hxxps://wetransfer[.]com/downloads/75f2a6310f58b08b63241842bd8944e620241203191706/8cb1c1fff5c2a546505fc470777f5c9120241203191707/2f27a0?t_exp=1733512626&t_lsid=35f96c30-8840-466c-88bd-3efd4bff64a7&t_network=email&t_rid=YXV0aDB8NjcyM2RhY2M3MTQ1NGYzMTQ1YTRkN2I0&t_s=download_link&t_ts=1733253427&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01

Resubmissions

03-12-2024 20:23

241203-y6mr9asmet 7

03-12-2024 20:20

241203-y4fk6aslet 7

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wetransfer.com/downloads/75f2a6310f58b08b63241842bd8944e620241203191706/8cb1c1fff5c2a546505fc470777f5c9120241203191707/2f27a0?t_exp=1733512626&t_lsid=35f96c30-8840-466c-88bd-3efd4bff64a7&t_network=email&t_rid=YXV0aDB8NjcyM2RhY2M3MTQ1NGYzMTQ1YTRkN2I0&t_s=download_link&t_ts=1733253427&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2432	msedge.exe
2432	msedge.exe
4888	identity_helper.exe
4888	identity_helper.exe
1668	msedge.exe
1668	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2508	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2508	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2148	2432	msedge.exe	83
PID 2432 wrote to memory of 2148	2432	msedge.exe	83
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 4048	2432	msedge.exe	84
PID 2432 wrote to memory of 2924	2432	msedge.exe	85
PID 2432 wrote to memory of 2924	2432	msedge.exe	85
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86
PID 2432 wrote to memory of 2288	2432	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://wetransfer.com/downloads/75f2a6310f58b08b63241842bd8944e620241203191706/8cb1c1fff5c2a546505fc470777f5c9120241203191707/2f27a0?t_exp=1733512626&t_lsid=35f96c30-8840-466c-88bd-3efd4bff64a7&t_network=email&t_rid=YXV0aDB8NjcyM2RhY2M3MTQ1NGYzMTQ1YTRkN2I0&t_s=download_link&t_ts=1733253427&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb55646f8,0x7ffcb5564708,0x7ffcb5564718
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2360 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1171554247850840478,16876951851215955169,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2300

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
1024KB

MD5
c14c96873ba0e7effe6a961e7eed92cf

SHA1
d53b7403fca2d43b4be83ace29afbc623d0962c1

SHA256
25d5f51eda6f1f4d340bc97f80ac178ee0491df3279ed98dd4a3ff0d6a90b49d

SHA512
0a08ded1390fb3b5305f0eb8284f2e8041a76125a055a84e6e29552e70b12851fdba0c04061116c8ae30a5afe102708c986dc188aab436b487e44953fd681480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
655KB

MD5
d79040171289475bd65068373d4e1a92

SHA1
dabfab41c5ab4b4a5b1cc1ba740c1548d475cf9f

SHA256
5b10481464b1b404144dc82326ee1d22d8eb21c3e046cddcd20b403c11a5c6d3

SHA512
5444566a3394d3e990037f455dae99bf8992cd07e21290478dfb9f6fd085c60fe18905aa66a0979b2b6dac98fa51ec5fedea2536e8d55014ef4b1aef0dc2d3f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
616KB

MD5
3abcb98c9f2efb2a89d804679739f07a

SHA1
6182f9810348f93970da3c3b61ca7ab60ccd1bb8

SHA256
321cf89231bf90fe91fdd996ceae9a8a8518f9ac0eca4b22980fa729de4087e4

SHA512
337be9f17da6ee1bef6fc82735f249606f953738a91c1fd0f35b092c08bb5d35f25a68450f9975f18af79bd7b6e5102ab50a947fda26cd7ab537714c3733f2d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
567KB

MD5
fa392c0ce2b2279fc0bddf3109093b6c

SHA1
659c9eb88e6751de4fa60d8b9cb55579a762597f

SHA256
3411d62993297cc57e0dfd14273d83809693e587c86b8b9d3572fa1b201ed7fa

SHA512
b18a64567194d01fd409f9f20b069a04decab8668c1e263f081555f33b25900bbc3eddfad1860c7a64922f7f71023506f60f465fa128c244540858a1a25a1bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2a3fd6390b31658df4cce14e7708ac04

SHA1
ae461fae742c95245597f8ca648f490d6942777c

SHA256
902537f8090ef29c1c244d6fdf540795ad84348d3d52d3e7ccf1e6cfbfd41758

SHA512
af771b50c1b2c77e05483f54dacb7f631c8963f48d52715b0b9b1b307b33372a33db64ebf52b7eebebb350cc934bde186b90716faab43e3dbf0077b45ba738ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
78bf96a1cf1f6d3c82030d90c759341e

SHA1
128da7882df6799acafaa8e648d3866257a17e4e

SHA256
08c3160f6a33aadcc19f3793e158a257d28b63c1789003c7f04f6713a6626790

SHA512
d7c347c4fbb8bf14cd35cf5a7debd652fda2d15fc852b63dfa8c3ff3a2c56398fc54263d853a45b06a6d7f68519ad6208bbf750e2bfc443c13a70c83d3c55b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
24eb7de29513ea63aad6661d493f0980

SHA1
2afab779d41f594748c2b083db22cc40ea022cd5

SHA256
8e615a68446aaae493fbe240f33e97c87902376c57f2aea77e1fbe2a922d842b

SHA512
f824cb3374f105eeafd490cf9956796df31f8fa7f898fcbb98ab2f1baedef1df996e915df8cc8ef8400d9e6aaf48104ec7e346aad638536f3c02f4c863ea8770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
df7c234157208d4a892899a459985000

SHA1
1df84b0d3aadfcd1939ecaca299facc50f8c6b7f

SHA256
9e812157cc227bb8ca06097876c5b03b3b5a1a71d3a5e9f32ba88c90fc0ea81a

SHA512
28215a6d95eecc743fb08c2de689914b7f8390a10c14d39a09e1ed8057ab7a9fe7246ae4aaa3d0e73990eb095a4d5015b92a70853aec62ec77676f5fa9c006b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8efc5c106e617c75b85d198f04add09c

SHA1
34fdd585818c89c8e331e6e68d0eceefcf3f6d7f

SHA256
fec97e303879997b8bcf7ac171b1f8d2f921fd03f33d9ebce08cdf3a3440b34a

SHA512
49f3d4c56c04a269ea13d1e3105256ad08a39c8300290adf38a94143fdd40b20f02ac034dc782665523b1591bd15acb0056298742aec1bd12bdf67d1e7b91d3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ba40cfa6b79e18cee049f5e71b0e636

SHA1
10910eec353c1149aeca31c64f74c5311864d8c6

SHA256
e076d35a38c0072b267cceb7ade481e7dfbbe156dd0204c234e336d828774970

SHA512
6e0113f73881151085ceac30af5b2feadfc54b840b43c7cd1f17921b16eac5e9102cd3fb7a02b46ac8d31255805009403b087e657ac60c4545ecbd6ada1f2dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
134b0c6483780084aaea5a65673a9272

SHA1
39a2f7d244de0059a976b9f9bd219a1467c6d01c

SHA256
50e9ab221e1b12ab5c6d3669e91cd0c9bdc23e22def8d4d0bd05d7f6167d6042

SHA512
14a16fcf1df7115ae2c699b1dfba0187e34c9eb3632d626607b65b8d15963932b6f13654eddabdf56bcc4b7829a540b46bcea3ed71c96e899fffeb27aed92bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
57a2eb155db331cfe98899be57ef972b

SHA1
3e63d6cc5cc85a410a751074df358292419f1773

SHA256
d08e2c3056d9ee4e895a36d9a7fb0d27378c2b463a8419a8193aa4a0af90dafa

SHA512
1f937502e9ed9ee4547e6096f8ec86bfecebf281c3903e807bbbbccd6f71a0f401a49439428222160d5d090d3aefaa060d0464b622d4d9883a03aef962f6c582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5844d47463a1070fa6a9ec3485b85d3

SHA1
387b69d5d3092ad113c279ebed50c5efaaab6a51

SHA256
66a008aa47c94ab63dd07012474e63532e75603a68ca07a57a2ebcd62dac4c76

SHA512
74525fe851e7e3d3fa1990cc7d1be8e95e1098840ea20b11c4530567f149243134e3207a833302db6fdfd6b96478d160824ed510dda14b7216af097a0940e503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
526854fb1a9ebbe52efbc06d25d98dd8

SHA1
8efc4b33a83cda93d8a17cbe7c5d05b32fc55126

SHA256
b9b1aa68a31b72bf424130c71c5927aaa8db0756a48ce61679f268638bb8b719

SHA512
a75a1e76cbe8c3d22c46969e531fe9d5d7cc3b0654d55614b72f0bde48ee38b1b7c70a2d7ff534d2d892ef60dd87cc5851cecaa47d82623603b27215ee6e2637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
be3bc642d02856e5dd717803ab261740

SHA1
8730e1319d2c6776538c37aa2e751aa38183eb07

SHA256
cbfd4426b5afc98507c77f80235b203033633b8759f1cc85ccb30f48cf077858

SHA512
fc3f4aafa1cf8e58e31aaa85879e58f715f91e9fde8ca6020602b3c938baf4235a31580e09f6e977fb345322e28137e70279f778d77832aaff8dd8ea9c009c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
65aff0c472918ff52e087629b2e94bcb

SHA1
6616f218ca1cd77125d129b27a106056d0e12ddb

SHA256
238db4a559cf1135b42a86dc41628ccf5dc20a6b5b873d943d54f21b20c04474

SHA512
ea670c97937335e167e9b1ce3389030dd23a0324f521dd99b09565bbedf9ea4afa41beaac7da775a40d9254c98637c4ef17f65103bd3ce064f7b93bd59d30118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ec0.TMP

Filesize
705B

MD5
5c8bec91b024285b8b5be26c6d053921

SHA1
8d12495dc425b195ee265b0605a3a8f91c761136

SHA256
e80829ebf001b8fd7086ea51922284ce9625a7ddb998810438cda53b25cd0184

SHA512
018402c91ace342d9bc8de115262db7295e4dab9fa4092557aca02f99910ace13d6021a5d394afc77cf57d26016e4659b2ea838d6beb98d1bb43f05468965674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
efc82a4b12dd9fe0ed3035ff7b2333ed

SHA1
17c59fa1980451cd2c224dece8722a9557f1f8ac

SHA256
87cd209edeec9f88b7b8ae4ff32d0cb733957a0eb8463b43a2f108e3970d96c5

SHA512
dd92017ce4b8eda5d37fe3b67fc0795e31542a8924cbdfe461b3ae56c3a9a6a9458c5b4fa2cf00b9a3e43216f322e6ddc0e4df6acb7a1c2466d9ce7aee8ad245

Download Submit
C:\Users\Admin\Downloads\Data Specs and Company Info.html

Filesize
83KB

MD5
c3ce3587f379277bc16c69cdb8598b38

SHA1
e0ba01df132258f5bc8e07b46775847945b38cd9

SHA256
b8516c5f7b348c5c0c9d90f675eff1e926c5cc6e34061a771660a36a4956ab3e

SHA512
7ec6079682c861492722d920d0136fb1eebe9c07d0e950df6507c86367453092b2f87ddc20a73a9b547b3acd6f469aded8901301a25824783b7da4a79410948f

Download Submit