d5c1974cd299e95b4918cbd4d8291c987193503e7077f1603f172266526279e6

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2023, 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SONY VEGAS PRO 14/Leer Programas Full.vbs
Size

282B
MD5

6dd2e63040d2a4a3c537ff68e18fd354
SHA1

897e6cd380607544e32291cac592c7cc74b55f20
SHA256

92c75c69e4ca093ee1e1fd3f80a503c3d199023f76601f212ee4ec668616c8ed
SHA512

179516ee3e7f0ecb4c5547201dff5b4709dc468e5aba09363e8a45445b8d5a5a16e20bdacf86a0c3eecd6d69026023053c1a0df92330a3cb41979460c0edeb93

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230630145539.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c91897d3-fbce-4d8f-9210-551ce54f87aa.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4904	msedge.exe
4904	msedge.exe
2016	identity_helper.exe
2016	identity_helper.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1396	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1396	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 4904	4352	WScript.exe	96
PID 4352 wrote to memory of 4904	4352	WScript.exe	96
PID 4904 wrote to memory of 928	4904	msedge.exe	97
PID 4904 wrote to memory of 928	4904	msedge.exe	97
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 3708	4904	msedge.exe	99
PID 4904 wrote to memory of 4076	4904	msedge.exe	98
PID 4904 wrote to memory of 4076	4904	msedge.exe	98
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100
PID 4904 wrote to memory of 3448	4904	msedge.exe	100

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SONY VEGAS PRO 14\Leer Programas Full.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://goo.gl/BxZldx
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff158346f8,0x7fff15834708,0x7fff15834718
    3⤵
    PID:928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
    3⤵
    PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
    3⤵
    PID:3448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
    3⤵
    PID:4660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
    3⤵
    PID:2924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
    3⤵
    PID:4784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
    3⤵
    PID:4208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3824 /prefetch:8
    3⤵
    PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
    3⤵
    PID:4536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
    3⤵
    PID:2292
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 /prefetch:8
    3⤵
    PID:3164
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6d86f5460,0x7ff6d86f5470,0x7ff6d86f5480
      4⤵
      PID:4468
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
    3⤵
    PID:3472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
    3⤵
    PID:4852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16759213039415964868,16924850627878853221,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5577898093952163e585fc1356275cf9

SHA1
d46e9241b7e8e0b97598907a260c3c6ad7229b6a

SHA256
275315a835f78d1d40d3425488d1ed277924ddf5200cfc9635bf24afdf083cf5

SHA512
00a66c6a214f0a35144217c7738a237e41e7b9b5f66ecf9a94baf487e2b90533070092eb6930247532a7907f5415cc842d51758d3a76a48568f476ef30f1cb01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b092647394f1376f80bf2d4e8797d7b5

SHA1
1809389720e213a4733352f838cd1f16bd20d3db

SHA256
fa55709e752681e7d9f38d74a3376c06d31bd333fbf94f7aca17468f9d8fc85b

SHA512
9d70333ced82fa5ffcff47d6a25b3051916e8f5a069450dd86676315a15a94fd131a0d7973f19562e4807589249213dbf64ac374cd688e1ea17dd190f8e3761e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
eb76c0a4808bb1b03bae0a227eff33bb

SHA1
0a6e283d43c751c8cbe181450111e671f19a8ec8

SHA256
5cb82afd4ad4aea5cec1604fa5bf5dd9cabcdef40ce6070471bda46f0bd40437

SHA512
bf3b03e9721b18788f405ec564b92ef9edafdb09f167fce4fcd72bedcd643792d28a5f184a2c0e3ee77c82756d0a780f39f3e31baaaff9d2d2da2a2a0a15d85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5723a5.TMP

Filesize
48B

MD5
13859a6a6b565d18f362fbd762305f29

SHA1
b8f137fa3e4f1b234306fa7a9533d7450e58ff73

SHA256
9b8fef827b32361ece65d71239272d41967fa15d957bcb10b82a87f0032ca2ce

SHA512
557aac840fe921dd488591507ac43d9d93279f1bcb84e8e06121df6cc6802b03629f60543c94d1ff221d0597a2e418cf6876afe190b76c85983b0ef850377f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
d1bf44f07dd4ab211096725c7e48fd7b

SHA1
def01d9cd582a92a683c9b9ad47a73fb8b8806ea

SHA256
9d405d782f8317e80fddf5fa95360fceb3156e977ff0b937c3774724f23646ef

SHA512
ab2e0c7eb8d99525fb1f11929472ded094739790b2c96edab182cde54a4b7131d6e93095b64111575a5ee432545385c94b62388626d491e8157a556a0bab1859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ac4ef13178144af095b4c82013668fe1

SHA1
69aa61ac171a44bcfe9a84a20fc5b44971ede991

SHA256
593b698a3ef6289ed4766a1dbd608e27a5dd548ee890b1d610545a47f93e64d9

SHA512
386d1a2cb2e69a9771576bad088645e8884173ed8867977b00f94e23b9bce71b6bf60806f960a9d860cce711530066fbdaebcd73b9816ef7a44f1cb999d02c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
48e6b226f8aa25a948fd335d23deef2e

SHA1
9db0988de0525d5b01efd26bcc9e166571b70fcf

SHA256
292e0d2ba1f20f6a2dc8166d9e21d6478fe087fc5edc74ac94a80e46b282ed57

SHA512
fb9f582beb40e7b6eb01dea10b70b67ee680483aa728f63435a558d5362b6bc1a16b0087339f1dd6863cc6642c87a11f8ebc2166cc1f9f5dabbb0fb277c24e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a502f901ede38c63fe6ad0b2c80d689c

SHA1
4ca13aaac771df74b7dd306081127fe152072846

SHA256
60b13ed1bfc0adda8ce61121c709b977647ce0d44a99a4b31378a79931687efc

SHA512
3dc8f2a367b1089df4fa013005ecbfd5b1e37c21cef736c7add1d93dfa4693f3e2814ae995719858a1855809b4a240c81ed09c2789e829cc458d68e25c00e6e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31ecd7eb97bf759b8137ccb1c32181fc

SHA1
98fec2e439041d30ffa32ba0a8580b38b25f9bc7

SHA256
ecfdf9ac23e9512f67f7db811475621917e0786580f328ad712c0a3b7a469031

SHA512
512d68824ac9f8169c93c31fd0953d57db36a18a74b46052681052c3dc22a66cfe95c6be48b7363f549d29b34ca4ef0e149b27f77bf551d7b91ad97bab8405b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
aefc5ee3f7d446e4f589d384871089fa

SHA1
f473772b9fad6deed5ac5ab67e21e80a32beea15

SHA256
cafbd5930c58521f476407f52bc923d7ad33b37e5dbff9be9b1d6b28249d0ad8

SHA512
697ff96fe24ee7016dcfead1ed557b89f2123306749939ac0bf8bc09eae97fbb040314d59991482dad192006a278343cd1176cecdd79a0cb98138611e81bb02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
bfb396f724d87b5dc03bf360219fa3b0

SHA1
5c110515ef78880ca230a1d418b6ee92a3565e4d

SHA256
4a0f5896f8b14c1d99f37e76192d6d84c433000d50a7b5ec831d1ebecfbf2264

SHA512
8bdc70b2413a4e8ddc1b72fe4628106f76e7a5246c113575aca817ff6dce051f945016eac9e8bf342716c1a0862a737c015cc933c13e44a013555ddfff6f527f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7e301d2d-dcd5-4800-8dfa-6024f22b8585\index-dir\the-real-index

Filesize
624B

MD5
7d12dd8ada49e05931307f828a6154f8

SHA1
6dfbac700112e32125548988f5857e470134531c

SHA256
5cdc5183e2e909c1b03d823253394fff4861da8071ed19ec14fefbbe6137e828

SHA512
5894bdc8c82a0fee5c72392cf7b27c47b6fcc7c7713f95feb4061b7205b56cccab263d7f534909919b93a13bb4e63e397b6095ed3ad9956f67d6b6464b32b764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7e301d2d-dcd5-4800-8dfa-6024f22b8585\index-dir\the-real-index~RFe5725f7.TMP

Filesize
48B

MD5
e577f85764f799b80bbf0d5eb1dd2278

SHA1
945ddcadabc7b29a0734f21d7bc962e832de318e

SHA256
84ff46ef9e17e51919289db402b9ea7b9b692a04b737afeab83f848187d7b8fb

SHA512
c1811d7fc1e662ff9dc2113afd3e21a0f2f16db70dd555736be2b71e23cff46f6e2488980962a1002e619ab079ef26da2de0468671dc73ac83c145b957a0364e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
99B

MD5
6373cc807389d895e4e41f2494b95f1c

SHA1
0f83a782f287f4aa940aa96325f90abfafa0600f

SHA256
791467bb541131ce521c67899fce95ea28b095968877c29b9525b9905df2e418

SHA512
9e9c0d763b326356237019f5e7eb21370e21a39a9861fa9085df646f1461f2d2ba1b7c225bf6366a44bff88c2aaf22eaa9e5d1b1e3e860b6f9c355cf7a0dd07f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
95B

MD5
b91ecc0e8e1178be493a45fa50a9f36f

SHA1
d7899ebcb457a52fa112bfedbf4e2d59492b2d48

SHA256
17ef7d6834491aae33f396fa0c04377c900b45f14b3ebb272d5cf67d156fbcef

SHA512
5e5b7de3e2030adb310a7872ec45724fa6930646dd9960083dcbe9312c8cedaf9752e88805666ecdf0cbfd6e5abfa730644da6aac343b27c6a2249300761bc02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56c420.TMP

Filesize
90B

MD5
3c3282f54099083c17a131e079aa0f45

SHA1
ec20d04db699e8b9c4e68cd36f594c33245b3199

SHA256
183e53d99067a466b35a5553ad793e7f0aac46bfa9f317375cd417ae5985351e

SHA512
9eb950a49890a83c4a185760aaabbfeef98e118ba4775f8e6d53fbabd70d6ab4d197f14c2cc409572115d93c56a7b9031f41fe1a0e466e8248f0164e0f0fe530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f4840d7b6fb68ad66a1422815875ef92

SHA1
abc6c0b754898a847f61ad60ed98cf88a5d2a1c6

SHA256
2e1eb2171608a700e429fcf2dce4aebb87d03c7cd2e836c544dd555090f4b0ab

SHA512
c1eecfb147917383e035f1cb0b3a493833a8d60b8df27aadfab46ffc45253ce88ceeaff7964316fd54fa739edb7862123380d930f6731d38172c134562862cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe571741.TMP

Filesize
48B

MD5
4e6bc20ff980350bfece60b2046d7d7e

SHA1
b49dfd9aa82ff5f805a04c27e7836f62952dc75a

SHA256
433b3c0aae7321d127f9a242828a632bbb2a7984c30b29c9c341c5959e1e239c

SHA512
63d7fe3fac2209fa76a5d168fda3c44c7351add4c376fa708660beda8576b70ae55e68fd412e6f0b684e93e739a82823665b7c91e79980719523d37d96746ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
a185ab9f49ed211558f997539998549f

SHA1
e0ac37d661fec834273c43b395cd0f7224037c8d

SHA256
70150107d1662e79bf18bcf2c09e50213d805dcdca29695492ce8a3414cb41cb

SHA512
772458e80c7e9aa9522800ffe033ff0b0e6c55f176a6a1f668856e3291107a2d6f60c4d79143740c81fa080d6be122dc35aab171019b6cef3a17d125b224bd22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
f986b58d492167ae5597781d42b0a55d

SHA1
cc057f573cf2a6ca4e8ee7aaa086a00b3208bf2d

SHA256
49ea04204729526ff822e26f8d74ab28de982220b91d2096dbb19db2ecec869f

SHA512
9e463a30b1922b5378415de51aa9cd9b5536018c07c76a5f9d6003a9c704ab8410ce503388916c61b6bfa95cbee126d7cc6aae7d741197867078c94818eb9275

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
715807976a102a072ad73f5c08848066

SHA1
19cd08de1ea984f86abd002dd6c2cad82b787331

SHA256
c8286a90cf14f4aba7fda5396f76c2ea3191e65bf03b0ebaaab61f30a0491046

SHA512
f0e403c62008113486ddd02fa148449c70796b3b65d27a641cc8ac4fcc9641bdb9254d07497a0b0faaf50256198629c214524449814bb5b9a0e91c0cd01fd446

Download Submit