093d3e7fb8f15b06d779252a8691f7c5a42beae493ca81965bed50e5f326e869

Resubmissions

20-02-2024 02:49

240220-da4exahg3v 7

20-02-2024 02:28

240220-cx45aaaa86 7

20-02-2024 02:23

240220-ct65gaaa46 4

Analysis

max time kernel
149s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
20-02-2024 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rp-6
Size

157KB
MD5

69c7f8a0813c792faa53653f3a57ae4d
SHA1

1b9fa85951b857e7f887a62f38688ecf7ed98c68
SHA256

093d3e7fb8f15b06d779252a8691f7c5a42beae493ca81965bed50e5f326e869
SHA512

784948a0a2f7f1e1db9cd1bafec11ec68a56c2d34a15d58b0d5bd240a96fcaa18092e31c303f268851e654fcbeb2b0388b7aab98fd6533282c98455a26ab76f4
SSDEEP

3072:DwfpYYmMByc1zge3ZBOjS+rkPSfgIsqJnZEjc0Xz99DuqJTm2f62NVSgE29xxspa:oDuqJpffNVSgE29xxspm0n1vuz3U9Iv5

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1454216376-3069400526-304058712-1000\{E4CE422D-42BD-424E-914A-F71FAB637ACE}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
3644	msedge.exe
3644	msedge.exe
2084	msedge.exe
2084	msedge.exe
3420	identity_helper.exe
3420	identity_helper.exe
5048	msedge.exe
5048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2312	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3644 wrote to memory of 1440	3644	msedge.exe	96
PID 3644 wrote to memory of 1440	3644	msedge.exe	96
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4668	3644	msedge.exe	99
PID 3644 wrote to memory of 4436	3644	msedge.exe	98
PID 3644 wrote to memory of 4436	3644	msedge.exe	98
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97
PID 3644 wrote to memory of 3540	3644	msedge.exe	97

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\rp-6
1⤵
PID:1876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1896

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:856

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd12a3cb8,0x7fffd12a3cc8,0x7fffd12a3cd8
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,12525774450180189170,9439397677529746074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:1684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c7088b345d89a8f65508a536d470e64

SHA1
c7f144ced04a66047253a5ee4124985adab6375c

SHA256
70807a89747f1c04394549aa800fedd6a737647bbf95af2cf087bb53e066724f

SHA512
8d6491e8da8c117f527feb6cc01612aefa0819d35d7b961bac8bf41154a1b525438ad928af70bbb06956f02ae3b0b1495347d33c769fe789496b8f4d4232853e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a383aae8a26bfb6443cbeb9da0c7794b

SHA1
8c453b0093d3c57d698a69e6d163356dd90a39fd

SHA256
3b3e218aee83af00a0b899b3a3262c5615a6e3571e7d94701ea94b88f689298a

SHA512
d744989b8f2339fdb1bdbb1bfaa6290a2b606e7f3f3b1107de29cb4dbd9875604056a04ec86e18a079fe81672d79ca8d08b2bd1335f6f50c8ee477d285725e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cfd04ca5fdebd216c89727e505e52c76

SHA1
090d334d093722296305a8ba66485bca9f8ccb43

SHA256
46d5cf44e119de86d225a5953339119042839d6f6843246b8aca9500b15b8b5f

SHA512
57faa4ffd9735edd9bb83b61f68ef904aefffa6864d1f3f3f7ee5d4caa1393625198cc09573a731742cb689adad50bf179c27c12c414abb0e55fd529bd4d05be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fcdd4db4c0f164d8dca8e62221b46896

SHA1
ea961e8f4e0fa1ee86e024e318e3eeb68860646e

SHA256
c0c3b315c72dda60a66e2dedfe4334b357376c91a531d54109416d6d31d33816

SHA512
ea93aaec60891af6645e0c64e2f7365a4cb18d0e2ee5d3c15e69551d7dfd466263caf8f064a8e6fe8d5ea32f852ccc778534a65f8fc7d33e92bc88b5cd038505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
215a0d082d4602190b5c83d84e958d45

SHA1
4a19f85c5c998a50e3008641c03bac3c6d0c5769

SHA256
14b0bb7e6ce827df7cfd1ffa19017234ae23d23698267469ca26d35f268c693a

SHA512
beef927587ea55cd65bbc9855540b4055ff41feb415f7aa9f8fcd36d7950968a4c556a39b23f63689208f32eb3ce3d0023ad698ed8f9c130296dff68789ce63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
a73a27fe4e406bae8ea5f5e04129a2c7

SHA1
ed324510688f8b08f30475e0a38e885e1dcbaa2b

SHA256
312d5b5397d0523ed36b5d93a6f7fde0435cb41390e4ed233f5e57b9b9df717e

SHA512
72c313af632bb252ce84ab419f0a19be9a47bee9a0220127063ef79ec4d305e12d6ec4be740bd4c77fce01cf1c1737dbd58df261914a9ae6b51775f805c567cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d65029da45963b22ad68018884d2410a

SHA1
f536e7bf0e991a86e268e12cb97de7b18350215e

SHA256
44b7552432f197215f7329963434a95a3b0db10f4f1a8047009e562340ee4b56

SHA512
0627ae9ea0a37486fbcd34ceadbca1c57bc08691a4078a7c0efce350529da77f8176167c2cbc48b7a5072aaee5b61e98b42ddce44a3d999f11d471bfd59994f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59c942.TMP

Filesize
536B

MD5
6a731e2e944a2659b453411d29bf5367

SHA1
b527f6cb79e76cb872e3803e6984bbbc98666147

SHA256
817e0d89238161ce74f0c4a37cb736b71177381254b0dd5a468948426e046495

SHA512
2fd20436728ac3964f54c10b8ab13274b422445151ce51aa4febd591e737a83e80e3f47ad17bb1738065daa7b0e11ef2064d13afda586d108b9f1da12cdc4ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7bc58636ffb07351481b5c1998762fb1

SHA1
0a4cc18ddb9354e34ad7db76cdc83148ead01917

SHA256
a41849d3de2e90207ea23cb26fbe39e690521e162855dfe9b6c855af0a35c517

SHA512
37f4c4771a43b8e2011870a2746b3432736b352aa54b96cc724c690199ff664ce068dd706c2ca3e1c62c75c5f18e4687cd24c49fa6af1b9de266f5a1b602fd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
adf392020f04e57ca5385df2773beae2

SHA1
f3cf3c4e02f2e449833aecb8cda4e8fbb0b03e0f

SHA256
47a0932a4e49c443293ce3553cf0c556bcd28212a21ad894a39acc9c0f2c658c

SHA512
5663b73f22f991f4487772f5d563d7873fc73192027e21827c341e6ca8ef0c896148c599ef141c8c32ef450b7ca243c11789c1726e5f43f132321030b7747fe7

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
9af5f099ffb1cb8ef5d0f394d5cc30eb

SHA1
b2d4d4374a3cb3d025ecb95d9b4459f809fd49cd

SHA256
2e298639786032254594b05100f029f0a05fd05566a04a94c3fe486aa9cac0a3

SHA512
07d8c2e1aecbfdf5f2dafe65ea9ef6ca0d7aa8594b43718b3025fdddbcdc598e556b0e6f9e5ed3ef979375fed56a39c28b833cd841468e6d0e632f8d4993695b

Download Submit