6ae2b903b9e73ecac6542c15a01cfa044c06ff575b8f86e44e03140a35bea87f

Analysis

max time kernel
1794s
max time network
1694s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2023, 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12.bat
Size

49B
MD5

354ee47d9b7f0877aaecd8db36e01468
SHA1

9bd07f39a7b4980f4565c6a3a47f15d783707df0
SHA256

6ae2b903b9e73ecac6542c15a01cfa044c06ff575b8f86e44e03140a35bea87f
SHA512

20735574ef7634039d9de979e088193eb63d0682c602d2ecaa0296b72e5636de41b53a802d6ce205fc7334c7716c4add716de87205500c0384a55a5265a653f7

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230520191313.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\ac539681-74a6-46d2-bdd0-863d77de184c.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1336	msedge.exe
1336	msedge.exe
2936	msedge.exe
2936	msedge.exe
4940	identity_helper.exe
4940	identity_helper.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 2936	4388	cmd.exe	84
PID 4388 wrote to memory of 2936	4388	cmd.exe	84
PID 2936 wrote to memory of 4428	2936	msedge.exe	86
PID 2936 wrote to memory of 4428	2936	msedge.exe	86
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 4356	2936	msedge.exe	87
PID 2936 wrote to memory of 1336	2936	msedge.exe	88
PID 2936 wrote to memory of 1336	2936	msedge.exe	88
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89
PID 2936 wrote to memory of 4180	2936	msedge.exe	89

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\12.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Xhackerprog/XWorm
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc04c946f8,0x7ffc04c94708,0x7ffc04c94718
    3⤵
    PID:4428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8191988538729269106,10779885227835568443,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
    3⤵
    PID:4356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8191988538729269106,10779885227835568443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,8191988538729269106,10779885227835568443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
    3⤵
    PID:4180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8191988538729269106,10779885227835568443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
    3⤵
    PID:4440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8191988538729269106,10779885227835568443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
    3⤵
    PID:3136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8191988538729269106,10779885227835568443,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
    3⤵
    PID:4488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8191988538729269106,10779885227835568443,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
    3⤵
    PID:4820
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8191988538729269106,10779885227835568443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
    3⤵
    PID:2492
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:2724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe4,0xe0,0x118,0x10c,0x11c,0x7ff7721f5460,0x7ff7721f5470,0x7ff7721f5480
      4⤵
      PID:4500
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8191988538729269106,10779885227835568443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8191988538729269106,10779885227835568443,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
    3⤵
    PID:540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8191988538729269106,10779885227835568443,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
    3⤵
    PID:4240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8191988538729269106,10779885227835568443,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5252 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
e59d25430e703a2cd6d0949bc4e2bcda

SHA1
18275bc11bdfda2904b050376f9fef561e318fde

SHA256
0238139a052617b91a2230bb13a99ed87d3b0916b7e9692c35136f0810ec2046

SHA512
0145a4158aebfef6ef4979d2f42141edca7c347a87a4eb3fec71011a7c3f649df6c28398a00f92a3e86d3defe64d7a48a47aff3fdb1c12134a7a61f0e96bfffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
6d50492c6fa20eb4336881c14ec24398

SHA1
b232b23f14e66f5fc755604c776edf200ed15898

SHA256
8b7b45000f421e16c2fa9e17a2b09560705bf0c63e510113faa18bcb0b6adaf7

SHA512
569fe42a4ba826519b5efb84d63d135c4755711f4c4b7017241c6f43a6390fb563043f7f849834e83b5f6f6a93529daef69105ec063ba6535efef6f1097fa74c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
8808153f41171370803be4ce81699b86

SHA1
4c5737e83b7ca565e91ebc2de59dba877838491e

SHA256
60334e7950f8c01a41b039c7deb8d72aee7d81838c24f44f3bdacb58972c98f3

SHA512
dd4c78530a0931f070fe433454a13e0cd4992cf5c2d47a2b208048630dedc2fadb495f8de273b8bfc2b199de12ffb1b6858ed47782f18a171a3eb29809d33c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
b12ee6b010e965ed924892682077404b

SHA1
cc06dbdc7cf807fb8aa0f90749f5f07c2fcf55fa

SHA256
fefc13d455791d6cc3d8bee48121ca6d7c21e147fd45c504f236bce95e0ea58d

SHA512
b4178d1bc5b95dbabbc5dd1f902f2601b39904279d56b725a9c4aeacf9c27860c02207b1409298c911976540a30eb194c469f7fea64cb3a117755e57a56c3e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
826b9603dc3f4ff6ee348bd8ee9dfc75

SHA1
6d69a893ccfb8e2b0fda4bc596ecec5d2b2144c0

SHA256
f469cb631e69a28378917ca9c738cdb0c11c16295a2765cc230065c36c7bb26b

SHA512
0ace2a072ed3dd78eb67814327918e870ee0b3af9719fb354e4fa6ab6366d9a5077b1b70c24dc11f7b6095d67dbd876a2f127535f6ffbb3f7c7970c95b8eaf05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
b49c98483467b4dcf387d32510f07fe4

SHA1
920b6228b703f31d2497acbe0d5a1ce47a07559d

SHA256
dfaeeea2795d642f8a52b2f2d425b4da2383c8d657a9f637c403f4c33ec3fba3

SHA512
7ff1d282862f4ab3116ff34e637bb5fb3f0553e1dcfe147c6ccadf080bdc08d6f3edc4735dc19db1f258647c44261a4a110ace45a2bad9019e3705915fa6b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
76e66231f8ebbf084b281aecf5fbd311

SHA1
333abe305129c9cf870b3cac771b48df385a08c1

SHA256
00fcbfa9dfd2cf91e7d3ed68b3697a8a2e59e23c26dd086204708a501cc39b03

SHA512
ab860b29902989cb9c13eb8fc8b01ed40ffe6bb575d920b35204b48d62273d645af2c05d616db981e4278520f86253c5c5d554bf4c002835c20345f1973c772a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1e5ba0451ff36f3ea9e13836ff06ff26

SHA1
29d9432a220b56a8aff2ec973bd6006dad895117

SHA256
be939c53dedb05948868aab0d04a7a31d9883884262e1da601e23cf95ca80951

SHA512
10247ac659e1ad79d1984e617f9ded79cbddfe9c69177968f385729cf7d934c3ca82d4da8ad5dc025336b2ffdb0fbb7629fc0c400896304a5a71a001d030ee9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
dd678d86060d64ec52e28e40b85ad056

SHA1
e3cdc4731acd182b9ada9d01fe9e173d17070841

SHA256
8c9e936c0ea7f8e1ffb6542d00eba08c9308f65fe7fa5e74f55a2b20d09953dc

SHA512
7e83dbc33f99a836693f0c257546dd055cf2cd4315fa6b528bfcb9823923125737468f30a66fbdc59dac619e0518596ab771197ee597109252f7371072ba62b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
855b7af53c0e27ccea9f1db0f3eee09f

SHA1
2892dad59e5475d22f3466a62f88dd1c106ab7fa

SHA256
3016d938ab93afcf63294d5cfd53c02f4a7d63a0065f03cd6cbce3ced33d6aba

SHA512
b140488d5b2be7cb4c77e4befdb9a58006bfc9b578b1e733d58f44a1fb13a19faa550be8804af4c6c170bafeafd36451a3bd214a56c00df266fcbf58489eb65f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
fea20e8652fe38c67798c2ce15eb8d4f

SHA1
614bd551b2c760f94befbf38a3c097352d783849

SHA256
013904511631ebcf10a6c7100f6d1856f2d8c54a2d2970e9615ec1827683de21

SHA512
3a242589e441cc63908746d21c4ddd867c738adcbc6f04724b03e978a61f9b17974ed24995a79264cc88e57bd1483733cdf63fdaac47916871ebeca9303e9c80

Download Submit