2e924bfa77bcbe06f61fb930a4eb6784c292d241f5eecbf2ba00f197b1c2ce5e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2024 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e924bfa77bcbe06f61fb930a4eb6784c292d241f5eecbf2ba00f197b1c2ce5e.exe
Size

38.6MB
MD5

3c5fbd103ea5c14e434a1336381bafb1
SHA1

e53df64e42f3add48f057e549e0214f629295eba
SHA256

2e924bfa77bcbe06f61fb930a4eb6784c292d241f5eecbf2ba00f197b1c2ce5e
SHA512

c0196e3628ace88aa050358dea5c346068f82f3469c51aee08a9dfd8b01578bc3afd0a790abd152e3a5e38b8e7847531454dbdaf673aead8b7c72968d4a17063
SSDEEP

786432:xn6iTfRwFOUPofAl2jtyl0IcDxvVzyaPZw:Hf2VP9l20l0IcD1bw

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 190168.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
556	msedge.exe
556	msedge.exe
3456	identity_helper.exe
3456	identity_helper.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 556	3816	2e924bfa77bcbe06f61fb930a4eb6784c292d241f5eecbf2ba00f197b1c2ce5e.exe	91
PID 3816 wrote to memory of 556	3816	2e924bfa77bcbe06f61fb930a4eb6784c292d241f5eecbf2ba00f197b1c2ce5e.exe	91
PID 556 wrote to memory of 2704	556	msedge.exe	92
PID 556 wrote to memory of 2704	556	msedge.exe	92
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 4904	556	msedge.exe	93
PID 556 wrote to memory of 1124	556	msedge.exe	94
PID 556 wrote to memory of 1124	556	msedge.exe	94
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95
PID 556 wrote to memory of 1668	556	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\2e924bfa77bcbe06f61fb930a4eb6784c292d241f5eecbf2ba00f197b1c2ce5e.exe
"C:\Users\Admin\AppData\Local\Temp\2e924bfa77bcbe06f61fb930a4eb6784c292d241f5eecbf2ba00f197b1c2ce5e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x86&rid=win10-x86&apphost_version=7.0.10&gui=true
  2⤵
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba6c46f8,0x7ffeba6c4708,0x7ffeba6c4718
    3⤵
    PID:2704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
    3⤵
    PID:4904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
    3⤵
    PID:1668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:3140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
    3⤵
    PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5180 /prefetch:8
    3⤵
    PID:4720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
    3⤵
    PID:4520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5736 /prefetch:8
    3⤵
    PID:1356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
    3⤵
    PID:3784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
    3⤵
    PID:388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
    3⤵
    PID:2884
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
    3⤵
    PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
    3⤵
    PID:3600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
    3⤵
    PID:1544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,490404042638952208,8708612409904191376,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
8fe6fc2803ebad3f1be410eb76ece3d0

SHA1
ece3232ac91c633cbeff9f53bb02ebf89271dbd0

SHA256
7566966a3fa016992ed800b07a4be704fd0325de590dd774e745f0740fbe8a7e

SHA512
5e425a5972b1cfe6e7a044abac0cf497f3ed947ff0be549be3730f5bfcb454fc11a9af93726803ab2f2b7fe3d53bc21027a73044bd920c3570beab6a4565c9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1002B

MD5
db217ebc3080bc3b2f84555364040bd8

SHA1
f2e92fc2063b3b65ccea89152040eea81fff798d

SHA256
b35a7a4291116f42fca5eb6c950f5d83d2efd3f38ee4b2d1e2f1478147c44d0d

SHA512
a56552fa6781d277dcce86cc0f9efe5a5a71f643b535c03783ef51aefbd24153286cc86caa1975cca15ea159ba8cffc186e66d969ee6343a264ac3a36b471f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9d7017d9bc0630d7caadbb38ad9a03ce

SHA1
832d2d3eada9449211f6e3c10a1f39e9835a2b6e

SHA256
a60de9ee426e5205f938bc1fc3d34fb15d167436de5cb9ed90ca89398bdb5bb9

SHA512
169bcc15724c054b4062586f478d68b6f0465d1e9db7ee348eaf3bfd16ee0bf44c3d87edb51bf18fec17c9034ebcb18045ca330eaa647c3e70cd59993269908d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2dc927fe6a045eae54e1bf413521fe0a

SHA1
fd395374f2b1f67d7eeb45f91e969b0bfae573ca

SHA256
bdcae471340cda52eff371c2cbcd68908ca0caf87fbd0b1f66f092987d59d848

SHA512
20a992a23498e12c1d4d08541e2d964b6dd326232b1f90105bb95113aad6e55f84bc29493a097602215ddbf72edfedcce7bf4208c4977d4a9a1e5ea6c7621e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
34b3fb03ec0311308446408872f336a8

SHA1
9e8d27e23416e2eb8aff1247cd672d5b6bb5037f

SHA256
dab1af419b03499db17de196e05d341a7ef32add4b394dae47031849cec6b48f

SHA512
3ce8bc5da1a9e15983e22ae6453393449f1419eeb0e4f3ed558196cd21b5db047500f02aefe9135615a24e037b966d248aa6ab0bb8e29ee85e19f60db1fcd88a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587143.TMP

Filesize
539B

MD5
0e21aee88911deb6db4a3bd8181103ed

SHA1
7a3a84807a022ac594ae37a466c612371f52aab7

SHA256
61b748326042586b5a5dab001d00bbe683daa6b7b7a2aa962c9c092dbf3839c1

SHA512
a05add0a5a7125d7b7e5f01d5b19e2cc047b3b6d4a5b8c0748e51146ed2dff4fb4a8642f35ff27ad7a49fa236f4a18114708cc53d77763d1149b298c4ad36f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fa6224ea-605c-4dfa-a04f-015a90d21df5.tmp

Filesize
707B

MD5
96dad4405dba65a9e1ca6dbb56cde908

SHA1
4b969f147cacca92496503f0f56e64dc2abee23b

SHA256
59cd8d1199bc889242600f96e71d3be1a38dcd5f83a1decc7d6ce6a9d6c2512b

SHA512
0ed8a29262b75aee77a6f28189c9a001475b2e59df920c9a947cab1ddb5a19fde6a65a3a25b08e131c8e70244ef02eea8d41f058dc3d65ba4769ae121323e7af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bd04b348f24603c293f97fc667310c5e

SHA1
7dec610d842bde1835172aff80001780f791e299

SHA256
d9411eab64642df0f11644981d94b730a2e5c58d1d9bd9dd8b660b466cef81c1

SHA512
f2f7b1ec7b4c237ddd692726379ba8bd418eb9de45e66f98acc1c4914ff745ae5a4fda15d48d26ebce66419c8cc880086bc602a67d6865919e922729478861d0

Download Submit