47f07763fe118fbf7145fb3f8fdcc2594bb4824f3288a2d429583eb15e21b271

Analysis

max time kernel
79s
max time network
89s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2023 20:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mercedes_e_class_w124_1985_1995_mult/Run/help.hlp
Size

385KB
MD5

ae91d69caee5fbe1c672b6a0c7201cf7
SHA1

34e821fa076070ea17a8271fd97321c4520b91d8
SHA256

578519c793e7323f746902e430985e293c650507af74ff7f73d6af2cfa9082e6
SHA512

d54724d844c7c01ffcc77e32649504248e523e5806b1114219cbddebd0d854cc30922a152439d6484765ff4ee7650e8d4a1f293b15d5f240501889d2a5025754
SSDEEP

12288:QxTvgDLEA7BGUHr2cLMcVf2J+8xIyLWOEQCANf8LDQ:MjANGpxFz

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d491fbdf-9ff9-4a94-8e29-1d9c0a2e9ce4.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230603202015.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
5036	msedge.exe
5036	msedge.exe
3840	identity_helper.exe
3840	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4136	helppane.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4136	helppane.exe
4136	helppane.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 5036	4136	helppane.exe	83
PID 4136 wrote to memory of 5036	4136	helppane.exe	83
PID 5036 wrote to memory of 4292	5036	msedge.exe	84
PID 5036 wrote to memory of 4292	5036	msedge.exe	84
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1924	5036	msedge.exe	85
PID 5036 wrote to memory of 1932	5036	msedge.exe	86
PID 5036 wrote to memory of 1932	5036	msedge.exe	86
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88
PID 5036 wrote to memory of 3000	5036	msedge.exe	88

C:\Windows\winhlp32.exe
C:\Windows\winhlp32.exe C:\Users\Admin\AppData\Local\Temp\mercedes_e_class_w124_1985_1995_mult\Run\help.hlp
1⤵
PID:1880

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528881
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffba85046f8,0x7ffba8504708,0x7ffba8504718
    3⤵
    PID:4292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
    3⤵
    PID:1924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
    3⤵
    PID:3000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:3856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
    3⤵
    PID:980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
    3⤵
    PID:840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
    3⤵
    PID:2436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
    3⤵
    PID:3232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
    3⤵
    PID:996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
    3⤵
    PID:1296
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
    3⤵
    PID:1424
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:3908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff684335460,0x7ff684335470,0x7ff684335480
      4⤵
      PID:3520
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
    3⤵
    PID:4020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15108429783553376703,8613729385227799045,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
    3⤵
    PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1036

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\18bb51af-e47a-4f00-a68b-3c293e532871.tmp

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
93a2a201ee887e077b3c4c0df58f5e6b

SHA1
14cbf5343f46a5ebee7ce07929f2f231592f62de

SHA256
ab1b8f23f51b5b116a9cb849b145a8e438c486b63105515e6d07df7af8234690

SHA512
c7464fca26c53c66d423966b71a57b8e445a89878d82226b81ceae3195ec1d11b66b61fd5939237bfd5174930549eafb33a282c0b3ddd5b3dd8a4e434ac5e19d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
739d9ac0db85d5c88a2d34c45835bef2

SHA1
ba493c40379610263a8525f599c4898c0a0ef0b7

SHA256
f238c9e8b052deee507a5be8c2e8cafcb5a6de49fddb400bb8919bdd5db1bae1

SHA512
fc66ca5f29be20bbcee0b317568b250769f4a7f0371ae2862445209556a17ecabdab998ef9bd23c1edb271ecae9291043c94a0bec90445d8910f5e87b86ca856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
370e50eb1c35355aa7242dde6b8260ab

SHA1
c34037000c43e2120462b3db8dd7ce7a21426b95

SHA256
07f69b757689c244a1d06f3154583b51810f5a6ed03806e43268ab89224c14c1

SHA512
88887723836f2f0510b39dea8945822d9cee7cd05b5e6b9b7c9a0175fba6b0bf3c30410f0ac143f938c4fe559fa059473e27a99486fda3401738d3ae7bbe69ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1010B

MD5
6b4454b246218864cc1b193bb18a466c

SHA1
80bb2ba9ede75405bd330596fe1b9f23bbbcf1fa

SHA256
2fe05cc3611ac5b00306d1f606c7e51024cf15a862ff114dac642a1b8f93a41e

SHA512
04ee526dbef49df6886b16a42279a0d79b559b5eff470458e839a2181c0e9e9b458fca4a64099d83080170902f0632ef5d714f4a32f0b445164cd6c57d7e81c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d1ea263e2f3adcbf9e2711670c115062

SHA1
b41d60d6e15f0ff519fe936af4ffd9d0259f5aed

SHA256
c251c13644327520743427c25c551b0bd440789684b0abf15ed349fbba6a4a09

SHA512
4b3c896a83c87d303d70e8cd3715a604a20ef037b29a21810e0f56445b22ac33b61a9f5ed9c691605c42ed7566d16f525b9a1236bfd4f6ed7c9035552aafb302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
1192e20b41f558ceef0069e8eb380ea0

SHA1
803f00feac9bd843fd9cd74145ec3e66a63b4ceb

SHA256
87192e921603e2d138b31b9b18ff85e3629b783698c36192c70541f1d50c040d

SHA512
eef50377048426e3525917fcb0713087f7c49fbc88f2dfa18d750ad578ac092ef374d4888f266e85f9a5ea38cbf38add797da7bf6e6ac047d8a4c075828637d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe40399ae4026fe40af0e93b653cb880

SHA1
9973f4ec9ce9c0700a2ba04561d733bf997127e8

SHA256
da8594e0fd46edc04033aaead5acca6dc58c2df7651d5eb13a514abdcd1b20b3

SHA512
91102418dc37b47cc5f2f66af61bb8d1cba05fced2fad1d28762f8eb1adb8075519130515dc2985f8492b50bce4400974f72c0cd6ce7c106e9d9804e6e4eb383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3d874cbf2372e29aa7bde5be5e1db4b3

SHA1
a9214d4e1ddfd7f4cbe8fc61f838f9f2a2f2f26f

SHA256
84c9c0c31f068bcdc2258102ef25547073b785cfedc7345f510de21dd6096000

SHA512
8f90c381382b2a95c3ba3fe941429cc70094c92e78668a54ac88ed3e030c14ee7c3ba8ee7f450533456fd1933663b4c300f265da972fc0493aa409cc17b9fe10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
51192590e572a61635532f04ac563c98

SHA1
57ff7faa7609dcdf297fda61f8a71d7b5baeb89e

SHA256
cd9a248dbf48503e857a9eacef3b3ada2d36e8419efe47c0d7d6032053d7d8a6

SHA512
59cc3a9ab0a48e1c17fe6dffa8626c308a4ef81afb277da6116df8eac914d57ed501baab7c804f13167bbc29548d36d203edbdb2178a3071d415ffbb02a5f6c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56f3da.TMP

Filesize
1KB

MD5
7f095c1faaa9bedd818080fd3f29d4b1

SHA1
e8e900b9ab25baa2817b4a0127a3dc1936e15b6c

SHA256
e3ef0ca0df664ed4deabedf8fd599ac017f640cb0b4ba7133a710fafa05dffc7

SHA512
b0ffde321ea412531fdf6429b386163f3f96b66955ea50dab0eee2fa080654a8ad8a711ebc28434522db07a98869a8006d7a219db779b2062bbb241571b27ecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
3d1557e05cc69a9fb0ad02a410f059cd

SHA1
6cf16d14b55cbcaec8b9bff084c252cb2163ef1d

SHA256
ea33d61e071e77a4070ad62098228c61531f10276ebd5b408ad90d696bc01eb7

SHA512
d9948bc78db7f6eabbb8963dddee88963bb38d877b26c834778aad7c429ce08f484e53221031ddf46112aa4e17c84c71316ca2ddb7c224d2220edafd0039ae56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
76689f7479b2ff2368eadd5a83dc4c23

SHA1
dc78acb59c2a3cd78104095fde2210baa42ef380

SHA256
7f486ffdbfb6f47b224ff45bcf9b0d959d419a8332bf698653132ac1b1322738

SHA512
16e71dbd448acbc9dd0a55f9d5d2702b96d39e40d8d92989314141271521463e8e4a5dd563ccb8cb95a87d52ed79e2f982be9bb6f80ece8624bbb7804a8db1e4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
e72dfc72051fe7eed3a8ea7a14f4db50

SHA1
e7ee8750f0ad2fc128b34a5bbaaffbb15fe1a1a8

SHA256
1e128fe67bce88cefd1cccce5a550009b16b85d89288408fb2b7fa19823c6250

SHA512
3249230d86a3f767bcfdb35bebbe57f277b299142af40cfa339ee9aad918562112a59cb724839b65c153d17795bd71baf3b247bff6fc8041adec2cfb3fe740c3

Download Submit