bb2b7298bd6852a0376b41072e1ee0ee1001d8522918e43feaca98aa710b429f

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kiwi X External/Kiwi X External.exe
Size

321KB
MD5

9fef2a301edbcd80a74670f54a88e41b
SHA1

eb7a5845b2998217f8ebd4ecec4ba554d3edb757
SHA256

02ad64a9b7a3e99337b59f54563082fbc48b26cb796fbe1cd834ce185fd63381
SHA512

afb5badae34091bf88b5e97a1742385cb7ff4839f514ada697da00ea186ee0a9e35c53edcddcabda2a7f4d0cec4e2e53ec897033ec1856c05238efda07fc05c9
SSDEEP

3072:JIl9mTYDNDK36o4zEsb3q3BIIi4bZIYl/I8Z/mKrGqx:JIvK36o44QadTWYl/IK/mKr

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 471700.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1652	msedge.exe
1652	msedge.exe
2908	msedge.exe
2908	msedge.exe
5256	identity_helper.exe
5256	identity_helper.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 2908	4384	Kiwi X External.exe	99
PID 4384 wrote to memory of 2908	4384	Kiwi X External.exe	99
PID 2908 wrote to memory of 4368	2908	msedge.exe	100
PID 2908 wrote to memory of 4368	2908	msedge.exe	100
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 2444	2908	msedge.exe	101
PID 2908 wrote to memory of 1652	2908	msedge.exe	102
PID 2908 wrote to memory of 1652	2908	msedge.exe	102
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103
PID 2908 wrote to memory of 4352	2908	msedge.exe	103

C:\Users\Admin\AppData\Local\Temp\Kiwi X External\Kiwi X External.exe
"C:\Users\Admin\AppData\Local\Temp\Kiwi X External\Kiwi X External.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?framework=Microsoft.NETCore.App&framework_version=7.0.0&arch=x64&rid=win-x64&os=win10&gui=true
  2⤵
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8975846f8,0x7ff897584708,0x7ff897584718
    3⤵
    PID:4368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
    3⤵
    PID:2444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
    3⤵
    PID:4352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:3364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
    3⤵
    PID:4696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5160 /prefetch:8
    3⤵
    PID:4908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
    3⤵
    PID:2912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5528 /prefetch:8
    3⤵
    PID:3624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
    3⤵
    PID:60
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
    3⤵
    PID:5240
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
    3⤵
    PID:5340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
    3⤵
    PID:5348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
    3⤵
    PID:5580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
    3⤵
    PID:5588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6487593652851945878,1909699993752620328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6288 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
96da07e314f28a3218e55b07e321ea1a

SHA1
aa0905e095200d16d3b0549bb0dbd9c1f3d3963e

SHA256
d2106629f2bbe464a3aff2e18e129eb2f52607594c6a77a60f613c7ac3da0fb9

SHA512
c020c87071e17a7e9d4a2521d892b352509f943e33416fcbd6016070225acc8d82f992cc5e37aced439cc438d66f5c013f56bbb16f1e5158df1dfc7bfe202b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1002B

MD5
f1d0576efae3cbbf0a8f8767945478d3

SHA1
ddf93db6ead6831dbbbbc46a5f7eda06ad88946a

SHA256
e8d2e16ec5b00eaca69c0a9c2099d174cdee6030bdc9e691d508b6e4982e1aef

SHA512
2ba12e20e7da4f05b165cc12642cc124b373f1649c4a332774c07804f5e3c419e7c75e7819826914e616a4e951351ac9753502fb133bdfb635bd155982f3fbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
41f42ca00d1810a1b34a47a7cd3d010c

SHA1
c0aeabc724334387273f5b27059dff5b3b5f71d6

SHA256
0c57745c4179b05777b22d01b7591f723a31449a58718e0030253fdec50b6629

SHA512
77a1790eb1d289a954d71383321d3aef2e728471395243a60039beda5b9c83538b7dc5c6e84ec5eec68125bb2e13de084bd9da00678f4a30f401c90f6cbde1a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d70bd000d6c74d915ef318c6373cbb2c

SHA1
68825fa1e4c65b494ff7e0606113ce598ca0c715

SHA256
c799af83a0df5053ccc3f8240b29d1c659c7803280ed92c84586e3d1712ba94a

SHA512
842eb382e463f3f2beb312ffa7f038c8586995fe49593dd6b8e8f1f4993ecff0852d150d712ca5847c8f76096ca71b25711a5d6677d557d5f3a17bb6803e34d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
2963f499a0c5d15388b268fb5cd854bc

SHA1
2a16c0921195702aef85adfaff6ff31fbd02dd24

SHA256
69b69a4388138a912efe577f1cc84c4f11819493bd27c4475acde084b2dbe38e

SHA512
8a217f450eb52becbdbbb5ee5cad3ac495ab17084063e228ccf7a404aea2d1452b4effb260939f61a9c0d1f16c10b30d39bc4bead3cb765a81f1df6ac227db81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
f3971050611266119e0bef94b33936ee

SHA1
28b12a60d3c356ab4850e7af409f6362930525a5

SHA256
eb5e8e9aebb3785acabbfcea17eeb04ce407cf2f431eb70e8d9b444372d118e1

SHA512
2076e1513ce24910f556f9d96b889fb00eadf10d558f977c963fae0ff364782d74de0779ab86e81ec9b0b0dbd2679413fb04611962bdd3a53f64820625ee6a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
7d57781bb460d0561e81770a6c58740a

SHA1
23718b3f53ffa2ad2ad8d503e2d5fead947c366f

SHA256
a5d4bf89ed3728ffcf33a257cff8b02c8335e8e1c72fbddbd2d6e3537fed7bf9

SHA512
1d61475bedc7579a1b6832585932ee6a0d1cab2f67109e68c5d0676eace6b89025cb8ceb24f33718a3135b798c14d3d530506e24a5bf1a1b925db1e2bbd53d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a75c.TMP

Filesize
371B

MD5
998e1d610bd93758c91763d92ad7ab08

SHA1
47e864b24a40e9ff3ed3ca942b5d46dd0fcba24f

SHA256
312afa65b570ddf89f8e0fb6a03c4cc77653bd7147db729c25e16af1991c5ea2

SHA512
098b8eca657f9274a374bbe6767ed75bb82fd75ce4b84fbca48bd97219f7ef024b78ded02bc6b92de486ebd1972ac4244e0f630fe6dece17597f14c3fdb67b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aacb05b8-0508-4f8c-a3e9-eec1f959581b.tmp

Filesize
539B

MD5
c28145ef14bab96dd7d84107049948e4

SHA1
25b9a13f2cb4ed1e63f26ce3b25695085b036b41

SHA256
8bcfb177ee768cb4a75f9d2d05f39c76617eda956a7675d26b81543f85bf2394

SHA512
fa05d1987ffbb9941c46ca6089e10d96f355eaf014310a9034596f476aea554ba2fabd3a7f3a78a9ee4e30dc65597d9b0844430e248e0fda8f82dee9c5255e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
05d73b94d3d560f6c4721893bc131a10

SHA1
320bb0bc7781ebffe1c0c6628ec72fca7380b771

SHA256
a5fe7d3e71bd45d64c15db0027b2d279b42c2060577d12bfafea4e466a89fbbc

SHA512
f71e1b2d8753a8fc13c72e896bb24168f0ec7ed9204d9194a7fa6088083201f4c06ddc267c2b9ab66474405b788da5d4cefdb8698f28d2538cc62bd2cc8f78b6

Download Submit