67585fab3642bc808c1acf81773a953a612b6483adb67ed0a6456939eb9583d4

max time kernel
149s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
20/02/2024, 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

blank-blank.apk
Size

201KB
MD5

77d29bcdf2915579df1b4d7747e044cb
SHA1

c34b71072951621c4e1d8a52166a233d78dcd77e
SHA256

67585fab3642bc808c1acf81773a953a612b6483adb67ed0a6456939eb9583d4
SHA512

8906875ad9d5fda18b53bfe07968c61f6561f2c032947203c94fb29cda0b520bc368a8ea35e75a1931bd9565940e02c289a4e95b47336b5babfa29eeb81e1f08
SSDEEP

3072:5s+D4MHCy0Ahq5u3gviG9flAT3ZxVT/3eJ7fxuPK5:ZD4MHjs+GITv5uRf

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2924404578-3852090450-4074565938-1000\{6BDDADA7-9E17-4BBF-9AAA-BB66A609B6B7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe
3520	msedge.exe
3520	msedge.exe
4828	identity_helper.exe
4828	identity_helper.exe
3432	msedge.exe
3432	msedge.exe
1684	msedge.exe
1684	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1324	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 4600	3520	msedge.exe	82
PID 3520 wrote to memory of 4600	3520	msedge.exe	82
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 2468	3520	msedge.exe	83
PID 3520 wrote to memory of 1944	3520	msedge.exe	85
PID 3520 wrote to memory of 1944	3520	msedge.exe	85
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84
PID 3520 wrote to memory of 896	3520	msedge.exe	84

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\blank-blank.apk
1⤵
- Modifies registry class
PID:4832

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff955853cb8,0x7ff955853cc8,0x7ff955853cd8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3920 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2798352358498870320,5015169940724100307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4a7484ba6d457556ace4c311458fce2

SHA1
fd8ef690a7b356300e024699478ea1f4193ef660

SHA256
ed5f71ca09455340e6a3a9b196b276e2880f482ba20c959248af412fbf993a50

SHA512
e35626dce77f642e060d3e54a84a4ad62af74576581f68ea1e041977dcf61d679c7b546102b99a221963d1d754566661b46eff2b3d6d751d300200d17e69ccad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
58f2f14ab46c98dd09e2906b879943c9

SHA1
50f2acda537851a9171bf647fca5c06c5e59935f

SHA256
2e60d8fcd2ff064ee97c2dc5c8b92f2634e7f2e6d362f4cf9c7e1e9e31da02f3

SHA512
98d6671644b44431fb09dfb29827c8d7efeea3d46e07abadc9fe7994624fd78d75917d0d09ffaecf38f9748a23d020fa7913455d46f4efe87460451c83b2a7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
467B

MD5
af0d1e3a8c442835f9a0caf45f14003c

SHA1
9d5cd0914fe3afc1c83217f90e61786980fbfa0c

SHA256
1481d550f73ca1ae9d4c763c17be8c96a3c30165fbfc43c4942ce2d44a4bba1a

SHA512
d5189d1763e7e74be4494ff654964e51b9baeb3468b5d0de5f029da6ac45ebf3e6fae8cd7f31100e817813a35292a8815f8ddd1eb2df081146d8c01b01714d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b05a04f161c6064fa09cb2729ee51ac0

SHA1
14d82dd4b24ae83c7452e8ea1f38c1afa800befe

SHA256
99195dadbd8b60959f2c5ca0e780db8f63ddfdc630456da4ce9dd9ee6ed84fea

SHA512
598eb7466ef2f3bcc0fa27329932f2b1cfb9953f6479308d4322f8a18be021cd041accfe9c1f0e0b22631a772275109b0f604bd5b34f25404d6738d61771316b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8e42de618e5cfe50a1846f7fceca0503

SHA1
0f16df53c14315aa0501c5bea14f39c4fc0ab88e

SHA256
a44b756135572be8613661a034f45c3f882f55f31b7d9ccca2c2a0f1d1507568

SHA512
e6ed72a9a862796fa6695ca399213fdae8ae91d881df0c5eee35518fedfac010d4d0ea16bae2b8e4a60f1ef1661be4e04130709c672034a1ba4ec9c56bb82f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b3e68a1869c53177680f2d2708ff7a1

SHA1
d4b236bc10aba0c214dc2c43d7ed95902dfbfc88

SHA256
2aaaaf04ea10698ac8b338d2b6e95fdab4ac4b44806b4c3a7353594599a75d80

SHA512
31f6f1610763f2091c8e2aa7d741a9e7ddcf9ec42c379551e03509e2e531bbb6f674b755a2db92bdd3e3c773a1b0cbb1b84c0af5151440aee010dfd998a73433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d41982c8a314a7f54ae81415a78221f1

SHA1
6618cc62e4ce0589c2ae5848624437211738500b

SHA256
34b97984eb2a5fc637b593e0af6411ebc7763e477e6bc6949bdbde458ef7c6a1

SHA512
21b60ce20a3ac64b48023b6d2abcf3fc5d6369a48df2fccafe7525016b385d588bc1f42cd52c38f7c595889136fd05f017d5fd7336c5e782296e25aab66d0942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e63a5306fe26b502bd6be7cf403552e0

SHA1
07d857f7ebc9ccb387ef5e1288f3568fcf6dc1c7

SHA256
99d50c60feb7db73a0c76bdb9b807a8080710dc7cbd47bb951736fdc220aece1

SHA512
07f4baa3d26ce44231001d9c56581c8848d8b4c9efc6f2ff711ee6a9474478e9777f990d56150dd34039b1eadb67510823456c6a7766d50a80fd35c3f3bbb1e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
67c5b5de2d96b3aba17eeeb157772dd1

SHA1
f663f64b78cf495b61c7e7a72ffa73552d8cdacd

SHA256
c475b30757887c335be79c087620eeaa31749cb1f82cefb2ea48640e377739f0

SHA512
0f892384278f868f6e986d31ec787720de25d261688551058110b3e4961390876d053c73dd156aebe1ba49364675e19669aed2842c4c38dd9c4820625f4c22a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
83e5c731f4dcc94088c24039dd6df916

SHA1
ca9b80c128339390b8eb3095cc9bb1d26531a954

SHA256
2b9150849473d96d9a794660294499e49dab81491c603b5f3b9dad227eb39bd6

SHA512
9730eadbb1b80e782ddbed1615a5654f25da662d444317e1f5d8076f7a147eca5b1a10486f526ef42c48ffb92ca77a87bbc6831d265a60dd1ba4601a9b6c5ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
78c96d4d56a0acfaacb824193f7853d6

SHA1
ad3746896a33731991923338a4519ec800e8126b

SHA256
2a11b40040e010ed7cd6056839328283337a90c40882a0c1d9bbc0a8d1c55439

SHA512
52b69ac23aa7bedae84db890c5f92cf6fa8579696dbae793fb258f2dd0cb373813373c36cef3ba4743bec100b4efc46ae6ce97ef05a4966ec6d8e92cb53fcb1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5972f4.TMP

Filesize
538B

MD5
d3d161fd0fe931a4d6f71d192df481ce

SHA1
119df12537700cb350b8e3a17ad801fb3b89abba

SHA256
db45ee5ddc3f43ca7ff97bb93625df72b90bfabe26e8cf33b4f2f5a97653becd

SHA512
24866d98385b05814c8b909d19791041e34b41d18f880a46de8a6bf2322e1bf340ef0552ae43d27c86a86eed2b7e0ffa16edda447082a3e7c3266332ff136664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7c05cecbdcae06668525ab9e13ed8e3c

SHA1
d7298382cc101e38f08d2aadcf3b94bd87fcba06

SHA256
3983f0830d8211e78af6362229959faeea833786a3c60c8ba69cac62eceb8c59

SHA512
f6c3c8c883ada95a13d41f89441cffb6afe9a96b37a8d1f30776fccb1a58e5c21876c549638bfa5b8cbbeeaf72eb6cb7f080ba0cec3f85b9acd98fb4caac371a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b4a7adcf6bb430162266698cc057fe27

SHA1
8a233d85afa572064a82e47385613a5ddee89064

SHA256
32c0afcd4ec86421317d594915f04c6859472897c4d5e235f6720c37582c0f8d

SHA512
91cf076b2e3aa46b2757a5c44db8454fb67e53cd33f47f427bb83020066afb7cd6d75dcc9985f9e60b9ef7b2f3369eeac38508f332c9544308f479e2ebcc2c4e

Download Submit