97b46b64e5f54c40261023e171fc4085c765b494f322f133fa28ee7f4803f55c

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2023 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Autotune8Full/Autotune8Full/SubAlCanal.url
Size

156B
MD5

257f03a462bdb04a24c0d604db182361
SHA1

c6eb49bdcc922bb0e3004916a8efe82ddbadeb70
SHA256

9f6aeaaad74fa913b8de89ddf3e74a89d8661d5a71ef6a4a5e56b9496839690a
SHA512

9d413df5b76b569c27bf89b6a09852435dca0645aa780025e83b2e8bab3e4584da7db622b3e35de919984f6c073df0b97f5e09c3e086fdbf642b22d207b1dd13

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\38bb0d48-3ff6-441b-b0de-7b135f645c8e.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230628161510.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3952	msedge.exe
3952	msedge.exe
1364	msedge.exe
1364	msedge.exe
1280	identity_helper.exe
1280	identity_helper.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4272	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4272	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 1364	1748	rundll32.exe	83
PID 1748 wrote to memory of 1364	1748	rundll32.exe	83
PID 1364 wrote to memory of 4040	1364	msedge.exe	86
PID 1364 wrote to memory of 4040	1364	msedge.exe	86
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 464	1364	msedge.exe	88
PID 1364 wrote to memory of 3952	1364	msedge.exe	89
PID 1364 wrote to memory of 3952	1364	msedge.exe	89
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90
PID 1364 wrote to memory of 3908	1364	msedge.exe	90

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Autotune8Full\Autotune8Full\SubAlCanal.url
1⤵
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UC6AM2wxUcvTPL9bSY_s2ZAA
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xb0,0x104,0x7ffbd01146f8,0x7ffbd0114708,0x7ffbd0114718
    3⤵
    PID:4040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
    3⤵
    PID:3908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
    3⤵
    PID:1012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
    3⤵
    PID:3232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1
    3⤵
    PID:5044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 /prefetch:8
    3⤵
    PID:2700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
    3⤵
    PID:4452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
    3⤵
    PID:3424
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
    3⤵
    PID:3888
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff752b15460,0x7ff752b15470,0x7ff752b15480
      4⤵
      PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
    3⤵
    PID:3420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
    3⤵
    PID:4976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,867638724065014129,13961250504919889767,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4500 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:428

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338 0x518
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c032c944f0c68db2f9bc2541ba822212

SHA1
a829f6cf1e7f3f796eeb68ef3525d7f3d177a38a

SHA256
1b4b0d7b255a79089375c9c200df8f48c8536ec99752f877e9090af9dd8e4127

SHA512
cc22cf70c068f1b5c518a8d3302cbb5a79a66929488cd34939f7743aaa999cba091f182701cdda5872b6b93cf89d396b809b0b7f6f2d5f6e7ad1b5102623cf7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0db402062b0af9ebbf6385372ca8d0b

SHA1
af778006b22dbafed0ffc708c2a08c75866173ef

SHA256
3496117f92c5f4f895aa007bdb10496eaf20edbc77be2abeef611fbc082c1827

SHA512
a38b4bcac17c451d7a34a90f3612436adf0d896e5c074de11af59fb1a8abe1bb4536b3efd3e00565fbfba296a59fa46415b7d0468ba6f00110ca605c9760eae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
f6552584a9562ec2a858675bd3c460b7

SHA1
bd8697f2e446d8ea76e91378965539338283b0b1

SHA256
b992fbe7300eb9f6fc16c538766116d3a5bbc7cde04d474c6611ec6b10f210a8

SHA512
eacca5c4049d6aae0085aeb73eab78766374b3eed52ac002dcfdcd900045c6e5f0e6fa1e7a40bbd78747357eded7121b7c5e3a421bcac2ffaa78e285d20429db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
967aa63bdcd702d4331d502acc2589d5

SHA1
b248f9236d63dc5a76b797dd88c0d5d4f13f3b2a

SHA256
8834312628973cc4de8f3fca7ea739d3a7ece1714a151ee8464a05566516529f

SHA512
9cf457a8fd30c9544d526ac7f95e14f0d683ebaeb13b305579604cfef48d5cdab20b4e03d9bf9c947bbea55fc11f6d7498b8a9f1e75676f81d1dce9f14ca90a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
36e78b4320b2879ca8d9f64695bfd704

SHA1
e8812cf3da516590fcb2de1d5c1baab8dc409443

SHA256
106b2099494d8d34f15785350a0e05bf37f4c7d714ca65edb8100089cb5e4562

SHA512
82eee9fde583e5cb07ef85617975aa9026d751ff58bdaa3515b545ab76e26888edf3590799300e110995e901702585004834b6a696a90acd8e0d8e8364978975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c70209487a996ffab6985b1601295e31

SHA1
5c65821e91a3bd8be0e4f9870b3a90ed742bca9c

SHA256
0b5773fa8bcbf701c137cf97f7d35c4e0220c91037fa83628869a68ca9d4e5c9

SHA512
10e9fb53bbbf9cee4b27aef99de01295c394530f99076be9abe5dfa54bf0d4875bdcd95c3f71385aac0a3200e1caa7918f5f53022a4bbf75e9bb22835c82d2b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f9de5f3d295fd0d5fba494483c067750

SHA1
fedec1ea4ddfb211af159a97b91e30bff9ea92bd

SHA256
57d6d79c26b54f0725ece36b912928bc993f064102ceda87299873a98adc3d90

SHA512
7885a3df2b64d775a82229fe54d2451e44284774eb40426565147d1c4c2396fe78308dfb87334e4a13b8dab4cd603957c3ff4ef400d658baffcc64e25f5d3f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6a746739f978ac61809fb756c5e5792e

SHA1
f49244f0ec5c4517e33fcac78c13232ace21841b

SHA256
b9ecda44950801276441f5eb291b7edf14bbe7858788b3728bc50cdb19f3cd06

SHA512
3a54aac1155a5c04e3b81e7aa192261198a2b9bc63223edf8f051d8979f9923c2a6313a1ee2a07103a16f63dc5febd9627dae6eb91e03b9f79e86db718eab666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1022e75b6c0fd3fda1fd8d854a5546f

SHA1
20987d431d1e754722e7118f431ef27acf8820a1

SHA256
77ac837b151442b48b612bbfb8e60891ad29cae17d688c73523118a863b0d295

SHA512
573114775024a2dd8a855324443d42e117be87aef5432b424b66f77a3168d53aa7c27147dc511ba854cb107bfd08f32c13735ae45ce53c42aadfe6f5622aa302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af1b5b00e73ca8f85b1507d6f64e4cdc

SHA1
1ed5f95b7faf8b88c7a7a2d2d4c3456c458bd06c

SHA256
86996c817fd46be380d223843260e666b560243f69c54d19235b774cb45e7b1d

SHA512
2db0578536596ec27760075212e41bb6841652ab284517dbb3f11c1f34075aa561752c7c309563d3af358094c1f0e2913e1479f7357a10a277cbe123e25275a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d5f6e43b9bb30966d0bc507edaa766af

SHA1
f55430cdf8aac488b7e726277ff47551de8f6b3c

SHA256
26c3c700f69edb0a1ef22ad9cabc4c126967093a008638d4b9e91aea558f7053

SHA512
580548318c413a964558422b0cbd1b05cc46f9cba53b59e2818f768f8ee9f8e3838981d686b2e82f24b3b62145cb7f1240c7602adddfabef6356730413310713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
08ec5969be8e3995de1976a77b350ccc

SHA1
938c9a5df356d118c9e435ced818d217d55f70ee

SHA256
3eba1c53e369cbeee335d13b78116c4a74b4d4ca79531e89f6250324ca253b0b

SHA512
34c17b46774153ee3e5d0598d5300f2b336afb1d5ebd472b8da831f6dde0efd2137bd0a95a034c98e11953bbc9b06f076a8e25239f516bd5a46b06be37a90f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7430e592-d952-405e-b39e-6f55deceb40c\index-dir\the-real-index

Filesize
624B

MD5
829ae41f87eaadde31fea61d4cd7e309

SHA1
81fe7fc3ff9e9e2309f9eefe2fa8f6fd714098c4

SHA256
3e6ed417159522dabd616be588da0c0f0a965e9f5ac4068769b2a276e6dbfe25

SHA512
8f18ba878b7219ed2f261e15b4f0b444f1e6697c925ead2e396eedd4c4a86d45df0b89d7f03c3e09831845f0f6df3586986c003924485960e485ee586d87723f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7430e592-d952-405e-b39e-6f55deceb40c\index-dir\the-real-index~RFe571211.TMP

Filesize
48B

MD5
2901c1c3318bf7d76b7eea65541ed96b

SHA1
909ef82b17fd152730bb518a941cccf6e4f67efd

SHA256
fe64da2ca02d5cfedd77799fa7391a3022997bca1608fd24558065c0a94cc2f0

SHA512
558175d4f7b34da48df9755e95c3afbd52d7828ac9e2f529ce2462109a7f39b0f529532fe607a20885032472c42a7391333b22a05001936274b1118994765a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a8e5228e-6fbc-4ba0-a2b4-1f1dd5e439d9\index-dir\the-real-index

Filesize
2KB

MD5
5590504945835a1db11097e330c32f57

SHA1
5037cde1ae0cee33a0f764224616e2cd61d8c5cb

SHA256
571af524cf35e8b7ced7398f63d490e84400628262428bc4f31305ccd5807e2b

SHA512
5e550336bebd1411c49df88f66f5fd875123bde5f49f3dc53b3a33156918228d3064fa872bf5b889db6628bd89c9e8073511379278549238a37ca8c0e64ec5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a8e5228e-6fbc-4ba0-a2b4-1f1dd5e439d9\index-dir\the-real-index~RFe57106b.TMP

Filesize
48B

MD5
d9236e531601d31a87ae204d4a9f466c

SHA1
09155722f35fb26eeaa1a274f3ad7ddc07ffc800

SHA256
2be08e831355b0b4ac65ff5b6a2d9f5f03da015fe0025c9f7131413ba61bdd85

SHA512
157c08546efae99fd18c5b54d4d8812da78e959b217bffebdd298d74775f2cefc82f827ae79a6bd17c0ca8f98c144d7ef7238ac83c099a7c00d7c89eecdaed27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
907f907401f8b5810f89c5c9f94eb5af

SHA1
c97aec0114f5b4dce7b465d27e4f940c6f928516

SHA256
c83f1e5b3a30277be5c069492b07cc547b31c89b1abbfc566ff5d0081b63e112

SHA512
82e70908ca7ea335104a771b77cd118c9eac980da16564bbe55a0d9e51c2513bd0acee51c46ece58aeb6800b71c71936a23d4e6fcb4fe8f32c6b0e13b9e2e04b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
56091668fbd1c5ecdfeee61d24254bd8

SHA1
5667ea1650244b648262d49b75840d0d94d60a8f

SHA256
af64d6946a1a35313468a7d7559482584ee38ae534557f5221b5a684ece1f55a

SHA512
b71813af1096f2d788c26b5aadec334f649d543d1d9151327893341406c1569184b183ffd09836e83c9bec081c7ac5b585e35c106c067e8dd2e1ec55c0b21043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
e5259979b20c604b79446cb3478603ef

SHA1
88d8527a26be1093294015ae33ada0a2d88cc885

SHA256
8704249ad0b90cc4013302f3cecddd335bb87195290ed954404c4278a6a8654a

SHA512
4b4bb4a3f43ccd3a43da9c82e16def63ec6dc7d6c2c6de9a7ccb8e0ea6aafda888c6542e9c4ba960dc497fca0edafc76c3ed76e56780c3985c0e76677108c8a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
679677bd9de41f1e43729ad6e55f3cdc

SHA1
45c2198f13665d2f102a749cff377c25fdacfe4a

SHA256
9fab6f5e58b24cfea38076c65653fb3db69e568238a96733f305c678cbbbe119

SHA512
f817859ec072182e3a98c8b6f7e9c2c737ae00bfdecd162c73d83ab730333da31b2b925a9160e0d2e2757c35e4d1375167fef26d49298b8869529964439b9b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
091db37c188ed83b3af941208d64e7df

SHA1
739a3ec70654b2bdf6e1dc87fab4250b649baaf5

SHA256
1350c900d712bf6aa949c5034e9a7359f5ea7ca66e5e851b2f5e1fd3d42b30a0

SHA512
098743a1e904560618217ee24b902a18071e22b572f39302eb6333510db842a780610d2077268707c16fa01382636556c4ce1c198c98d70a98e2f6f1d24812da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
563bab39817fb18f3385e3e21611a86c

SHA1
8de4df959d9b9688c98372676f3a1dfb5721f260

SHA256
b7df1ca1180157d915a67af240df9f851e031e6eba7a97cfcb8c4ffe524eb953

SHA512
3ec680e047589ca1961bfcc920d572ed85f82205dabba455765ce6d7070291a0af3d96c017459dd68fe757a6b44777536aa92ff14fb6b7f5058a03bf4741b579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe570762.TMP

Filesize
48B

MD5
ee6a2abd35697facb9022f756c69f1ac

SHA1
47790339dc79f68583f6d8f29f8676d76ed525c0

SHA256
60134faf052166a06e4d60ed3bb4c5c9e25d1761d435043df838d55a6ec3ecb4

SHA512
87f738a8453cd3d5a8327cf613c8895f8083fd45a715307b42cba69fa6ae16e1175eea4b973b61459fe1e4d462a03cb56b9defd117e0e18566cb5d7405bae447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
661d2dae0ec1a976d64c848d8caab019

SHA1
caa6ab39353bfa174399311acc91f81e2f6914b0

SHA256
bafa8c329d889cf1ba49ac35a9ea63956f60e1088cff9b59050693da7c98ed45

SHA512
41d6d982723557f147d9fffcea5e8c80315805a0e79fc070a02d6f799722503d9135805b63874e07a4e4ce9d48dc0ffb027eef15808a9b7d4bffa0d2b6b54f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
04dd5e1ee2e8010661f82ea56bfeb8c3

SHA1
0286a90af25804e6bb73bb334a5b2ec5c0e9c2df

SHA256
d5125a3133146ffde075dbb5d7d452c2a2e222ec8d292b7d1b6a439431b481b4

SHA512
09984f6819cc174795c6028c2162f7a716d9553b1addd3bc01d561eee6edafdbba0f617af4bee56fb8f9e5b2bf7f11c6f9916849047f1e161c115372001eec6f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f233c42f9902cb1adc7da100b9d90e1d

SHA1
e5c21526b3aa7e0793e0a31e5e60084894e48a00

SHA256
ed7e67e988d4143036de87be711d4b15450717d77fb3cf8d5826b59f9550fa87

SHA512
97908d55f1a30832073926646985e017621ce90be8c0f04e2e4a8b8521adde05a8951294be8fc66a7ae717cc0fd2b0e404a8f7e23bf4d843dfba20a48f244207

Download Submit