd7cdf6462a77d8471

SHA1
7b84b6adaa0308e7b400e242a5b53831ed91b3c0

SHA256
cd37207e3faf2ebddefd3f813c0c2c8a9e5260ab9dfbfc66b868588d8a66d80b

SHA512
5c49d2605bf46c7a1939eebe0ce9b48f72951b47aae1947659ceb86f7aea3061085412eadb0fc6ca6dfb79680c81db906e64034a1b5b046888d3a21699675825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a29edaab52ce5dfbf444d9d0bd5425fd

SHA1
91617215e6061278f06567de392168e9ac569aa7

SHA256
84b756720ac56b4975ee2c0ddeee109f00655751e6c444367bb4c42d9bc18e85

SHA512
46138834c174aa52529e59732395fa46591fbd7e58c02ae367fe2d0c8b69d1a4768bba4ea1c3ea2934b6a6870802d24fa3011b8d1533d2106e816938fe6929a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d300e377f281b7b6cce41cb3badfd7e

SHA1
01ed3f7513b52be06efe00c698cf18edceb2e819

SHA256
91b3197e558c20bd10812cce6b1571d54000f9f86471235dbfd73bae2dfead06

SHA512
d25e84e56d9f88f517299cae70303d3d55e110d366ce5dc263c03e65da779ee185eaa69c2c137605d86e952fbde6e4d8720f90a64cfb48620de8ce71102e512c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b1e8b8695ebb50d40df7f2b81b286d4

SHA1
2a51ea181214600355520dee4d7307c2299456c8

SHA256
8a51a4d44dfbaeefc4557f5fa5c7410de73cda7d099013cb1f6669af25a9d7ea

SHA512
79a0c1cf78d7f7ff418047125ffeee63eaedeaa209da9098f92565043028b432d7796270f49d70b8a32ec35557c3926aa17fc46ad55e2c96e1729da42ddca39f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b1897b06fc98037eb5dc819a62614334

SHA1
78684e12aa8a0610dd6740945ddbed5a3bcc8738

SHA256
482ea5ba170246869af702ea7882169b94310841e87bf76a1ec0294def906fbd

SHA512
de826caeb5dd27e75e12ac2e965cff659d4559c9722042b452ce4c71e85b68ab40a475bc5200ce64c431d6cb4ce8a5d03b5754d848c0727212d498d020bac9a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c8755a300359a236f90979f4c5d33acd

SHA1
1b36a2bd709a44ea4eafe25b3678c781372df99e

SHA256
ce14eec6ed76fbc54865d10c8bd17d8459f0e8e62a77531e7228839d0c1d1926

SHA512
f09cef9c9a1f0b410d7d1b124bc43031dc44d4a6801b79a855a1b31626553f4d5c4ca73c2f7c1cb7244f26548a98d8cf8c03e78b0135530f9cf6a63dfab59bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a92a146452b8565f14a4bb4860996d8f

SHA1
4073373f70fb77a01d84b314fc455160f234f44f

SHA256
9c5facc9bdc434e04e319369acb3fcafe1ff53c856541e0760a6ecddd542392e

SHA512
aa9c3b828c1c8d320449c6800e6da4bba72523166c350dcf50b94e9ccd6fe5f0814a35c857303a89cac14e1e4f3b15354dc59abf7db3f551802e3e44b70d59bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fffb.TMP

Filesize
371B

MD5
715709820d68cd00911d373e55d26794

SHA1
f9af1b05eee6533e55f3bdf46da5a57cb4dcc730

SHA256
36bcdef11f98fde150fdf4e0608f963ded58f30ebdca8ffceb579ddab3f378ff

SHA512
0653b244235e97e375f21483c16aeb3a8957beb35fc60d1e0f27b49f24becb9b5633c92ff8e70f4ee322047dc9c595e2bda3fe266a19d46e75ea97274d05ae8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
587ae46ffd3bc712280201b5ef6bd527

SHA1
fa7c14eabb7f20348382d658c002ab9ed193427e

SHA256
2136106c3d0249a3819e3eaa5214e5e29d8767729eefc4f85c5cebb0b76625b7

SHA512
87ebe0dfe95085ca961f5b87b3989b68e534b86925f80486bbc45d2be1362a5b08a25c8c134187dbc680a3823468967095a7de729d073660639b8feb8ee22e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
06d3ec1661a2436a1a8b321cdec71147

SHA1
3f8f2447e06dab6d29297b1618ac4bb09312dcb6

SHA256
47c74971007e070a86a3f15d2c64de4eca179216c88a1e04e1bf300f389493cc

SHA512
25c94334c1b5b772875c1cd753a380e411248bfd118c350aa6d527981a39dd3d6c0beba54b9c067be562ad1b93ed128e44a298a29e84e92709ebbe97ef954f0a

Download Submit