434c576a650d5131476ce7a602f7e55d7b71db1e0558cbe3fea29b1bcc5107d6

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 16:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

04fc815262ac7592da5b5d6ce6648aaa.exe
Size

461KB
MD5

04fc815262ac7592da5b5d6ce6648aaa
SHA1

77fc848bb48673cbf7e9ad4cbb8894491907cd97
SHA256

434c576a650d5131476ce7a602f7e55d7b71db1e0558cbe3fea29b1bcc5107d6
SHA512

8f85e959e0f950597d5933a7232c330ac2ff54d2865214e27bef8de23066386e5308c288d42622676a9555dfd4c58fae058eed7f4ea8e9eaece535b91d9c3bc0
SSDEEP

12288:iPptoY05ee6U1gx/ewbQTSoKZjdwjpcPrk:U4ee6U2/XbQYwjpWk

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	04fc815262ac7592da5b5d6ce6648aaa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	04fc815262ac7592da5b5d6ce6648aaa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	04fc815262ac7592da5b5d6ce6648aaa.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	04fc815262ac7592da5b5d6ce6648aaa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	04fc815262ac7592da5b5d6ce6648aaa.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1236	04fc815262ac7592da5b5d6ce6648aaa.exe
1236	04fc815262ac7592da5b5d6ce6648aaa.exe
4820	msedge.exe
4820	msedge.exe
2960	msedge.exe
2960	msedge.exe
4612	identity_helper.exe
4612	identity_helper.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 4608	2960	msedge.exe	97
PID 2960 wrote to memory of 4608	2960	msedge.exe	97
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4500	2960	msedge.exe	100
PID 2960 wrote to memory of 4820	2960	msedge.exe	99
PID 2960 wrote to memory of 4820	2960	msedge.exe	99
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98
PID 2960 wrote to memory of 692	2960	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\04fc815262ac7592da5b5d6ce6648aaa.exe
"C:\Users\Admin\AppData\Local\Temp\04fc815262ac7592da5b5d6ce6648aaa.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:1236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://crusharcade.com/ca/thankyou?s=69bC0da2srS6srfh6e71yu%2FAwdf%2FsLXHssDCx7fAtrTAu7Gzu%2F%2FFwsrPxsc%3D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd6f746f8,0x7fffd6f74708,0x7fffd6f74718
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,802242457975708499,4287823557273881284,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,802242457975708499,4287823557273881284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,802242457975708499,4287823557273881284,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,802242457975708499,4287823557273881284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,802242457975708499,4287823557273881284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,802242457975708499,4287823557273881284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,802242457975708499,4287823557273881284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,802242457975708499,4287823557273881284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,802242457975708499,4287823557273881284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=64 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,802242457975708499,4287823557273881284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,802242457975708499,4287823557273881284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,802242457975708499,4287823557273881284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,802242457975708499,4287823557273881284,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
e99c729661d361cfdeccb76fb786aea4

SHA1
f91d515bd1fd8fbe2a4d274f8062af1d0bd23a8d

SHA256
ffab13b85532e329f80d61cef78d604e593cf8d409e5aa117e3b9b3c96926159

SHA512
4317e4bc797f0efca9ce3ab3bc404e35d965a8135e5efc17a5b92c7751c060998339640a0f66d5ad815d7c9ccd06d34cc8f6c22d092d3698fc13cfd283ec3241

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
86a7fd59fb712bbb99ac6209a95e5497

SHA1
ebed0263d8453337dc037a0ac9917228ec76c64a

SHA256
9db5f8ffb81bd180378659d9e81726c98692dfd4c4959779d0684dc34c1cba90

SHA512
e22a462dd70a545dded7111cc3e7b3fadd5caecb5897712c9050836b7e9379f3636ce3de02db4aef11fe9904f3f8214e9ed2a476b1a253e1a20dced6562b7c2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
5b3a642fda28905f1d9371287c1389c9

SHA1
a0e0f14c734a4b4c92741f632e5f99c70f3818a3

SHA256
600a127f7a3c263d387e4abdd8508b8e2d9d919c0176b76eb6a82ce4fc95a80b

SHA512
a8bd7240cce8fdcb6f712d71141a0f0d6cc6af93e6acf660a929f2ad736368fdbb34d169bbdb654c4cbe70be132e795b4fac0b6a00c41aa315e0dc765d0f451c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\921d82d1-941e-4479-af95-74a844122fcf.tmp

Filesize
921B

MD5
bfc7bdc2f97ec17da53ae7d31d5cfb95

SHA1
5afefb63821b3ef661070d4e274992e440681705

SHA256
9fb3ba884bd9efea9da72090bfcc70b7eb5aabd089ff007af215c818e13ee872

SHA512
66178ee2a76b45f505cd83cd56910b3ad54b3a9e69a2a1adad823f53a0aaa2da045238630cf3eef6f83e004c3136cb9bef8ffd43a27d5a9930bc2ca84cfb26fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f61ad4771d5c042769e66a657286b606

SHA1
ff50dfe694542e1a2400cfe5cf1e6fae41136896

SHA256
7c84a4577e64ca77d7835da4280193924283ad3366cfd8a10b163988d6c212be

SHA512
7e5c69c6f80c63eb11cd6f34d7b1654d0ede64278c90254d65e236313f0800b321ed93b5a175645bb6b219a5020d218f6e65b84d9dd11621f3079c74515fea9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98bb3af3c99ba43fe1f01db0afa385fa

SHA1
f2402fdae707b4d806019558464f11b683ee738e

SHA256
68795734c52c37e0040400af309dd8ba9c1c983ba4eff35f4f5c3d9b7c3c2a49

SHA512
d26779eaf4bb84750b12ac14329e9880c65c3818a9c2c64482fd3589925ad1aa2a781f56d7380246990fa0c914df72c1beccfd5ce9cecc9163cccc2abe2129b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
27487afd4f237dd6443befa8361207e4

SHA1
e7fde5ab38b8786f63e201b5e1919b8e90baac95

SHA256
e48e4d9508743003fa4aebf91fa11638835a0f234c99ad5d8b7c865fe914b1a1

SHA512
ee66db309d81cde34c2bb84915af2ac16d36ab94c76c7fe36a8a4dbf1562e0bf53c9d70bb29bb2440b0f3dac648bfdc244fd698b7c4d9c4e8dd4f8dab576a5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
42590982b7e44c207d11cc512acaa0bd

SHA1
bb8825fe279812efda9489896ec0a10ad45e0c98

SHA256
d31805c8f623775d0a8ec7b9fefa4784dbc27bda8ad253cbb6d83d71c6486410

SHA512
1d1f8473eecfc9b4ab3087652c9dda3c5f026eebb0ab876d5515a4e0f2c9f8dec92e3c02c502409434f8b0cd0a226bc381c956cbba7e59ab7b1448f86e57c6cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ca49EB.tmp.exe

Filesize
2KB

MD5
69adc7e447fc670ff847b4e4a357d4b1

SHA1
1362fd5e23751bde02de70a6135954e5d88d3e14

SHA256
9fb9b1d96a76f91d0dfc54e7280f5b4b9a574c7e05cf02396694fbbdc60abf0f

SHA512
b1f3171356bc2279516747021ec8660d1ceeb34fb04edcd00f0305292c77641e25edd950de102a69219a40a36cdb28064cec291576f389cf3198c719e8bd7b08

Download Submit