ec9148c9a156de6c003d98717cd76852a755ace75aa52e6ab4c77676a19501f8

Analysis

max time kernel
74s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
13-04-2023 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CoALauncher.exe
Size

391KB
MD5

b2484b5bef98e2666d0ed4cc0b53bfed
SHA1

4b71393540c9f924c194c9396bf7d9a5ac2dad98
SHA256

683bf6c630fecf89d8c91561adcca5854d333679a352c9dcd65f9719f4e37a9c
SHA512

da4fc435d89ea876c345cdd62d5109e3f9018bb56f4b35c6df620ef31d9691222525aa88899f12a175d085295e4214e70f7f0353dc55a1cd98a94b485d1c7592
SSDEEP

6144:qLDn5I7p8hens6LH0DGPRp7RFyeJBbSLzZXfgp4NB4zC+AVC:qLDnyp4ensy0iJLiLtgeN7E

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230413054241.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\07a01a35-3c4a-4db4-a94c-5c719c56eb58.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Sin confirmar 796733.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
3348	msedge.exe
3348	msedge.exe
1828	identity_helper.exe
1828	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 3348	1828	CoALauncher.exe	86
PID 1828 wrote to memory of 3348	1828	CoALauncher.exe	86
PID 3348 wrote to memory of 1532	3348	msedge.exe	87
PID 3348 wrote to memory of 1532	3348	msedge.exe	87
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 976	3348	msedge.exe	89
PID 3348 wrote to memory of 1604	3348	msedge.exe	90
PID 3348 wrote to memory of 1604	3348	msedge.exe	90
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92
PID 3348 wrote to memory of 1772	3348	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\CoALauncher.exe
"C:\Users\Admin\AppData\Local\Temp\CoALauncher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&gui=true&apphost_version=3.1.23
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8b0aa46f8,0x7ff8b0aa4708,0x7ff8b0aa4718
    3⤵
    PID:1532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
    3⤵
    PID:976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
    3⤵
    PID:1772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
    3⤵
    PID:2308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
    3⤵
    PID:1432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
    3⤵
    PID:1660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
    3⤵
    PID:4588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=4972 /prefetch:8
    3⤵
    PID:2684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
    3⤵
    PID:4156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6020 /prefetch:8
    3⤵
    PID:1540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
    3⤵
    PID:368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
    3⤵
    PID:3148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
    3⤵
    PID:836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
    3⤵
    PID:3280
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6812 /prefetch:8
    3⤵
    PID:4384
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff7cbd25460,0x7ff7cbd25470,0x7ff7cbd25480
      4⤵
      PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12983331710132432365,8642006688032320580,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6812 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:936

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1472

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2962f0a3-addc-4c09-81d3-a59959199ebf.tmp

Filesize
13KB

MD5
cc0ed306b15ceee818dbd4180a02bbe2

SHA1
acdb0a62cfa9b134b49ae8d7b3410631fbbc0482

SHA256
4e6ab08752ae80250023d214792d698dc547458e359e30787ff20ca859f2570b

SHA512
4c0f0e12c5b110af7a2f89edc0c8ea240a0b901531b06fade0f53dbfcecd1f2158d63388f77b149b8760683c7e746ec2cbf3de9c06ebef1ade91e98a956ac130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
acfe5b76d42a1c359abf13b0e7db09f2

SHA1
5df0901923cd683d02f8be061481ecf03de37897

SHA256
974735369eaed35b5b1d491ad37bd1ca12e1a4266be9bafc466c5d39f37ee32c

SHA512
603ec807b887f55a64937c0cd9896f8d763bcef55b48f486f87c4804eef4881d9aa7756f0dfa5c13cbba0c7d368628e03ef203baad10591dd87325ea7cb875c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe572625.TMP

Filesize
48B

MD5
23cd68bba5f01fb7de84802cdf7b780b

SHA1
9a0963290f383763f3d1ee2eb523efdad8bac860

SHA256
6c1cb3a91b0e88d52ae9401ed4defa04dd7d31b8fd5ec608615e1c37a0385450

SHA512
36a1b2afb7507e422e20846fd25627e5032117a1f1f7e8684b79057085790938bd4d487e14c7bf6dbe9c64c616f6c1ee724743508cc6e44c22bd81db7205fff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
954141d68404b7ac869a4d4904d69f02

SHA1
16b622ba4ef453cb14c94e38a69f7c0eeeb0830e

SHA256
05293f0e38f02995826cbeee688ae6321a729b940527748df4645caabcd3db77

SHA512
a4a0f466c907e8223486a011888c1d759bb0de42d787972ebfcbba92558301f0a354319087fb089340994b252ba7ca674a6ef2ce2d0fd59c0f119620549c67d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
52837ce5aa462b8068e094acd4982f84

SHA1
c803f961e77a8d288e8846d8b38e465ab9617c92

SHA256
fee54c4a53e7a6a86ee06647b1adb7ba856e07c9e7975aa776ab999461cb15e7

SHA512
441114cc396f5f61beda56d33a2fea7437b88627bec0b0fe519e09bb4bdf73eb7432757bdd15d5d0cbdce8c29fa9d1e717687a59187f581079e3dc3012e16e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8bf44dfa495e747881314b9a6554a2f4

SHA1
f803eb3420ad50523ae50290ccd5eeec69f7f22c

SHA256
df20ca1ba5eb68af69a57599b367dd2fe54aa07aa4a1d77f7b54453d0211f945

SHA512
fbe60f0474002c06c99a640fb7274ad48be447181507b08cb5ff0cf2d16643a63dda67b415ae7343fe449bb1fd7474fd642a5cd74d5c171ba62de090e4b651b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6ebfc70749f81737ce8e8e32d94f6551

SHA1
c85a9049c1b0017e6d4e563ce678c52702a99034

SHA256
17f31b72f573fcd6cd976454c28ecfbf9c41b1978f8f1e376b53a9b9a199d489

SHA512
df3818c3a3e1713fe717c322ac14dcfaaf4e6cb6f881825def421362d8821ab93317592a0f640d414db356fd0bdb0ed17df0036c3d65b9e89a1364def5694579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
1eae0fb77c7036bd4d7cd8c9b079473c

SHA1
e6fad7b37d2281c0d0d72cd9a856f948ac12d631

SHA256
91b106903d9fbaa21703bfe39e70ef6dfb564e0dabbee4e08fd72e12f022b486

SHA512
12f3e627d2bc8fb46e89a347257650087e5160ff00ab8a3cdf2c9fbadc8c9760762fb25c0b5040787df0555f189fb222fb101160a518aed8f71f8553671fea83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a597f4bcd11199075434ff3ebde02ebd

SHA1
33013d425f47de806f3d8e131558b34e372a9005

SHA256
aeaa953b18906803775e1a731f0795f9eeb8c21167874160ef5772e3f779cc76

SHA512
5a7109b03aa869ac1ace0243de390cadae76b18c2d1f0715d32acf3246f015418c6a7e41cf9b70303779f3449a438f7c2e07b107c70d1726afa29d1245d4dff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f2314e93f5123f1cfbcd0ed7289677a9

SHA1
ff7b30e13f264cfb738f35e005dab628cb27ea0e

SHA256
1c99671d03dad421d0ca8c1fa812923462672162c9c1313e643b91de90c8b09e

SHA512
f97656ec011282e504b129679880ef4ca701b14700d2b892dc8500c27df33b01caed4dfd81629af12bfc480c40a18b270c98fa495a28583ec132b915e8a505b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
b5e66e8665b9a5ef544c26a576fdbf8e

SHA1
ab8cf3b468ccfdfe7c67a075c7c975d3d979936c

SHA256
febd28564a3528fb5035db9d07ede3860d6a4a6a89470a7374b0da315f6b5ca5

SHA512
477377a9ce40e442a4fc03f2092906e10213fc3ded9e0bdc911e335a78ef5d036bfc31655e9b6ea89558feac12dd76baccfdb6698d39c17543e3254bb195c06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
a72797d2deb84fcf0f30854d2843d5e5

SHA1
f0c4593c9f0d375b1100a5aa3e6e2968efb3541a

SHA256
2cdc9915e05489335ad5dc2cb57599fd9bac7b03fa388cf63f912f44eb4cf1d0

SHA512
22b8323c28e88064716c354219276cbe0ff313cee4d536aa6b4852d7847913f2b59b4b886181f140e0a64b095f666d6369c9c6bc47cb136c19bb95784dccaafa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
922a3d1e28a4d1d88f642fffee119363

SHA1
657c538fdce47c6e2cdd76a92c3939d61fc9810c

SHA256
23ca30111d0efba54eab4207a410cc4dc8c5f641c7de83aa7b5a52f1ddc006b9

SHA512
a64a92d23a3ec02baeff89362aa70f298727ae3bf64c44dd6542c51949017e190b7398c55f05b1bc12c28f0a0fb1d0cd8a491a8e2b58652b9c153db69c829d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe573e8f.TMP

Filesize
704B

MD5
1503c2c6fcd607b6da4d228060343955

SHA1
5b105b17cd4040c59d493f07239a69dbf77b0e03

SHA256
e816e21c5b8d670d6cf290c1d2255ad9abeb8381d942a3aee90c7267326df45e

SHA512
8026a0ad30f2024ea011a5198f986aed7bc3b92bec5a06bec973332c6a0ed7805b1297fba1ed4475a502467e48cbab4bc6a18a9e16c360c78a3e95f36455ff72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
91d80eed1e2f9491a181e3edb5ccae5e

SHA1
2d2d60a6bdbdb60e81366a2aaacf1fed9018daec

SHA256
7ba9bfa92554a841d8b0637dfd226ba665ae4b561999648ddd836018e5900264

SHA512
553f5927175cd1b5329433270f2aa07808f52289661e8ff1112c2aa664f8b4ed7099b4d192f3c59fdf498edf3e11ae566616755f007e54268ae187091e2312b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
3aefe2cb73236ba3294aebc2d406a8cc

SHA1
b4fec75020a6beb69e07a56876a00b9d73ce9d2c

SHA256
dbbe593495b190a29771a317d013e0747c686d4cc3505287a0ad8194f4828b27

SHA512
c46ed69012ac5a5ea6e85b7afe9494907cccedfbba64aadb16ed3d3fad3dc0d527a7ec1235b301120c516fb2333bdd095f2b312e5c8a28f9bf1056ff7ac06947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
921a71e2748ea527ff05af9e1f430ab2

SHA1
4f1217050a0a71c5dbd37d3c4b31aa18b2676d52

SHA256
66d4c710e29d1f33efd0641f5402809fe1b9bcb43caca607097f0cfb7ff1bc55

SHA512
bab2ff26d106a63726977c7898339a73b54f8ed887c33e58f975b29cd3041e330f63be3d575435105915fd877716d86ce0105aaf55459854d0f6573fc9acaea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d197956d81b18b36e89e7b535379635c

SHA1
1d65baa8e3d8e3184c71ce651ed78f5e4099da71

SHA256
77a436ecd3b604c8ea1512aff9dcbd41553624a4f8a626c2ef51300ca469a764

SHA512
3dc56279c805671c284984716b415d5a48d72c4d68017ea05ed1d1e99577e4108c06f0929dedf42795e616a522e068d04afa3f5d8e2bf8ba9b55df7d60c89436

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
2fef9848642c82ad2e8d6609e7f88e90

SHA1
71ed1e463c033ab6dcdfde2a02ca311121b1c4a4

SHA256
292672bdd750ce6505e3ce62b178fc434dd89545bb95078eb14011ee78707288

SHA512
76ce50315e6508f5e2e942551a4ecad540d74689f924b2116f859e8732c9d0a8000ef659ec95674134ba8a13bf6d74aac4c32167d5e50cb01e828cd0bb77bffa

Download Submit