0fd4dbac52375aca25608b5a4e82c929db4af1b0860e3102122350843fe79bf6

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
26-08-2023 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ransomware-Maker.cs.exe
Size

257KB
MD5

f9dd0829aab3557f52ac4c2588385ef3
SHA1

529058e44cdc6d19f89380a489315b30d2457885
SHA256

f45366f0d3f29505ed12b87b89b2a2c7684a121b66a1ffe93379b23ccb81198f
SHA512

6ac98baaa23de2c4ad2fa0c4bcca7c8a6ddb0e93049f993f9ca41141a6b1ddcf16d9c3fc6522637169ef04e72368d665978a06b33c02b8bfc01cb9dfe8ddbc54
SSDEEP

6144:uszAXNK+3FZr1QziWK5sFbXkzWdb3hMYLdAcr3j:uLXFxsF7kzYbxDLyI

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 261078.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
4872	identity_helper.exe
4872	identity_helper.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 800	4060	Ransomware-Maker.cs.exe	86
PID 4060 wrote to memory of 800	4060	Ransomware-Maker.cs.exe	86
PID 800 wrote to memory of 3528	800	msedge.exe	87
PID 800 wrote to memory of 3528	800	msedge.exe	87
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 4216	800	msedge.exe	88
PID 800 wrote to memory of 1484	800	msedge.exe	89
PID 800 wrote to memory of 1484	800	msedge.exe	89
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90
PID 800 wrote to memory of 4932	800	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\Ransomware-Maker.cs.exe
"C:\Users\Admin\AppData\Local\Temp\Ransomware-Maker.cs.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.21&gui=true
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9021446f8,0x7ff902144708,0x7ff902144718
    3⤵
    PID:3528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
    3⤵
    PID:4216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
    3⤵
    PID:4932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:3340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
    3⤵
    PID:4652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
    3⤵
    PID:3348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5272 /prefetch:8
    3⤵
    PID:3268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3988 /prefetch:8
    3⤵
    PID:2948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
    3⤵
    PID:3192
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
    3⤵
    PID:3568
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
    3⤵
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
    3⤵
    PID:1596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
    3⤵
    PID:4164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
    3⤵
    PID:2800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15556540343001824804,13313107341638690398,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70e2e6954b953053c0c4f3b6e6ad9330

SHA1
cb61ba67b3bffa1d833bb85cc9547669ec46f62f

SHA256
f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4

SHA512
eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
847fbffccefcb429c79b65f2fd131144

SHA1
3239dc40bfcfd4d802565153633abed5827bc6a3

SHA256
bf1acd7d508ca9a747ec839f20334e99c1ac9241dd111a943e8692e4d3ed38ef

SHA512
fd1bedbadd7af8460ddc8fdb4fe3b549048fd401ac0d7897540dc52423e1677a73c8ac66d2ce2012105fb2dc16c973878fd4b203adb520ef40618938da6072e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1002B

MD5
a318d6e2df483e040dd198324973afcd

SHA1
69a56c323ee3c4cb22742df766759bb60051c6b8

SHA256
33775ba816a2f4e264d8e3565799fd3e75b3fd7cc6ecac9a2287588fc7816684

SHA512
7c7f6952ba41f6b57124511f8a247010ce363ab4016b5cfb946b644d9e97fffa6c38c955a94ee43be16383aefe88cd77da4c9e63a5b49216c3df59f1bbc6dd4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
902B

MD5
0d1d5f35689b0347febc5e0bb0c3097d

SHA1
4a1c33e39db86ba28b5c6717c9de48f73f771dd2

SHA256
bc29ea628647641a14805c53f29795a8ee96ceb5ce0661d5b9fb4858689750e7

SHA512
d2acc4eb60d2799c265c80c2a087a14dc82f9646b5be2b16d4f37bdbdb20ba134c8146914537fff5beb098581c9875cedb199f449ebc18cc9694ced57e8166da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
66b406d641f7d78dc4a74338bd934549

SHA1
61dadb77cc0d8a6707fad7e78e2ff2c893c90faf

SHA256
69ed1f72b94bc16d0fbe50b00f26684434f737c32c1cd54d4d4647674d8b16cd

SHA512
347528070797c47054cbaf67116665fefee08f31fdc6acae34f27bd9b156c157c6cd8797a3ad2268a2a4dbac6db57033e49925f397488e0646f2d70425a673a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e6402a91211cf4448b3546efb379565d

SHA1
4fddc39aaa60ad5579f085aadc5e5f1eb611e65c

SHA256
2b7d86735bcf21169bbcf967f4330ea5e4c5b8cfea39f72e0d8fc46ca52aa184

SHA512
bc21ba288f0f5d9e55f572e2f5336b37200fa46cfb26c2c7b29386a7b52372ec4aa3ab116b7cd8300e148c33aeb5482b1b20ed0a061e08d15ef8527f9a8bc042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5a478f1e08816969e8214f982850b754

SHA1
1cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c

SHA256
665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489

SHA512
7e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
12952101dd5624c59d74f27331f1f9f9

SHA1
2ca65e54669d6edd894fbafeef01b9f714e16ca4

SHA256
54043f15fcaa384924dcd525289fc49e7f600ff01a74f48cef650092f137fc3c

SHA512
dda0a9e9b2a2c4345114c93e123b89c0483fad28d43b1015bc3944cc4280bdad5e92d61021357b6445f2217673c7f1a83fb502b08b8c406f37e04fb12b77e576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
ed0d6b7d755c679be91761317a4e3935

SHA1
38161112b5fd257a7b5de5fbe1f435f5c89e150a

SHA256
aef899a50915025680a46a8f9bd73a16f8a601d2c6d6ee3bcafd6180ea20745e

SHA512
b989f681f51e0ce784d4ba4ab4165aafbb0e32118d9dbe1fd44d32367670b125a4aa4d112e5e40609950e535f4163addd00202a1b6de9c6cc5c927892df30b82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590797.TMP

Filesize
539B

MD5
f7993b80bb1069e9d9242586e74fbce6

SHA1
2761731cfff41bf6a4f05c0e968ae32674eeb952

SHA256
0543efdd4c9dcdf5a76a248c119275ab1d4256bed67fe022863c62c07db168ae

SHA512
3752d1aad29d885a661b0df1ea7a35b576c5bcac4edc346f88ced35965217a9e0d4a88fa82e5d4fc7cfe59d5142017f3949fd8a208b7db2bc3b7643b089d301f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e92551eacab2b6850dff11e949e9d116

SHA1
080268678382da28eca3978f9270af0944683c6d

SHA256
f0e490ce62908ed2af73b04803f3306f9538d9f5cf47bcc341169138c07aac2a

SHA512
3c56de5a794e9d027c25cbbe3c3dda4560c838e0f892eaf0d1ed60871090e518ee8620dff0441aceadacaa60b358860b2569aa4517ba564dbe5080b84dbe4957

Download Submit