b9715d91c06e8f86b11fccf8618739748274296bed2734e03a1435d67304bfe6

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2023, 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9715d91c06e8f86b11fccf8618739748274296bed2734e03a1435d67304bfe6.dll
Size

1.6MB
MD5

417eb4fff31001da2c49979330b0b6d7
SHA1

34f5d59a01e62f8a4cd489e31881b80a513f589b
SHA256

b9715d91c06e8f86b11fccf8618739748274296bed2734e03a1435d67304bfe6
SHA512

305b26b142bc904a289e29016185255e0ec1e47f904a80fb2f3a5842fb2a76c62b584e01b72d2c12b960fb23b8e8d8be78cb5845b1d91fbe80f7269dcc26a718
SSDEEP

24576:HxwjZOPlxAAHQ6YHGhwdmAQ4NBFpvKrYoOtMkT5TrzOgvlUUTVzyQ0y2mL92fE6u:H2joAAAro8x5TVlUcV+Q0y2VZgWw

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\a15fa33a-997a-4471-8f31-900afc453861.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230605195158.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3040	rundll32.exe
3040	rundll32.exe
3040	rundll32.exe
3040	rundll32.exe
4232	msedge.exe
4232	msedge.exe
1232	msedge.exe
1232	msedge.exe
4600	identity_helper.exe
4600	identity_helper.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1232	msedge.exe
1232	msedge.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
3040	rundll32.exe
3040	rundll32.exe
3040	rundll32.exe
3040	rundll32.exe
3040	rundll32.exe
3040	rundll32.exe
3040	rundll32.exe
3040	rundll32.exe
3040	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 3040	3944	rundll32.exe	82
PID 3944 wrote to memory of 3040	3944	rundll32.exe	82
PID 3944 wrote to memory of 3040	3944	rundll32.exe	82
PID 3040 wrote to memory of 1232	3040	rundll32.exe	83
PID 3040 wrote to memory of 1232	3040	rundll32.exe	83
PID 1232 wrote to memory of 1080	1232	msedge.exe	84
PID 1232 wrote to memory of 1080	1232	msedge.exe	84
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 3076	1232	msedge.exe	87
PID 1232 wrote to memory of 4232	1232	msedge.exe	86
PID 1232 wrote to memory of 4232	1232	msedge.exe	86
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88
PID 1232 wrote to memory of 3992	1232	msedge.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9715d91c06e8f86b11fccf8618739748274296bed2734e03a1435d67304bfe6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9715d91c06e8f86b11fccf8618739748274296bed2734e03a1435d67304bfe6.dll,#1
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https:///
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff239f46f8,0x7fff239f4708,0x7fff239f4718
      4⤵
      PID:1080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,14904629641068873977,14167577368873411224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,14904629641068873977,14167577368873411224,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
      4⤵
      PID:3076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,14904629641068873977,14167577368873411224,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
      4⤵
      PID:3992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14904629641068873977,14167577368873411224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
      4⤵
      PID:3808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14904629641068873977,14167577368873411224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
      4⤵
      PID:4684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14904629641068873977,14167577368873411224,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
      4⤵
      PID:1444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14904629641068873977,14167577368873411224,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
      4⤵
      PID:3180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14904629641068873977,14167577368873411224,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
      4⤵
      PID:5116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14904629641068873977,14167577368873411224,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
      4⤵
      PID:4664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,14904629641068873977,14167577368873411224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
      4⤵
      PID:2720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:3904
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7485a5460,0x7ff7485a5470,0x7ff7485a5480
        5⤵
        
        PID:3920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,14904629641068873977,14167577368873411224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14904629641068873977,14167577368873411224,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
      4⤵
      PID:888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,14904629641068873977,14167577368873411224,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5404 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1e9ab6a9-92e6-4905-8a56-bdb6155b1c46.tmp

Filesize
9KB

MD5
0a2dfe47734dce873fcf865cabd99970

SHA1
f3fbc3584b121060ee67ad0291f4a970b4217335

SHA256
d51a3a94af77f4668b84d21e202e4803bc8dad20abd8f6a26139238e71b5acee

SHA512
42d1cb1579e8283ff3e3613bb70d312490e39b41d4cb7d7482dad21b390870e739fd4fe677900650c3be4f5da531486846b300b8fd95f5411b9494fe2d089218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3bc399b0-74e9-4698-abf9-065f31119bcc.tmp

Filesize
12KB

MD5
fb137fe9852c0bed1657841761735bef

SHA1
fa8982d7cb11cfe138b186e1f4cdac2ca3cee4d0

SHA256
f7d4c717b5ad906d1044db13400d866a27c446629a4b10173546626447b49d99

SHA512
5f36800fe6016defdcc6efa1a4d192e0acc271d1ff7029d06c1db2b9362e65e27d67532a5a10be8fed1099e88bc67940e90aff59c968eac6da32e62c89fb37b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
03f9f079680dcf3f59f609793623d7b6

SHA1
df0f2d74e1000134417f1463d59306b803f99256

SHA256
c7661511b7d4ec97d9d3d3e8bc163205d08b13c93856cc0f8ec391f0d6ceedb4

SHA512
3cd543e802c9192303d80fbc9b6cced3dd1ffdb6bc999e3e407c824b7243fb3e75359af01bcca53216d699249dd51899c5b31f58bd6148ec488af5a3f0b679ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
f9a33d4d71b9b023e36c80fd2b9df956

SHA1
00bf5aaafc426f567733758692f27d8f84f71a15

SHA256
36bac8b47c0d7a40f3a68bb76cc782937f74dc6c3998d59108d36aaaa9d9fea3

SHA512
db573f6d2e1bed5c8a2d90317eedddb556e1256b4c2a0d6c6d947efb44c381b6c6a47b78f6f334ee707f8f95861827bec351b21b3b99b4b90ec1ff78f6db8066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8ba287175df3b3e69195c3bbcc48eedb

SHA1
ad5fec1803179429ecb59e53b5b46d9282919a9c

SHA256
4473f0c89cd44a2aee50eb112bf7cbd131ec1befc251ff33bfe83103e5e3669d

SHA512
ff693240639ac2a893b88ac775593b1ba3847e5766a37f61338e53857b080e7e0b018f848cfc1f431f3be5b2006c15df3b04ae8af2210286fb69ac34a7c47219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a46a63f0161148482c3fd40ac6e72ff1

SHA1
e103d76f0f78f1cf9f650c4c0168bc8af6e980d8

SHA256
85cf957ee6a59a65cad614abf5bb1651d4368afce0cd05ba30c523f19a5367f0

SHA512
36a7d737d866318eb6331d14237c93201197ac5c4e5d50f277ba5a2a0a57d7bc4e474ffd4989c54c28234db418e4428d5e59454a5930bc39506352757392ea47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1e5ba0451ff36f3ea9e13836ff06ff26

SHA1
29d9432a220b56a8aff2ec973bd6006dad895117

SHA256
be939c53dedb05948868aab0d04a7a31d9883884262e1da601e23cf95ca80951

SHA512
10247ac659e1ad79d1984e617f9ded79cbddfe9c69177968f385729cf7d934c3ca82d4da8ad5dc025336b2ffdb0fbb7629fc0c400896304a5a71a001d030ee9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f75b9e7d0bcaac4ba30e43545c64b134

SHA1
4a4353cc73267d46fc2d9e460370a2429c9b2e0c

SHA256
8b07d6cc3ace6121b0f7fb315fadb04a960d36ff3fce65186f46f3527549ac9c

SHA512
564120d090ed38de987e298c3de2b5f951b9e1dbc7e30fe1572921465a7bab741d40c44f2c30df697a14c2b31bc338a4759e5143a9d672cfcbfed84e54d1f6c0

Download Submit