0fb2d53896a33b1df7e125855bb7debf11dd52b4c7a014f332cd0d54d8daf444

Analysis

max time kernel
197s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 21:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2536-47-0x0000000000240000-0x0000000000270000-memory.exe
Size

192KB
MD5

09f9c34323a002829c4f34a57c00ee72
SHA1

e1ac0f54c7437e017364cc3aae0e0737f8d82235
SHA256

0fb2d53896a33b1df7e125855bb7debf11dd52b4c7a014f332cd0d54d8daf444
SHA512

dca53a652a0e2cd6974f9502603e5bd6c384aca4638d07cdf0c9a6f35748d6514e08214e265edec670cfaa56b7bde561049d2bf6efc4d755ef84ccb34bf70f81
SSDEEP

3072:8wbwJp8A/xdimI06X7vV6OPEsUc/W0E0ilHPgM1J48e8h3:8WzAmmI0k7vVe0E0YIM1W

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
800	msedge.exe
800	msedge.exe
4332	identity_helper.exe
4332	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 800	4124	2536-47-0x0000000000240000-0x0000000000270000-memory.exe	87
PID 4124 wrote to memory of 800	4124	2536-47-0x0000000000240000-0x0000000000270000-memory.exe	87
PID 800 wrote to memory of 1780	800	msedge.exe	88
PID 800 wrote to memory of 1780	800	msedge.exe	88
PID 4124 wrote to memory of 3720	4124	2536-47-0x0000000000240000-0x0000000000270000-memory.exe	89
PID 4124 wrote to memory of 3720	4124	2536-47-0x0000000000240000-0x0000000000270000-memory.exe	89
PID 3720 wrote to memory of 3972	3720	msedge.exe	90
PID 3720 wrote to memory of 3972	3720	msedge.exe	90
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 2784	800	msedge.exe	92
PID 800 wrote to memory of 4484	800	msedge.exe	91
PID 800 wrote to memory of 4484	800	msedge.exe	91
PID 800 wrote to memory of 4968	800	msedge.exe	93
PID 800 wrote to memory of 4968	800	msedge.exe	93
PID 800 wrote to memory of 4968	800	msedge.exe	93
PID 800 wrote to memory of 4968	800	msedge.exe	93
PID 800 wrote to memory of 4968	800	msedge.exe	93
PID 800 wrote to memory of 4968	800	msedge.exe	93
PID 800 wrote to memory of 4968	800	msedge.exe	93
PID 800 wrote to memory of 4968	800	msedge.exe	93
PID 800 wrote to memory of 4968	800	msedge.exe	93
PID 800 wrote to memory of 4968	800	msedge.exe	93
PID 800 wrote to memory of 4968	800	msedge.exe	93
PID 800 wrote to memory of 4968	800	msedge.exe	93
PID 800 wrote to memory of 4968	800	msedge.exe	93
PID 800 wrote to memory of 4968	800	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\2536-47-0x0000000000240000-0x0000000000270000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\2536-47-0x0000000000240000-0x0000000000270000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=2536-47-0x0000000000240000-0x0000000000270000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xc0,0x108,0x7ff89f5746f8,0x7ff89f574708,0x7ff89f574718
    3⤵
    PID:1780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:2784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
    3⤵
    PID:4968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
    3⤵
    PID:4616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
    3⤵
    PID:2888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
    3⤵
    PID:3148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
    3⤵
    PID:3060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
    3⤵
    PID:3668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
    3⤵
    PID:3528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
    3⤵
    PID:984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
    3⤵
    PID:4448
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
    3⤵
    PID:3096
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9575001132428226439,10814781898987056066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=2536-47-0x0000000000240000-0x0000000000270000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff89f5746f8,0x7ff89f574708,0x7ff89f574718
    3⤵
    PID:3972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13596843088342132020,16576397815951757581,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
    3⤵
    PID:2144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13596843088342132020,16576397815951757581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2616 /prefetch:3
    3⤵
    PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
346B

MD5
172a03f1e073cbc347cb5102d038fa13

SHA1
83a95a02491a4b046ea79fd04ccf6c5c24b29d60

SHA256
b8193a8bbd8d5c6b71977d040537ea555fc414cb3f7c2d4166e9bd3ac1ef4e89

SHA512
2a47a09a51fbf77f8b2bcc2d3e46db628d45ebabb9bb4033965b3409810e9a6c55c1008a62bfab5d3ca2a64d8b67f5c726f3682da0132738065c14ff77c1f5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
84cb033a6100143e77ead9fd67ba6907

SHA1
0e460f56565a3e4ecc0a854b5f70bb794d404fbb

SHA256
d90a1a49458e555f35356f7159bf3d32203df9153c3f5f807cfc2f5bf34b607f

SHA512
c9113d7e9fc23bb94809fdcd4c8e02f24f26e93dd6df1125aba240d4370730cbc2394382a3863b42402c5c5f6a5e015b76ffb9d3c91855a8d340f368173a0e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d5dc93cd380927209b758f1e2fa68cd2

SHA1
8d15cf996dabbe937945f49b0b3e9887d6a57868

SHA256
9bb056b4a4b2078849d250a75c9fc32bef97fb543575899430cb94d16eeaf646

SHA512
fb92b387273343030055103834b751ad1f104e343309e3a12951fe6c85c470fe1f84655cd92d9fb4108a94e46face47392a541deb9f261d1fcb29901240520d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f09ddc97f7ec99c41c5d3d1ee0951d4

SHA1
9c3a19fa835b7675534452e09606d526fa14d2f2

SHA256
22cabbf4f99c484bb3b1c0002ecc1934f7b34d20e2486d19c5a762e0e66f02c8

SHA512
360f75fececa95b24712fb4045fee397e8d32abf8355f866a03c241120bcb6947514899dfaf9e2691797c51cc002df17f93741bf088ead681181170692adb9bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6dcb90ba1ba8e06c1d4f27ec78f6911a

SHA1
71e7834c7952aeb9f1aa6eb88e1959a1ae4985d9

SHA256
30d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416

SHA512
dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
bca3ba225e57f32bba49beaced91ada0

SHA1
8e4f27dea71df0f1961e71d3e75c30794bed72c8

SHA256
2c354e445f9588145753dfcb31b7e10f2b01aad69c80dce14e3197ed0eb1190d

SHA512
44aeddb6b8818b786fe99ada723f1f0cee422133390106c244f579e72b86a7c5ee8d06beaa06ee50ea75650c40a1f4a47951a26e531a8c6dbd292a2a69ca1ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a416f.TMP

Filesize
203B

MD5
3eeb7b36cbe647c20b3089d2eb663d7b

SHA1
8758cb91c660591a7fb38c2ca32153f85a59d107

SHA256
ea754e88a59d7cdbd4c39b40e70424c129cc5758d6633b1674c7d4133097ad28

SHA512
7fa5e735c244d0ad3ce5d8aa853180f4186286ef01fd7a0c9148a28bb839b81447d2f01b9a0cc6e2867ce01276ba2722bb01778526ba38c98834995aa8e6047f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e2f3e3530f12fb340247783ef7e7d99e

SHA1
dc960dbb50bfa258c9bc66e9e2bb4fb10c635f4e

SHA256
17528a1cdaa601e3e68a1096a9d627d8e86238e0be20187940bf1dbfc97f9327

SHA512
d674c3cf30b77f5229f08ed4d77767a47bde3bbef815d77cc348aae58856616731cbc8cf2c5e14098f5787ee03b29118b3fd58e121b5ebdc1b2d50a50c2afc47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1f64634c1e0adfd3bc5236cf794a79fd

SHA1
17f31e3bc295bbcda58232bc6b20688e293b2813

SHA256
a894a2948c70c36d4280ce0c41b64b7c200f5cd42e89562abb9896a971f81219

SHA512
bb0c49f4f0e31e8472424cd4501a0f25a89b9fb68457498e6a8b6ad827f332cfa713cb54758040c29e8841553c6a8fab62da7363766069aa4f9ec2695e09e4df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1f64634c1e0adfd3bc5236cf794a79fd

SHA1
17f31e3bc295bbcda58232bc6b20688e293b2813

SHA256
a894a2948c70c36d4280ce0c41b64b7c200f5cd42e89562abb9896a971f81219

SHA512
bb0c49f4f0e31e8472424cd4501a0f25a89b9fb68457498e6a8b6ad827f332cfa713cb54758040c29e8841553c6a8fab62da7363766069aa4f9ec2695e09e4df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e2f3e3530f12fb340247783ef7e7d99e

SHA1
dc960dbb50bfa258c9bc66e9e2bb4fb10c635f4e

SHA256
17528a1cdaa601e3e68a1096a9d627d8e86238e0be20187940bf1dbfc97f9327

SHA512
d674c3cf30b77f5229f08ed4d77767a47bde3bbef815d77cc348aae58856616731cbc8cf2c5e14098f5787ee03b29118b3fd58e121b5ebdc1b2d50a50c2afc47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1ddd252ad03b1b6bb9c613f8a0d12018

SHA1
9782c695738f1d1e2cfd8750a6923759320620fc

SHA256
6167d935967bd5863bf04ba3f63b710c13921b2f9bacc6477f9db5765ba877b2

SHA512
dc73ac86313d24f44a45e0225f4305827c8f8e1da6aeadbd9ff3b4e041168992ea7509ae22a73bf5f4fcfa60d1b51a9467e86c332d2028138a7a38b60b247872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c05c3681-5328-4fbb-934b-4ccbdb8be171.tmp

Filesize
2KB

MD5
e2f3e3530f12fb340247783ef7e7d99e

SHA1
dc960dbb50bfa258c9bc66e9e2bb4fb10c635f4e

SHA256
17528a1cdaa601e3e68a1096a9d627d8e86238e0be20187940bf1dbfc97f9327

SHA512
d674c3cf30b77f5229f08ed4d77767a47bde3bbef815d77cc348aae58856616731cbc8cf2c5e14098f5787ee03b29118b3fd58e121b5ebdc1b2d50a50c2afc47

Download Submit