hxxps://we[.]tl/t-RErWU1YgQS

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2024 23:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://we.tl/t-RErWU1YgQS

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
1808	msedge.exe
1808	msedge.exe
2376	identity_helper.exe
2376	identity_helper.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3632	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3632	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 2188	1808	msedge.exe	85
PID 1808 wrote to memory of 2188	1808	msedge.exe	85
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 2788	1808	msedge.exe	86
PID 1808 wrote to memory of 3568	1808	msedge.exe	87
PID 1808 wrote to memory of 3568	1808	msedge.exe	87
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88
PID 1808 wrote to memory of 3296	1808	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://we.tl/t-RErWU1YgQS
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9b3f46f8,0x7ffe9b3f4708,0x7ffe9b3f4718
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=180 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3658395791452821575,10981095263647342530,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db1ed3bbcaa8e96c29a0b57e72bf0319

SHA1
9bc11860837a2bcdd048613ba8dd76d6d77d32d9

SHA256
7c7db5dde536599fd7ffd4dee8e03ca0f6680e662022869057b09a4635b9b87c

SHA512
eb7375877e9b51ebcf8cfc62cf822fdce3fdce837fbbd00d4d54c52c4f67bd82408e4809e1c92f32e9f3edc9e6726910f752fbeaf14704745688b0239405e6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4b5eaf7edd9d5391ddfdb694e0cd888

SHA1
d1f92fbd238c4d5fb6861a83153893568d514586

SHA256
1d5fc1e6da67b60df30ee83dd11359ec3dbe0c4bdddff2f2f862fa9c4619d903

SHA512
1b62d5740572b1c17dadcb83d9e0017d6a8ff94cc64bc024cc47fa92a8180f7c2d18bef79ddf5cac8a9a97ecefd8461b06665e522acb0c5857dac1a2838fc048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
96ac7c1f53f8b75e93cfd8f01ce8a674

SHA1
5bd3248f904e03eaf9233d7a81aa89821c2483ba

SHA256
4f985b7f680784f39c546d0bd476ff7edda35b774fc9eb7a2a32a3dd1a425cd3

SHA512
5f87a5c4530c63bfb8c5701ddc9a320c5b03e6a139c7dbba05f8f5be33e2900eb59db164575426d8fb8d8d5dfe4b9070fe4efcfdad27f7b07127febaac838e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f5ec1a24885e6b67766b47babf65db3c

SHA1
5eb07707a25a0a92f1e935ba03bf0021dea613c4

SHA256
414db305a3a92e2301c3fbaf55bdbd888a889d86f384f710d2a30976a2620d61

SHA512
b13b065686197cfb4d19344e4871a32982a8d881e65d2d769e3776d1d700cc14ff3778323582fdb71f53aadaf5007ce105d0480796f22ffc5d99e72aad44562e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4f63afaf161a0d79dcc556c44459aefd

SHA1
dd600bfa396a9af5b0087d6773a1fcf6507a7720

SHA256
ec0b3f4af6ca93be7af544befaa536a80e39bcfa065bc4106567b81d0de6131a

SHA512
557f26a514f0c4e15e94d7f810298ace21a8f9ea57913dc9389b6e6fc2a673126318b7edf0884b6b0c4fc63d744a0f5d5ad7401aa7e5af093fc25e8d3ce8e89d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
428e0c345df87c61edd21ab9cbc1aff6

SHA1
2446df1ea148916394971c021b173e7eebbc2415

SHA256
111a53c3ebeb1f95ce6fa2c0c8a0c8fb78d9811db10f8d37580879844ebe00f3

SHA512
6233b2be61a74ed671e1ad844978d16eeaa548b3a602b2afa69f1bfe41fdfb788cbc0f7c151c0527cc4876047d916888f4c1cb7e1b56cc7613c732f4e2fd44ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
edeee99ba6a793b338303a64555b72bb

SHA1
46d921b4c019563ebcf30984fb6dc18de4303609

SHA256
999c473eab2e132695513c5c7d01805b5d01c3eeab99871c7334fcefed512696

SHA512
d46c71a036027c655d430aed2cca3931daea5e98d8fdbca722560e39913ab3dc32968cf58e2a4749f7b65f564ff9478f3fccfd4495b438769bb3f2ae7256f1d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9e10b629db9a33c3471a07232aa2f154

SHA1
d23718bcd25b6738ee4bbcd1a98eb6b6f3f2949d

SHA256
a3555c29052a08ec3aee9b19400576ed98e669bc8c69ee6179dd1bbda15b9c15

SHA512
0bc26582ec8f14e6427112640d7b95133722566c910ef84da39eda674f3c5f74ab8a08bbcadd57bd0ba2ffe03df56aee1bc7a658d9b3cf2f28d9626f83d65089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c0063f64c6e1e31315854d9c01a3bd4

SHA1
2125341443e1cdc6b5d29db210ab01638225c134

SHA256
32081627d3ab1233b1b615469f2026b742169d42f1254be9dbf20c74887ad7be

SHA512
a8d8f03f088f461dbeb24fdb35e92f364a749d109a44f7f3e057183f594008e2d41e7180b714696b1d09aa529a4ba515fb3e92dd12ac3ba8d2d4d5e2b64fcab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d7258cc2a36412cdf6a8abf409b0bdf9

SHA1
be1c24aa1d473c20a6f58d7948b0958bdbe137bd

SHA256
55d45cc3b3252ab0c1427d58ce67f7a03f74c2cb24c1a7a98090a280aabafcac

SHA512
48ead67bc55cd67c85367b3bbfbf3e4ed9dfbeebdf8eaac637de8b663856286b4dc50045f025e229d73d62b36f32b49a5f3686a8dd818930ac2b38fd0f178916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
941ea4c983b3cf877ce6e1aab38f2794

SHA1
c4fcce581d0660a0c96d0579aedb528a8168233c

SHA256
3d4479f291d239eec609801437c1962e41e19c53a3eadd2f95342167fa7ad342

SHA512
f47836cc619ea50f24d3804a697bb562781e812a65285959d7dbce53db8945cbbab2f9b8290ba2bd9925f620858918ddc676c082cdadae8444a9751d642a381b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b0be182086638c28a8391307ad68948e

SHA1
8b5c2bdde9b1d35aaad9473f0cc38bfa331c5c11

SHA256
b957b2d756e1c82f9228f7ecb70929cb5b47e15383701396dc0304d645334ea7

SHA512
dd19cd3076b48ac0aa42a2c803e45538fdc68efd4c826b0f2286fe0b8c469f01b3da6d61fe7fa196748385a13c16f77678985a3559037dfe6a08d9a847d05bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4adcaeed1b47e3c11484fad4b5b3d13b

SHA1
9a12fb46893361f3bac684990333962a0d47e471

SHA256
34a54d185d030b06bd587819d0c17893b379dc266d26dc574559a0692733f965

SHA512
1b3ee2f573b02d944cfcf0713e625f256c2d037e3c7792446d75924832d91687b6b9edf489ea8763852d4657818a78504254680d62a710e34278d74a4fa6f893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
64db4bb69a4fd504e15f91d00b2956df

SHA1
11d9f723b6b5d8544eeb1b8808e6a4c7c258ca3e

SHA256
785882b63313651430fcfeb6470721890c455d20fd29431c732817ef61420219

SHA512
eeff9cd39cedee7be2d424e6d55eab647f5ce6172d54a5cdbf93c01ee05aaaef7bcda9b1b64653bc9ddba8c17401de6cd16223ffecf364778480cb318e0f0276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
182c708c4c60154fce88f6bdcc0395a5

SHA1
e67278feea627de38d43240ea9989c24873e702b

SHA256
433f9b7fad4d8333cc6d0f854355c3c23209ad1a4cbb1e5b9fa8d75fdd784b38

SHA512
1eed933823cad41cc69258a70ec6bf75f00098fa7cd9a7cd478a0ea26be1868a281a176d84aabb39099847adee730d0c9fd9655c082157714068de5d2cfea72d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588538.TMP

Filesize
1KB

MD5
29c2f645a732c38d33fb4b9b928cbd50

SHA1
93c1f1c3eaf1bbdfac618f6103d993de472c67e3

SHA256
715888edf3ae59c962618b6b99d07e581c7e6334149e98248e22378e5b077ee2

SHA512
232fd5ae01659c5d8c6aa6c2accc9c2bf64609df3a19c350b5317a67983ccf888dab9b2c99b95b1c9dae7d0eef75d8547a95cc39404d759dfcd2973a7bcd69b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f0354cfb-668a-4d54-aafb-523326002998.tmp

Filesize
2KB

MD5
a3efe5b4c509abecbb468c9886f44b91

SHA1
f390af4317237b37c4702f54a55023f738cfdb8e

SHA256
5e644bf0784e8314a5b0836513bc172e2c6b88c204a0e0f427f7e34fda059a57

SHA512
f50852b210d5a8d8c501c364f0b7f693703e8d5c732df0c3e310430644cf2cbf53247ad0d659eb21136da13c0c5e7710f95cf18ebb3bf1d05422e90c67c73ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b260ee60d4dcca3095eab34c6133d46f

SHA1
2e931edf2deba1eda42dca44a39460796a54ec84

SHA256
68b5819f1300fdc6386c9f0d8877a96aefd380189a750c1e962ee3e5ae909453

SHA512
08d1ffff0c0cf8c886e565adf0b880dde502b09be47fd8718ead8697cbfd955e2b1158690ee173d42bae40b14a35b592517ec6bb539fbd56f8e307a7835965c6

Download Submit