21865e98bd360a8f484042df2c6ca7514d20b39d8eaedcdff2a22751c087da45

Analysis

max time kernel
122s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2023, 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aseprite/Aseprite.exe
Size

18.4MB
MD5

68ee41e46f25b59c660dd16ccbb83250
SHA1

7654180a1b09a46bd39cf3c7b16603ff7d29e7a8
SHA256

4041bdabcd9cc0c1c9c4ec81346e0a9f89f7be30b73a40367b3ae81e190ab01d
SHA512

06c3b86bdebd70f8a975c954d836266ea1c0bfbaccf4912b1d0be8b27f03d71ac1f909cbffc686bb037bb79faffe91f2e6ec9ca43214fefaa6bf2bc7e4bd6079
SSDEEP

196608:/KByHGwgQjQSxTUm/sQi6tfSEeNl468+aYF/VCXJUxqKU:eyHtLJxTUm/sQi6tfSEW4h+a4/VCWqKU

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6b4992cc-4830-4b5c-8d3f-51b150dbffb6.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230629204025.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
5108	msedge.exe
5108	msedge.exe
4896	identity_helper.exe
4896	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of FindShellTrayWindow 15 IoCs

pid	Process
1528	Aseprite.exe
1528	Aseprite.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 1880	1528	Aseprite.exe	83
PID 1528 wrote to memory of 1880	1528	Aseprite.exe	83
PID 1528 wrote to memory of 5108	1528	Aseprite.exe	91
PID 1528 wrote to memory of 5108	1528	Aseprite.exe	91
PID 5108 wrote to memory of 2012	5108	msedge.exe	93
PID 5108 wrote to memory of 2012	5108	msedge.exe	93
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 3632	5108	msedge.exe	94
PID 5108 wrote to memory of 64	5108	msedge.exe	95
PID 5108 wrote to memory of 64	5108	msedge.exe	95
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96
PID 5108 wrote to memory of 4228	5108	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\Aseprite\Aseprite.exe
"C:\Users\Admin\AppData\Local\Temp\Aseprite\Aseprite.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Users\Admin\AppData\Local\Temp\Aseprite\aseprite_crashpad_handler.exe
  C:\Users\Admin\AppData\Local\Temp\Aseprite\aseprite_crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Roaming\Aseprite\crashdb --metrics-dir=C:\Users\Admin\AppData\Roaming\Aseprite\crashdb --url=https://o952035.ingest.sentry.io:443/api/5901269/minidump/?sentry_client=sentry.native/0.6.1&sentry_key=c5ddc970388d4c0a94db6e5d50d384ed --attachment=C:\Users\Admin\AppData\Roaming\Aseprite\crashdb\bc4328c4-1a68-4fc5-c1f8-85e3d8197f47.run\__sentry-event --attachment=C:\Users\Admin\AppData\Roaming\Aseprite\crashdb\bc4328c4-1a68-4fc5-c1f8-85e3d8197f47.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Roaming\Aseprite\crashdb\bc4328c4-1a68-4fc5-c1f8-85e3d8197f47.run\__sentry-breadcrumb2 --initial-client-data=0x32c,0x330,0x334,0x308,0x338,0x7ff68fb94890,0x7ff68fb948b0,0x7ff68fb948c8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://blog.aseprite.org/2023/03/01/aseprite-v13-rc1/
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa64cc46f8,0x7ffa64cc4708,0x7ffa64cc4718
    3⤵
    PID:2012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6430636011659240431,13532499790855800599,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
    3⤵
    PID:3632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,6430636011659240431,13532499790855800599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:64
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,6430636011659240431,13532499790855800599,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
    3⤵
    PID:4228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6430636011659240431,13532499790855800599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
    3⤵
    PID:4916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6430636011659240431,13532499790855800599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
    3⤵
    PID:4952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6430636011659240431,13532499790855800599,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
    3⤵
    PID:208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6430636011659240431,13532499790855800599,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
    3⤵
    PID:4360
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6430636011659240431,13532499790855800599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
    3⤵
    PID:3424
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:4580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6e1bc5460,0x7ff6e1bc5470,0x7ff6e1bc5480
      4⤵
      PID:1708
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6430636011659240431,13532499790855800599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6430636011659240431,13532499790855800599,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
    3⤵
    PID:1352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6430636011659240431,13532499790855800599,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
    3⤵
    PID:3784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,6430636011659240431,13532499790855800599,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5948 /prefetch:8
    3⤵
    PID:5852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\780e3db1-a1aa-4c47-8cc7-b6ec34496681.tmp

Filesize
13KB

MD5
1151afa6bf77f9a853dbf590383f4d6c

SHA1
2e917bfe2d664519b518f0ea1b43b5689fd54cd7

SHA256
7b8ca4d8a49422caa59ab147f1af5effb50692b33f831bab1f8e61ca57b685dc

SHA512
e5935a6b2be94c61f1e8ff7de0f0805b5d91cd86ddbaa484c3a0b503857ea7697cec5611edcdb05b7ac82c35047a3ba14159defdd5400758390e386ef41aaf41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ed9cfbe2b6990431cadc59eee86c6000

SHA1
cb656fb2480b9f2869949be67cbd662d635bf5fe

SHA256
3b7a8f91da1d21e3a6967f49eab6e6e2c187b12c5fe06669ed3d0f9068128f69

SHA512
32b4181083628ed6d5d18ca56c6b79ff8685d8f18cc598f96b64a9070bccf4d466e79b3c5a56d03c265ea303bcc0b76dc1992d725303b0126667b8b93cd87d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e479233da77016935baabcddd19fdd3d

SHA1
d09799ad7a9cb76c66dbdcb02a2824676d676b0c

SHA256
3a2196aa6d57fe0af58a13f3a73bc8e65b9a118863d7ed26beaf6616128f8575

SHA512
9e5a63eecf7aa6ded9f02be9bec7a561c092ca7e33c1ecb722bb5763719a0adff9976d75ac1e1b8a634656147b304ae9451bcf4bd417550e8081e5d57e22c33c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
592b591378c84ea7fc4145792f4b3a30

SHA1
01e990db4cbf1eb15de984e8fbcd4620564a48a6

SHA256
2e04517ff9f03f5882a04c8d3b4e1a1e2e38613c89d18beab1b74da3ce07e126

SHA512
84e420f0935c6813fdd63eacba70f080587abec5a54db4e43c0fcb35bffbf5285164a1b52e54094bbf440722ad26c061862c138d97d515905b01d8439fc7f36d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57804c.TMP

Filesize
48B

MD5
7aa9d896f60f2a775924c9c9071e497a

SHA1
972f1d345f85dad5c6d19abc18e43b72aaddb0c7

SHA256
0179617d4612da8d8109349921e19fcb310c75645778b2339315f7a15475c4ee

SHA512
1a3d882639b799d9c2cbb968deb60fd90321c2b8fdb07df27d8285c12b7b980094e76fef6c658e702e4016c732f7e208b01c1ca14c1f77a44c0588c024747755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
710dd3915bda6fd0e22d8f0849cc6d8e

SHA1
ef481947b03b96807e942b2b492ad2b14ed47dd9

SHA256
2300e511f91ead24779bcd110f61bccef28ddbc14acbb5a3f298739c61a8bfb5

SHA512
838f74ce0937a44b3549c30bc3dc748d6110cbe5e52d78dcbd3096674fe2707e252bcd1c81360e3a90d83ecf4dbe03080805a5ddf306e9cf87bed9d9943e29b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
644B

MD5
e22b803a4c6c574eb1cd12e3b695743f

SHA1
90de3f0631d8cbba3d49c962a70864e76e067f0a

SHA256
443ed1a014d19e1b6b224c2c7b069b87920c1b0629fe16e1f80acce9b22032e5

SHA512
5a88a871b7fdc06e8e39e51db5cb79e3eebc1e5d54d82ea48f7b4d5ab0ae5637edb1a331da7933954ce3e46d1a1dd3e768f85d26d82b57824a76097ceeaa396c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
04789e6b6cea2f1f5bd5f57883c325bc

SHA1
2cdd2285028f7517a720a8225f9c49afd20eafef

SHA256
9c26d03abbb8d4577ed81c9e0a70b3ec05bcb3bb36acc639d4a506948d8b2c4f

SHA512
56f37cb566fb7860766e670ba1e14fa04aa1ade2a23c56e1cbf29ac4cf487c31e4b64c0810cb01cd82d3025f68798fc6863cdf15691978146638fe25f0a36f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3aa73e53c0854b5470dc9cf3a1af47c5

SHA1
aeca2d4b226ad3e446cfd489368bc88ba16cb970

SHA256
d0f52233c4a705b8120572267d77e158b133fddde352c084c1f1007675f38605

SHA512
afb44754cc2f9e3b727157ff0b6e0ba7caa6741c95aae4be40edbbcc4c80249bce1e6a176b1c3ad2a1d6c65db6c6e3426b3a75afebc410f9bc5f28774439b2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
69e28279e0c592ff4e276d96769050ae

SHA1
3a4217e387af7f09a3041c241e92655c62b27cc8

SHA256
c7a587c6041aa63f1c948b0e9b2926a4f701c2cef70dab7a829f67680399b180

SHA512
005b8d2555cd2114c9dd773eef1e0400d1ff17a1895bb25ff0d394bde7a07220abef232726486110dac0b582449e48faf843c0995631533654bde3ae785c2727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e09344363c240402deeda8c649f66158

SHA1
26c44802a6378da52ffacc0d259f26ac894f8412

SHA256
a6244c0943742cadb41bd8d5c8f2cf34890f0eb8bc601cf1b2ffd9c3c7915866

SHA512
940b44b54d93742ca31df6430ae10e5d7411de7a9f47dfedab82abfc0f0bb1b66cd50b5721b95d74ececc935c1fdee1b1f2b13842f86565a2111084a58e62751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f2f2a4c4366fe040ef208df6d0385d7

SHA1
2cca5ea40bc0155af1f30aa5b8170c474a0ac954

SHA256
7e9de37c5fd204cffc1328e7b59a4f50515b5555bf58c650f951264e364b523f

SHA512
aaadcbd50b33773578715e0fe935737a8cbcc773e450dcd8385315558fd276f4a6d475dd612ca9a5920592fbb4ad7d27a3f563bc7200db871eb8ec54fa3b4533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c7e3ef66babd460268e7ff8846ad5392

SHA1
1f1df8f52b64d8faf6e7408e37b427828ffa1bc0

SHA256
18adc63cb792f32e070a5ed545bb177e7b8f76d51b877418f487275bc5173941

SHA512
8f768d6190236946db40e647c05c1cc52249c20cd6b3490f2d5114ffe86a542a3e2f27612e6c0486234af8235c7f7f709de37023e5b65503fa97ddc7ac251aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f1e05306f1cdc82fba51a674a801a193

SHA1
819e8799911cd6aebacd0d90ce28538e5c4edd5c

SHA256
f78d41f65b348543bbc3b8b64e1723fce63adcfcdf9fb8eb015bb1a70ef01813

SHA512
8a46e69ba3c5d81ed63c91b41e28a7941ae878fbb5117d9902484c519e096aab3943c8e5e635b5e5ba8f36e90328559ecbab36e450d754261c1e94073f2fc74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
51546be1470fb4c55bccd1bd1882f9cc

SHA1
1ce96e8f621539214b01cbc973f031eeb257bb10

SHA256
0a839a530a3568332f9579ce00726a554c344d84c9716ce8c5c13b759cbc0a48

SHA512
25ae3c05d20273c2289d3d9166a1f3460675befc8a9e1727fb291b03508f9d6133e6e85dcfc295192d8222601cb94d3dc9c0d9d6e15e26e3f2a7d215d13cb252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
89439cd2643f1eeaabf7f3b28a9d004f

SHA1
919721505499b97cc146b02ab3bf0c9562c7a5d9

SHA256
066eedca5093783ebf848021e29c06b951958f786b45858621afddcfb5e8ef91

SHA512
f837c02015cf974d10fd15a8c20467f49aa1d47ebe2ede1443b00971174c976d4337d0756e595c0b842b0a97873c0f7c3faff9fd5439401c487b3aecc3eff7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579700.TMP

Filesize
203B

MD5
1ed35f8b62df7b027780f861e9c5f4a9

SHA1
538ee3054dcdbd12fea6caee59025597421cffbd

SHA256
9e4c5e749f8e211a123d2e92cf09f7ad8e781854be688ebd367b1706c34ab17f

SHA512
e4b336dcc9eacdc3a7c27943605eed060b99da4e6f8d90579376a751c64e86c7903856ddbeb694f257f4c53656165b7b5ab02cb99356245430678b5414f9eedd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4658ee76faacd44216ebb53dfd71d120

SHA1
ebf95d449d73cb5026d4b3d37ffce5a091ca5926

SHA256
8064548194c0a818d9ff99e216286880ecc6ff6383dc921479e3681134f90f66

SHA512
5b0346517269071b4ce8e0f9bb2dd2824ddbaa092a0c5caf5fee720f4b7d7e7b710a9a96aba4e414e61410b3ed21f86e3b1fef8373fb238b477332c6b93e111e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
7cb8ad250210af15684148d692e1c516

SHA1
6d23e878a89e5af58d1821e80cb5231fa69c65fd

SHA256
e6515596b12c5632ef937a18ff75352e934c45dfea30ecf220e60b26f3ad6eb4

SHA512
26dc93d97c07162d7d9d968ebf97c7f13f8ad7a1e03dcb7c002e7bdcc5b9b94f10fe9a98e39f61dd9074283d4c0f2ca743ac53c611fd7dc652b2b890d1112518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
28b04513cd105ca651362672bec030dc

SHA1
944ec68cbde675f6f9cce2be2901d2c003f4de1b

SHA256
5da595eb2a3af7ea83aa1b6968e0751a59d130b374b38d927e42cee2ceb49f81

SHA512
977998dbbdeadf3212e700079e7df308ffe720ff4c1c2ca1ddb903817998a1e2bc7f6e3c260a3e581be9faf271fbb2950b6f364d8a46fed498af6df1fc1965a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
03609f43fb994dcebd17eb9712916da2

SHA1
535260c85eb312948b973627503e8b894ad831bf

SHA256
163b793e347fb02b65dc810e856559cf854087ecc8ab28569076316ee05fe1a7

SHA512
a8340d22bfd963f6910adaedbffafa6c7ed4b4ef9fdbf8bf9bdedca76aaf1b832a46876da4079d20114963af191cc2f792f164d725a72e9c633dd05343cde7b5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
3f193b49a5c08c18d56376c12a4fbb3d

SHA1
e08406a800d6483e16c0e74b276c678517433d48

SHA256
01d82faeec681197cf6c7a79631dcf9408e0eb0e0f43711a2715ac2322bef5fe

SHA512
bb4616e02e4ece051c9029754a4c25cc999cc346e9725826c2ed25c9692bc4b876d8b1663cbfe2092e83e9eebe03f11ac76e3cf4a98cd7d0cf2a0328d5166c6b

Download Submit