381dac1fd7bf2ec8ef7f22eb50553b06c8faf2efa7b1910095de15580552314d

Resubmissions

01/06/2024, 11:55

240601-n3e8wsce36 9

01/06/2024, 11:53

240601-n2ldhscd95 9

01/06/2024, 11:50

240601-nzzs5acd62 9

Analysis

max time kernel
44s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
Size

95KB
MD5

6a3fa042f98c5e544498061ab114ad00
SHA1

c1993ed23957cb7ccaeab0ca9d8350fc14e417c5
SHA256

381dac1fd7bf2ec8ef7f22eb50553b06c8faf2efa7b1910095de15580552314d
SHA512

13ad88338f4c207374bddd0f227dfa0b9b33596a1f96e0c3143e3840fd2d3d73a1837bbac2ec6b628b0a1f6ae76e54e5c63f94cfd4e170f7c3ce5199cd6eddc7
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Waa1aar89JAJ4:6e7WpMaxeb0CYJ97lEYNR73e+eKZWaaO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1328) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 1112	1484	msedge.exe	105
PID 1484 wrote to memory of 1112	1484	msedge.exe	105
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 3256	1484	msedge.exe	106
PID 1484 wrote to memory of 4372	1484	msedge.exe	107
PID 1484 wrote to memory of 4372	1484	msedge.exe	107
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108
PID 1484 wrote to memory of 4712	1484	msedge.exe	108

C:\Users\Admin\AppData\Local\Temp\6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault7aacf5a1h7bfeh4385hb2fahfb6998c88ace
1⤵
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8936446f8,0x7ff893644708,0x7ff893644718
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,7643240464025380814,1130145292204598974,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,7643240464025380814,1130145292204598974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,7643240464025380814,1130145292204598974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
95KB

MD5
093e007c8ad644cbfc6bb39a2b952a0c

SHA1
4e68a3f4737b6397f8558fd35663e40c758ce495

SHA256
9373fd0a52b6134280e321c87cb9f922addaf1ead78f1783c87b05016d3ff6f4

SHA512
d83fe058885d805116050d6f52e2ad41663d8802e0994360c2207c463f7de4bbe394277c56395fa3ba3119fd5384f4fe87eeb70c027dfa2af235d75310b22809

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
194KB

MD5
5fba8fc5df8f17325a78eaa1c6ca4645

SHA1
26db6c805d58c2ca5b9da6720b910ce41a93350a

SHA256
fe2e17d990e215f6a75de16040fb9e88f32bc81e037e546546dd8ca53e3752d3

SHA512
e6e9eb2831f7af445352d353cf2e8c3592d5e62453e4858a65e98eb760fa5f4691a020a1050f99b65af5cf512fef77af6639f8f76a6e0f1e2d6e86ecc2fc16ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe31cba714ba3a6520e42c7865d4f03a

SHA1
92a19ce82a1e2aa14ad113e681f41aaeed5c156b

SHA256
ab75ce73cd55d32999f2a462014349a23bf00f010363dbe0ff4b222a9604e30f

SHA512
bcdf8d9fc3da2c82881f3c16c459041ee05642c5f4d5b1045a3bfbe0bb59378a8d9302602346495174a689b763062877a7fe96debf2f25ea824d5ac127aec966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
d92c5254d4293b2428055b478c30b181

SHA1
25b481bbb1ab73c756e22f17e937960d5e1ccdec

SHA256
0521460f219385c842b48fa216cb3175ca1443050e516ada1d9054a970390dad

SHA512
960a6c84e55e1dda715a168766b26d243bc07536a569a78dc774e420af585d1d7d0b4748ba2a0e6a0a0ffe02d40e118405f8640913c9bc854a0354894ffa83ed

Download Submit