hxxps://gofile[.]io/d/MqvFWU

Resubmissions

10-11-2024 21:37

241110-1gfzhswdke 10

10-11-2024 20:34

241110-zctjdaxpdl 3

Analysis

max time kernel
1761s
max time network
1766s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-11-2024 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/MqvFWU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
4564	msedge.exe
4564	msedge.exe
2200	identity_helper.exe
2200	identity_helper.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 4280	4564	msedge.exe	83
PID 4564 wrote to memory of 4280	4564	msedge.exe	83
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 4032	4564	msedge.exe	84
PID 4564 wrote to memory of 1976	4564	msedge.exe	85
PID 4564 wrote to memory of 1976	4564	msedge.exe	85
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86
PID 4564 wrote to memory of 1612	4564	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/MqvFWU
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ea8346f8,0x7ff8ea834708,0x7ff8ea834718
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4776301700188962729,5556690388692561123,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
638KB

MD5
37967b09f68b517683b0d06251fc6d5a

SHA1
5283278a05e010788b58499b6bb7044452191b86

SHA256
2c8759183ef9ab339378354de83afded17cdc919a7faf3066a05e02594fe2d57

SHA512
1616ac935a178596377371a8bf113a75b8720f08e731b0f8dadacb4f77c752d818f7408355cbf60d6b4258e78fc390adff481431fe2a2efcebeb9fbd709b972f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
ec8ce299429fcb5c45b4ab91502f7a40

SHA1
399c145f3f41bc6c262e1d9c39b84cf133d23685

SHA256
a9c7e8b9a10cf68a5e9913af2922b1b2f0191fe5c2c667ff95b154d3fb0f3d5b

SHA512
8a58ffe6452978963c8bfd3f604d13aac677b1fd6feb93b2be34016874a3b8417d8d5306f8a7a3af5deaa0869cc21eca60203a6f23ac4a6242187385563d43ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
978B

MD5
49d13413521001e7861d74ebd1e891d5

SHA1
8fa9d5c17efba9b63bf96b73681f5e6fff5fda57

SHA256
f872c971f7fac362985ee47f248def24f0662a3ddafaf1ce9a6d6d489bdf89c2

SHA512
5458be1bb4b667f753b3c2a976ba091237307c7519f07ce24edf7c085fa3ab9a239c230beafa774dcc4a7d54172edfe9540b133d11d619c76e06a2749540ed0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
856B

MD5
89c35bec7b7664d7a78f26398cb9334f

SHA1
7f96e221afba0c62b1a6bd083c15b04961fbe001

SHA256
84a8cf8e21c4dd467d3f99b8cbae2344543e73b6bc7eedac08e142af9af1f2af

SHA512
2eb07220f5c28880eddbb22d6a1ab4978971a0e5fda231b3275f9bfc79edd72ae26555424440519deefea759667183d0b54d293e8b37550590dd3f50ac8729bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
978B

MD5
722a58af8fdbbb699dbe4c8fc2de1b90

SHA1
e2d321e782e3ef8a4d79a05c97bd97bee2e9fd7e

SHA256
87d55bb832c6fa1f0229ba8966ae59f47f4b2c311f3c504f3a1e1db006243a91

SHA512
755dc634181f804279960decbb7f7f49ad655e68c083485127f40f7c3492eb31db5468337b3e76bdac8ef25255e2d7adb1c0c8de541ea01aa6431b150db8e295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
978B

MD5
390d228fa67dea18d5b8b6c3cb67a704

SHA1
3f142c8a72a527a9be4d99f66c5c8e99d85f54bc

SHA256
0ae4a5ec7e62644229532b67caf88dfbf9dd44c0dd2639e63c1a5b616c4625e3

SHA512
eeb1143dfd5fdfb77df6c8293857e595f588e5aa6c153f454ecd4ae447aafb3be433062d2b0ab8d1fe5517d43c6c5a7d0be4573bcce5255f17c113cefafeaf74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
978B

MD5
2f072e816170576b35ec0c498efa3d03

SHA1
a0f15331704865cfb262b95f446ab1830a5a4b22

SHA256
3326fdab6c0350e72430d08866c28dfef4e59ae6ecf0dc011b58883a60a0b02b

SHA512
fb81cd98757e1194e800210f0ac8f936be601a5ed31d9ace121a43b29108a669ed69df278328edb8bef3331f41bb8a33ab86d7678999dd70a820c9d63bfdd649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
978B

MD5
ed40fe231ca82c35983c62f46a4b871e

SHA1
d93af3a7c0f3070fc0737d9294746edfe6982258

SHA256
6662a019331e7bc0d9a4f9d8170ec9fa3eb76d4d0893c993e779ed0a6a225e98

SHA512
f2fbb5758ec69375048b5814ded2e55539274abea2e7606785c906f303ef5d1428920c84bbd7713fbc8ac716d06a91500f4d56bd95c1986c27f44def2a591fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
978B

MD5
ef52ad13e732d4111e68bbf7ca03f00f

SHA1
eafa5a917242701cfb70bf9bd665288e143493de

SHA256
8300e1d7abaf5a374f6e7dd14c9b36917cdb394cff1bcf19447a6a76025f4355

SHA512
e406e8a9483ef35f076cffb50821c6597e6bcc9e21dbcfdf510435c6e4705325f1d6e3d28ec4fc7d99a458cd78ee6507723ddf15e7c7c8b5becd9dd1927268d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
978B

MD5
0ebf88aafb4f346947572bff8dd9093a

SHA1
f025d5140132e2f09f6fd373ff4def7bf40120dd

SHA256
039a233758792735b20b3c7ccfc2322a986d4795b55c4044e299466a730e00af

SHA512
c86a090cd89fdf50864e058008dc9847547bf4eaaf9d79f1a26d3c1b93eebd13fca081e4ea25cbc1f36d068bc5da99c74ba6391bc148d001167c93e8b0cc0580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
978B

MD5
31970371e38d823d475161c091995072

SHA1
1e267955ca22315883d01762db711455b09d4a12

SHA256
032bac7338abbefb1bf83395514d1c54f1d46239afd21f522c8668e473f47326

SHA512
42ca9329e3d75f4fdb3d2dcefe09fb10564c1ae074aedf24a5b8d25d30363741bb9189ed43080d81d4d53afde7cc3142b8fc1bc0275a48df8bc885258e666498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
978B

MD5
b664faeff5cab253147dfd1b51af9b0f

SHA1
e60d781e14122dfea030b4ce759ed0ebf5ef2ffd

SHA256
91d52953c4bdb31a680cc6214249956f1f000b49d465b00179f87d62b6e77d0d

SHA512
1efec2ca40be75056d3b9b9453d9ddb07841a95560a734f767303be931b483d6d51fc430733c6f68309974852faf9dc6aef6db887796af77c32468cc7b087b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c10fdf32ac7aa502da90260d295c0041

SHA1
183349a3ed0f042a8557208fbf198e9695a0ddac

SHA256
614c327743559a604a36d9013d51c613b0298f2f319064620d368ce75fa06cfc

SHA512
ef517b000ed6801388d2878eb1ab5d68939e51643ed169c3304dc784749bb8abc039921dd087049d3c6c157ef74adca281410880b34aa7f20d81e83150a652b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62a70928cfbfeddf97072b632f5e241d

SHA1
4d2256dff3cb54c23f30dd8850b3091e512d7d47

SHA256
c4309114432415532c649204a3451edb29afc624f059d509ee74b8341ed7beaa

SHA512
6610b717c7940ffc4bd70875f2da6c8ee33ae08cef6958f7b011f4d2be6a68a9dbf0cb76513389516fd05fcffb7a7e2028e0d0698e6baa7fe84e6c41493d7d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0977beef3d8a3254ebb99a5dd5f65681

SHA1
b1ad98231225a608c4d40ab7ed82bdf0149b81ec

SHA256
415b17de5b3e3202c31890e612f7b4e07115e86154e41624cdafa6aa6132c788

SHA512
2d0e2d9d30b0e12c5753f8e1c40c48793935f51b7e543d7ebeeccb78528a9dbf2699e4aaea4678fa0be50854a1ebbe5fd55813a538e76bb49876c8bd0859ace7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ae82cfe34239016f73a4087351a36a40

SHA1
1905d9780ae9394c073ba4f4ae223989e8dbd042

SHA256
bc2f2d36bdac65e77acbfe15e98283b200faee2f71f57e5fece5114d912cdc86

SHA512
1e96c864da7a671d45af1ea244f5bf67dc1648435b9fd8f0c3cee2b6d0c9d901649b73dfaa1a38fa28465f6b66dca516dffea5acbea93d50ed6cf7e78c551a73

Download Submit