131b6738593696d646ed5714b163f78177a6e3fdd05e7a24e56642f143c856f6

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-03-2024 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

131b6738593696d646ed5714b163f78177a6e3fdd05e7a24e56642f143c856f6.exe
Size

25.7MB
MD5

0ee2c916af25c4664f22cfac85969b1b
SHA1

204de44b01f040df4f28804b091c23a02e4c42fe
SHA256

131b6738593696d646ed5714b163f78177a6e3fdd05e7a24e56642f143c856f6
SHA512

a9d5e4f8c0bd48c499e4e3acaa0efbede939c359fd483a4e01f30c77428edfcba7f1c2dbcab192e22cdc811968be75eae8134baa3809caeef720aa5146fad54c
SSDEEP

196608:6C5uEwsfWuCKyEOqLcHt94/V+kuuBn/VekuuBk:3QEwsfWuCKh2I/V+kuuBn/VekuuBk

Score

6^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 153808.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
4120	msedge.exe
4120	msedge.exe
496	identity_helper.exe
496	identity_helper.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 4120	4068	131b6738593696d646ed5714b163f78177a6e3fdd05e7a24e56642f143c856f6.exe	90
PID 4068 wrote to memory of 4120	4068	131b6738593696d646ed5714b163f78177a6e3fdd05e7a24e56642f143c856f6.exe	90
PID 4120 wrote to memory of 4376	4120	msedge.exe	91
PID 4120 wrote to memory of 4376	4120	msedge.exe	91
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2348	4120	msedge.exe	92
PID 4120 wrote to memory of 2312	4120	msedge.exe	93
PID 4120 wrote to memory of 2312	4120	msedge.exe	93
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94
PID 4120 wrote to memory of 2980	4120	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\131b6738593696d646ed5714b163f78177a6e3fdd05e7a24e56642f143c856f6.exe
"C:\Users\Admin\AppData\Local\Temp\131b6738593696d646ed5714b163f78177a6e3fdd05e7a24e56642f143c856f6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?framework=Microsoft.AspNetCore.App&framework_version=6.0.0&arch=x64&rid=win-x64&os=win10&gui=true
  2⤵
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1aa946f8,0x7ffc1aa94708,0x7ffc1aa94718
    3⤵
    PID:4376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:2348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
    3⤵
    PID:2980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:3768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
    3⤵
    PID:464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
    3⤵
    PID:2524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
    3⤵
    PID:1460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5400 /prefetch:8
    3⤵
    PID:2804
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
    3⤵
    PID:932
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
    3⤵
    PID:2264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
    3⤵
    PID:4784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
    3⤵
    PID:3452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6524 /prefetch:8
    3⤵
    PID:3296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
    3⤵
    PID:5248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
    3⤵
    PID:5256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17469412197985011409,13524320500892235038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2804 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
7a62542090ad780b0ca520f911268ea7

SHA1
a50be56051ed5da48a5ea6efb7578a6a57957a0b

SHA256
fa9d00484fed45b33da31a5884cf5ca4b6f1018fdbab5555927c756102e7af9f

SHA512
3c229507e397fe7e9ce254471b5b5c23d06b386e0ebf9e741a4ef3b1e4630dc01391f9f5b2b871e6cc59cbf27983df807127f22675ce2dab51e12d4bfb03cfbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1002B

MD5
1be7600c3d3fa9276ddfc03c19345300

SHA1
0b46ca5499b178a81f8c81928abeac1f930d4579

SHA256
8aceec349774250929e7c130afd44a7c64ea0a12040ddb16e38260c946c02f7a

SHA512
c3ba159d7b5796d0a244b1f92bc75d9a32feefae8cf504da51860f9c14b2541ed0b590a8d71d2e47069567b508404415a8838b98be27594837e5a2ed65f28b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96f936485e2f9296dd93793794418f03

SHA1
d3832b2e46fd3c535aa41d978582f72d88a5ab70

SHA256
e396e3205d5f02e2580c7ffcbb263144b7d70e602b99e8e91b487760a0e38a57

SHA512
b22d7658b05051e24c510dabde889b33bccd0a0baf1ceb0ab97aef959655df1553e00782462946eb75542dc2cd36ab070e5ef753e1d91cae4d09010f7e8273f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ec5dc3e52639e209618b6178cadd398

SHA1
1a39289d593102a01c62c49ed93bba41b8890887

SHA256
256496510da43b9d8e25b7d0abe81a8f65c5cf465f05ea593fa7e115a6e3aeca

SHA512
183d772179fda28b23bd2fd661de01109ee1c58321eb99d78841ff6dae59362f2efb3a20abd14680c2583cca11628e6c9fd63161a6f215c549331e04679aa5f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c3b39c656f046bff00eaf4ed439b74f9

SHA1
e102d58c1c86f54ec716796d188f5b42348abbd3

SHA256
57f7857ad67e056fab4268690819dae961d3bfe9c9667f2fc672996934d45cc0

SHA512
9261ccfaad90b33a9c6b50847fa1dbc8f9ccad98c6614d07a26d0d64ddd30f7b94866a1f120b44bdbb1adf8b440523e38a217c1f3886ac0c965a759f148956b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
7d44e710383133e81347340340f507bb

SHA1
81a0db335df496e4e706f3b3b173a07238f251a5

SHA256
9ca9d800df07e120f58a2d1a80cb5eb69f35b655da6cd730ad9cb33502f789f2

SHA512
b6004966441d2ce7cc48594dee0c7091401385b8d30f02ad8122991557e1cc0effaafa42a79c3ad4d84384bc4e40ca0f3b869874709b5366f25360ddf7008fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
667e5d7a2da68ab5ac1cdd91c908d3b5

SHA1
c3cd4947dc946665fb3c40c34bae6f9fbfccc103

SHA256
99257c42197d4c3f6f811e032755c57daa45d3f4823e2296c0737aa602299221

SHA512
393d18df50335c21d73205750d0bb7085d5e2c4eae1f153b0a4053077dda08be3e8ac5cee0affded14c87f837c2196cc5fefd9c137498ae302cad4e23de31882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
61429cda000eb65930240b232507ac0a

SHA1
fca4a27ac957b2c7703c118f29c35160235c03e2

SHA256
ce0ca1f13607f11521d3d5a91b1d054cc544c2f56ad767c84473ea3aff505033

SHA512
94ebd98dffbd8a9896a2b915839f80bc1f280f860b894cc8141896e431e5b9389c4be87a748e67bd536f96577c0d8e2400e832a88eb6a37b7d456e625b0d6251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c8e.TMP

Filesize
371B

MD5
3af10b624674bb01fab99df0e6940f3b

SHA1
ef19a5a8fc186474e2329d3f7b3221e756514eef

SHA256
c3e3946af45bb68074afa0aa60e3d9bbed0348a9ca0a8be144532e6fc10ec216

SHA512
00e0321e146f352d8547ca920a90134d4b9d6ad568abdbaeaf8d9e6417692bbef80f8203d00d36f5b6e9c5ffd9dd5986c9346667895c82061c58b636207866d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
95bad8e3da546233e9511f3d9d99df0e

SHA1
95150ce0ac4fad5fef72e675901bef3c4543d831

SHA256
bb726c7ea75ad7a285e3ac44df808847c6ba557adf99e013ed0a035e4e8a7acb

SHA512
14cd881c816192edb739fcbb70f1289174ef43c3b251a6d44c31a82ce7ad5a8b234dcd247863006c65402b823c53e32364001188414ac66bd625c12078504b5e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 153808.crdownload

Filesize
8.6MB

MD5
ef02516cefdf7ac8dd9edec474edcfab

SHA1
a8a8ca1b34439dba82f9c88834ec94478ab8ef7b

SHA256
a6376c377ce52b33b795c7f89f6ff82ccfb34d460fcb6d9809d3aa21c4eb226c

SHA512
03dc5198461e62518f63aee7065da207f682e92adf8764a05c0c3646d7a293352bb1f98648fbb056317f42fe9463bc1305b7a71b22ec198689013f9bf9902b72

Download Submit