8d67d286393f5a26d491fe329e0bad916b6e918f1607d80ad8cd396b1b5fa40c

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2023, 08:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8d67d286393f5a26d491fe329e0bad916b6e918f1607d80ad8cd396b1b5fa40c.exe
Size

835KB
MD5

f182c77a42e3b1e7cbe6325eb9838b4b
SHA1

378a3551da73bf3e1f6d071ea8572d97607f1b4e
SHA256

8d67d286393f5a26d491fe329e0bad916b6e918f1607d80ad8cd396b1b5fa40c
SHA512

eb120e02645f1c351073656a84c2660636a70a001b8741da5e029be056ac9fe01b74b8761bfc2da18c2e10b1eb0bde17a195f3ea88a9736fc1fb4dfc764740f7
SSDEEP

12288:Sc4Ji0Q6xXjPRHiAy85M3xfB8CKLXhX2+kPNgeNSOhew7ceteiX8qaBRwN7qablg:ScAZrO8ZXhGrN94Wt7cetjX8JBwxzM

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\747be45a-0227-423b-b96d-a8c7a5b1b5e9.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230609085857.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
876	msedge.exe
876	msedge.exe
4956	identity_helper.exe
4956	identity_helper.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
876	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
876	msedge.exe
876	msedge.exe
876	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 876	5008	8d67d286393f5a26d491fe329e0bad916b6e918f1607d80ad8cd396b1b5fa40c.exe	82
PID 5008 wrote to memory of 876	5008	8d67d286393f5a26d491fe329e0bad916b6e918f1607d80ad8cd396b1b5fa40c.exe	82
PID 876 wrote to memory of 2776	876	msedge.exe	83
PID 876 wrote to memory of 2776	876	msedge.exe	83
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1812	876	msedge.exe	84
PID 876 wrote to memory of 1840	876	msedge.exe	85
PID 876 wrote to memory of 1840	876	msedge.exe	85
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87
PID 876 wrote to memory of 2688	876	msedge.exe	87

C:\Users\Admin\AppData\Local\Temp\8d67d286393f5a26d491fe329e0bad916b6e918f1607d80ad8cd396b1b5fa40c.exe
"C:\Users\Admin\AppData\Local\Temp\8d67d286393f5a26d491fe329e0bad916b6e918f1607d80ad8cd396b1b5fa40c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ni.com/rteFinder?dest=lvrte&version=14.0&platform=Win7_32&lang=en
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd730246f8,0x7ffd73024708,0x7ffd73024718
    3⤵
    PID:2776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
    3⤵
    PID:1812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
    3⤵
    PID:2688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:4604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:4696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
    3⤵
    PID:4972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
    3⤵
    PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
    3⤵
    PID:2300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
    3⤵
    PID:5012
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
    3⤵
    PID:3884
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x130,0x224,0x228,0x218,0x22c,0x7ff687925460,0x7ff687925470,0x7ff687925480
      4⤵
      PID:2368
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
    3⤵
    PID:3700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
    3⤵
    PID:2132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9007197111092326901,6223042431788489606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1272 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2416

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
7d528ce05785453d0e684e0b4a766c2b

SHA1
082e0b3572855233720e7e824eb3f2ebacceaca0

SHA256
f39425dd4c1034114c4165175701bb3c1dce82cf75ed39d460865fe165ea0fa2

SHA512
d8cf444b986fac049cb8567092f63f6a1f22d0e3786b570a0a174ca76dda0cacb267dc1685a63599e215f460eda830987ee081912e051152bd42c6025ce03fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
b61b077560c9cf155cc022ce5b53fcd4

SHA1
6a0b57ea9ae7e093efe2f14a7758d8ea32d5fe7a

SHA256
143e63be13936db49a4b2331f0d645751ee623dcebc40decb4482c61e10b0f2d

SHA512
eab8e880cbe0acf2ff5050f7c6a822d765da4a4e2d3b1697fe3b0caebf148193c3373421f9e924f943cca97da60ff57c793bb77b484129173c2979344af24d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
2aa16cc9a09aae88a0536deb2a85b740

SHA1
4fcb558eb3a06f67a8de91e6d627e7d31e6650ae

SHA256
51ecd59b3699ece6fc5abacf3b493b562ec7bf530a674d71ea4efe4ec5bf189f

SHA512
d5ac75050c5a43faa2584382606154012a35fbd2fad7357778e4474b3383021f2ce5ecfae296d066e8c3d02461abad77686151bb42015f531e9163cc0128541c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
159031fb5fe07f1a9ff796f1dfe524d1

SHA1
be815143b00f1b9f1add14cf26291d27d29997b0

SHA256
a96870b75704b1e6ed564016436e80c3e482021fb05c8e74e8431d40e52d2a6d

SHA512
989709e3f17fa12deb38431a338cb6d7f4de7a94f6eb1d5fd1a99c950f908e3b8d4caab19778352b89f2912f785d6b59047932bfbf055c739305379ddfc567ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bcbd5c3032f9c5917f17d291b9f9eba1

SHA1
765fb7eed83761cffb73f06696f36ed5b5d72690

SHA256
38b6d1efa05725997ca72f8dfa5de17fe132d72bb581c02fd0518a868c252f19

SHA512
b191b78197f9b872736294cfe3b800d97c9d566a1820814206e76a9efced7bd37d9eea6f6ea3f44618ce2b6d45604d9386c2c741efe501e9d2c9f5b06a2aa548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
cefbdf2808d9341c341978014de98915

SHA1
a20cda71ebc6e0cbd2b14700e2b008c1227481c9

SHA256
17ee3b2baceb420c3635d90661fa60c4491ea5ac3a9eb1179278f69bf476cd2a

SHA512
de5d2674b773a1e133f43c597894ee9165e00e449d630fda07413117732574a387ac74e48dcacfb29c1c49ecef4bbaeed5c26fbadce8cbc6c693e462b5458cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
897db2925d40b33c03012ff187af7d56

SHA1
bd319a856a483e6992abe6837a19a8701d230bb3

SHA256
5470db43b270eb9d3a5f971975019a3e7bc98e0931947aff807d61c575fdaba1

SHA512
fb1386f884339011f0b46698d98bdb3aabbaba817c24011e5cf2966d757aad24937bce8a1f1d502963633bebc9d9ff27dc7012bd3c03ee5e32f1a197b595c68c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3d874cbf2372e29aa7bde5be5e1db4b3

SHA1
a9214d4e1ddfd7f4cbe8fc61f838f9f2a2f2f26f

SHA256
84c9c0c31f068bcdc2258102ef25547073b785cfedc7345f510de21dd6096000

SHA512
8f90c381382b2a95c3ba3fe941429cc70094c92e78668a54ac88ed3e030c14ee7c3ba8ee7f450533456fd1933663b4c300f265da972fc0493aa409cc17b9fe10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
0de118066774e021693deb85873b8e23

SHA1
16fa99432d2e4b89f553dbdb8b6caabe3614f601

SHA256
848e92ed8d255e4aefb832d91dfbd8881514ff643b1e57494e3aa10a409ef376

SHA512
44a401b65571f377ecc253433d0f2ba79baa231f695dffe41469d30d62888cf106c54120caa00f6b8c13bea165f331f503bdb58f6ac558cf414cf911afc11f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
4dd4e2c8f1909704fa4f32d024882c41

SHA1
c873eeb9e340a8e6af47617ca46c2fa051ef95a4

SHA256
a98d5f13bda6041ba242dcb81b198e023004ee13411c9ce3ab65eeffdd4a229c

SHA512
45da25b884cf594a723e0802072eea8d463a0f5964d81fe0faf3b5e7fc6ff6ccbf860f86121f9c84760acca1679201987ea8f44e6418c0af86bb54e529c0c8c6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
d78630d766bd34ba22e86b3e581c73c2

SHA1
d106de58dbf05e717494cee8d16bf0d2122e2923

SHA256
a962d873b441169d7ee04129a327ef446b7179f2c3f4698bef0e048de5a25def

SHA512
2ee7c471ed5e53c45754911f3e8074397aaaa210bcbe3b360ccc73e8145bf2678946954de2e96479677da40d7b1866752d049898ecb219ac186047971d7360b5

Download Submit