6ae2b903b9e73ecac6542c15a01cfa044c06ff575b8f86e44e03140a35bea87f

Resubmissions

20/05/2023, 17:02

230520-vkggkadg24 10

20/05/2023, 16:58

230520-vg8fwagc2z 3

20/05/2023, 16:56

230520-vf35rsgb8s 6

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2023, 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12.bat
Size

49B
MD5

354ee47d9b7f0877aaecd8db36e01468
SHA1

9bd07f39a7b4980f4565c6a3a47f15d783707df0
SHA256

6ae2b903b9e73ecac6542c15a01cfa044c06ff575b8f86e44e03140a35bea87f
SHA512

20735574ef7634039d9de979e088193eb63d0682c602d2ecaa0296b72e5636de41b53a802d6ce205fc7334c7716c4add716de87205500c0384a55a5265a653f7

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\4e6a6280-f815-465b-9bd0-78b8e1939412.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230520190321.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
4548	msedge.exe
4548	msedge.exe
5012	identity_helper.exe
5012	identity_helper.exe
3908	msedge.exe
3908	msedge.exe
4112	msedge.exe
4112	msedge.exe
3548	msedge.exe
3548	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 4548	224	cmd.exe	84
PID 224 wrote to memory of 4548	224	cmd.exe	84
PID 4548 wrote to memory of 4844	4548	msedge.exe	86
PID 4548 wrote to memory of 4844	4548	msedge.exe	86
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 4476	4548	msedge.exe	87
PID 4548 wrote to memory of 3028	4548	msedge.exe	88
PID 4548 wrote to memory of 3028	4548	msedge.exe	88
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89
PID 4548 wrote to memory of 4956	4548	msedge.exe	89

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\12.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Xhackerprog/XWorm
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8ae3746f8,0x7ff8ae374708,0x7ff8ae374718
    3⤵
    PID:4844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
    3⤵
    PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
    3⤵
    PID:4956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
    3⤵
    PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
    3⤵
    PID:4220
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
    3⤵
    PID:1936
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:2032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff665395460,0x7ff665395470,0x7ff665395480
      4⤵
      PID:1652
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
    3⤵
    PID:544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
    3⤵
    PID:4704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
    3⤵
    PID:1828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3176 /prefetch:8
    3⤵
    PID:4256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
    3⤵
    PID:4464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
    3⤵
    PID:4392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,18407025006124472205,5600171122288787740,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5536 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae2c65ccf1085f2a624551421576a3ee

SHA1
f1dea6ccfbd7803cc4489b9260758b8ad053e08e

SHA256
49bfbbfbdb367d1c91863108c87b4f2f2cfffbbbb5e9c1256344bc7f52038c54

SHA512
3abbfbb4804c6b1d1a579e56a04057f5d9c52cfd48ecbae42d919398f70da2eacd5a35cb3c3d0a559ad3515fadb1734b0d47be48dce0fdd9fd11578948a6c7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c3770be634be8da92e71a3f9f76d79d3

SHA1
f4538b79d313dd46e55d1fd3e6ca3d4681fe4c3f

SHA256
23549094c00feed7abf21e56caae3c8b22a7bd89cfc2f5ea369cf13259273432

SHA512
09c1a087be6dcb49fd0725936571946266f31298f8ae141d59b9ac60f3f0fe8e7d964f661818d72682633845b48dbb906d8c89bb33bd2060bb4971b3e14fc4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9e086ee8a92e053338bb292f9d53f51b

SHA1
11bf5d8c17811974c7568aba07c45405ae654545

SHA256
d5f79f11e9e9d66a443c09ae6f02bca97a9b3fd21963da18ed230b0f1fcb9eeb

SHA512
5ce86f3f84811fab3de1687bfffa813f64fd61ca3a066851d478e5794a18962685632e1f1a291a8038e6016ed0f5bbf0743a04bbf3a806b1374d8f1e4823bf80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
35e4c90df389ca1a864dfc79881b1781

SHA1
24fd262347b7e47ffb6444ddde283958bc0314da

SHA256
7a2f464f24f0959fb806b93d655dd542a3ea91c57026538334e57450673b69d0

SHA512
9073eb2ab2576b97ac5a78ba9293d25f54e43832bdc7e8b70ee0fabb620513d2cf83a3555c28e4ce7b1aa40c82b827b4681b2e187da6a1161c1f04ab043ee2e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
c0b6aa61cdf1c854fa81782f62af5d85

SHA1
29ef74370ccbe8b13de8977df96f7170a8adfa1c

SHA256
ce968a549c0589d2d217e39d73e42fdc574dca386afd384db7dccfb8f8c7476b

SHA512
373be5560c7b31e855f9437368ef269491620507970340f1e128995b1c985bf146e49d5caf9e190ac36465b532ddc3abfb7b8cd0c6843e6ec94a848713cd01ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
29d5ccb9d97be7e71a805e020e215f5a

SHA1
ad0e558b2883de819f155b4dfca2233918c40001

SHA256
36a9bcb2d802fc0f3cc268d78b0c89af6382c476364c443de562df7cd3c88d97

SHA512
d3335b34a04146a35ee6b62519888226a22eefec7bd0c09cbfa2d2abf68e0f095c8c9941fbff96c51b7c25e0a804641303388049195d41e9a43590527e56a445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
ea43406ced6c83edd9e5619e76d5c802

SHA1
51ddb3f1f056a18ff3c8435a2af9b4f1960cb9ca

SHA256
e74096c28f178d62066a6bc361e82d1126791b313a0b88855ee238d2ac474a04

SHA512
257b9cac355de9c04865f8cf471be87dd09048a08b4e3f3c401f5661d71e5f693dce53867f5130edcae663c0a2d13d23d9ec9bfeb3dc8d539619c0716828e146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f48783650fa7c3a60ea952e4b8513e0

SHA1
f47abf31292e1852cf5bce658ee925fe06a8ce3e

SHA256
c4bc0c9b68b24239ed2cb60fa9e827366c3581851847da22e59f4e64eb6c0e87

SHA512
4c210b281e20c50a5c7c096e7c4411aef15345be0e03fcde869d08062a4a4f1c10f8dba9954091b2408ebaa9007514b4c340aac6e594bcebecef7ef6a80af6cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b1741111fac51f672cd41a47096c280f

SHA1
c2803309efb2f6d629971fa29283b1e0d38b6ee4

SHA256
219f4ab7e4551127cef7583519929649bef47d32844d0e943557ca7c7da4cf91

SHA512
1e7305c79db3f3356714e2e85f861ea23339088390ac57ac76d599ed04024e994fce2ead595c92a2f420530c8fe89958eee361f735f0ecf15b43f257b7d12c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
03218ef6b0dff88d7f81f8bc7e533a77

SHA1
325b54450629a1d6cc0ebaf560ce2f762f0607f7

SHA256
b05ed3dd0da168929bab3abc5be89b694d56acdaede26f9813027c1065c474af

SHA512
5595b315f6f7adf5a74d8fc346c5741675dbea394541b5edebd4207f8ebfbe8ad7c033fcdf78fa67aaefb3013002772e566a6d2c1961dbd9c951f1d9d31b2676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b3fbb8a02260d5e41407a7e1af3ee2f6

SHA1
9180c8b9593405936b0fe52272571b63829525d4

SHA256
8c1434a31409aa606a51bdae37e0853597cb408a2cf199f05e02705df3fc15de

SHA512
8a6ec40722054025a8969a80e795b026fc806a0710eb2f9e016feb68cc09a19333404a8a62910e9b0335729fd64e8e1b6250513ffc334dc8d669d96de62eb5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
cfd585ce0db9a1484f8223dc2cfce2f8

SHA1
4e5e287160c05ecdff8acdfa0899faa5bad4de82

SHA256
0bcae3ddcadfadb917e4f910daefde07af8d2708b7795f3a1146102dcf6cf445

SHA512
b45dd6c3231a79155508d807d4b6f839d49e6120841c4f31147a83039515d3358822fa1fa4ae6f770b4369b96f221326c0b80dc2f0cd99d605440b12c93fb648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
18e80cf225091ed4f70b72d3eee87424

SHA1
4bdec282ce91d6a87cfc0961c48115f777ae319b

SHA256
776f0019961f6077dfa2912e2caaa454f3619c6c6f665ea63eb9b25a96121d5d

SHA512
87fdd8bfb4c7c2069894bcebc6e8ad2f241c1115b4549b87a6deeae1205e155fad43ba38a41653e9bfb01cd6f7106ab505e5ca1e0b0ac9902c3c791d7d669b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e1e4acd53cfcd94b9fde0d3196df080

SHA1
7b02e06b9a4426e3fd5a66fcefaf3224ec8a2927

SHA256
3eec941befe589258bb4d56b096d623d49baaef4e8a7becdb585d88ef77cedac

SHA512
1c1f5b661ea8cab7ba21880f6f8638b80313e4be42784c0c597ff0c334ead81518bdfac10473918ee97f4b726dde7eebf8e1e9ac21ea2d8a794a7f62bec83c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c6a3ecc0e3b1b5a72ffd3dd0476f1bf

SHA1
8b9c39bcd110c8f8eb115e10344a0e4843cbf405

SHA256
f66fdc31a667e5a203b660a3d115914ca60c452b3d33f16f19162882cec4e86a

SHA512
97eba4b2813fd18600773fc33e67c7eb22e0b160fa669dd3bc50e7d46ef4bc5b9ab8985667c46dee8e9f34faf48f8c79ff78ceca055f2f5b8a521fd177e78b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56efc4.TMP

Filesize
874B

MD5
ab19f9438580b1fc83e31dd4da639e0c

SHA1
beabb4f06d0e9b510bd620fef8c5bc3e529dba52

SHA256
623a2a826c5c702d561ffa88900a3f77336b1677f5ea15288ef46d2197fd1ffe

SHA512
2324c76fd1c572b95fca93da5f85eaf4f1aff58cf1080845d8edf2e84e13d493f0d69005efe826f7b731874ac07698884e5af8ed69650bdf14b555aa1261b78f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
84797e90a7210ee00069353641fe61e0

SHA1
ede4ade45428cfd8e4b5e020251814994877f85e

SHA256
a9b67e4ce98b3a23c88bd4dd4ea1adcf9e7937d9090fdde12b2607be24df6db9

SHA512
00879f7b136a38b48d38565136b9d8b263e4e4c52cfb22f7ccc3535d274915a5c53d62062005f20835dc911fea939ac2779b8c918d0a4817f7d83273d6a9279b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
540884507f2b9ed849e0dfa118ae240d

SHA1
3a75eda34363e561fb0b2d61d01a3423a6969a21

SHA256
3d4fe09286b77707e5cd377b38952afc446783a81387b55ed342674928761eec

SHA512
9bff4104de048e8645ca892c6ccfae2af5ae8a724db358fbafcb06b9385deb3147627e803ec2c5ee5811e47c69e8b051f30f050a223acc40498a9746ef71fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
b2107913a43cf74384aee35dca10e685

SHA1
a5cb7c6fe4f2fa471742c9c55fbb5779b459330d

SHA256
6fc4f2631d29d57725384e83bcf1df2d57198a6a5322f97fc7308d0f515de944

SHA512
c3dafbe335c406f4c1a2584d9f466b9f46d3f9d751be4675bd22c243023e9a1e9b1b42de26e668e2e5492cc620a27571bbe382d50b3a4bb84f30ac0312148885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
2c34eb1129f147dc95cd6e2cf4f44d51

SHA1
3b6e4b7a17166663e3f898e29fa1d804ebac1dd6

SHA256
acf2d5c7a714c70d57b8f0d99df960984a66a81d7290a174c1e8105161d7cd84

SHA512
b12b62e8941251425a83dc0aacc265e7c1bce9d9d792cb49bdb9d774d2154c7aaf07c93e03068979de29f59a9f1d2caa13d09ed22640d847e3d657725d391dfc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4a2fd19a0f90af5b5252f804691ef8ae

SHA1
e33cd38cd322f93ef51a741ac337ed94620e28c9

SHA256
2c4b9ffeb0d30bf29e6cf9284705355f0ca044e294eea15143c2cc1e342ccf71

SHA512
9dc289f4aed9bc093d480500d95cf21506c6780e68100491585c20fa78069ad77ce7b0453b7f380215ed71b493cd052a1676f28da404c1a417962e240fbd9d8e

Download Submit
C:\Users\Admin\Downloads\d8b611be-d94a-4f5d-9158-7080714fd2a6.tmp

Filesize
910KB

MD5
14963143262d1bbc9b07f882a89a625e

SHA1
e7be71a02046c9bb58b335434c5cee699335dc79

SHA256
0725ee2c004d8bbb7e033fbdbf15401a0e5d2496ea7f2fb29af6ef16d0884284

SHA512
38c2929bff0c1760805f7f14b01bc241f72dedcf8b09660410fd8f6123b386469ffd6f220a866b09c93ed23c4677a8fcd85a1315d6889c7be5b9e5a3c2db8d08

Download Submit