0d6e09e3a2340a6e80a53ca8181276bac5424405ff5b07e4707a32af997cc7f4

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20-07-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d6e09e3a2340a6e80a53ca8181276bac5424405ff5b07e4707a32af997cc7f4.exe
Size

39.2MB
MD5

d98f63acac1e752907e9ed968471b5ca
SHA1

5a4a083912651dcbcd2cc42f65aa81d28b3db6a4
SHA256

0d6e09e3a2340a6e80a53ca8181276bac5424405ff5b07e4707a32af997cc7f4
SHA512

1c8ea4bba6b002d4daef19d829d631717af9cd5cb4cf468a94a2fe1603ea50fbbfe3d036cef8a9b82ed2166a09302ccd21b2b0874ab1d8162de1aee2f8af251e
SSDEEP

786432:Ml6iTfRwFOU8ofAl2jpynU1PKcDxvV/yaPZM:if2V89l2YncKcD1fM

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 410619.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
3788	msedge.exe
3788	msedge.exe
2164	identity_helper.exe
2164	identity_helper.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 3788	4196	0d6e09e3a2340a6e80a53ca8181276bac5424405ff5b07e4707a32af997cc7f4.exe	92
PID 4196 wrote to memory of 3788	4196	0d6e09e3a2340a6e80a53ca8181276bac5424405ff5b07e4707a32af997cc7f4.exe	92
PID 3788 wrote to memory of 5072	3788	msedge.exe	93
PID 3788 wrote to memory of 5072	3788	msedge.exe	93
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4400	3788	msedge.exe	94
PID 3788 wrote to memory of 4272	3788	msedge.exe	95
PID 3788 wrote to memory of 4272	3788	msedge.exe	95
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96
PID 3788 wrote to memory of 232	3788	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\0d6e09e3a2340a6e80a53ca8181276bac5424405ff5b07e4707a32af997cc7f4.exe
"C:\Users\Admin\AppData\Local\Temp\0d6e09e3a2340a6e80a53ca8181276bac5424405ff5b07e4707a32af997cc7f4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x86&rid=win10-x86&apphost_version=7.0.10&gui=true
  2⤵
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa66e346f8,0x7ffa66e34708,0x7ffa66e34718
    3⤵
    PID:5072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
    3⤵
    PID:4400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
    3⤵
    PID:232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:2620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:4304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
    3⤵
    PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5248 /prefetch:8
    3⤵
    PID:3248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
    3⤵
    PID:744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5696 /prefetch:8
    3⤵
    PID:2672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
    3⤵
    PID:4636
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
    3⤵
    PID:4816
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
    3⤵
    PID:3924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
    3⤵
    PID:1600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
    3⤵
    PID:4736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
    3⤵
    PID:3736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5318829710374923069,17465319698010059394,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
49bd948282b90c1c698f37b793bcad81

SHA1
3467fa830d521b5561c64ae072b9df01a4f2fc5b

SHA256
297c352cb22a69ca84847101e9f9a5ef4b9a8aa277d5719bd067e5f2003d55e5

SHA512
be64766a309e7ff9d13dfc23487c084fdc5093aef494f8804e5004ebb4c3036ddaf091c4cc74d7651efc00d9a3ef269cd8a03152d28a57a680e2f7f443196225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
902B

MD5
b92120b83a75dbcbed48a4523373f165

SHA1
4f14cd1bccc92024a76dff6626eb68706a752d34

SHA256
8e6d93364775f82f675b0f891e90122428e644f70c312f52ad50dfea3fc19b30

SHA512
288fc797a942cff19c7ad8151e76ae9cd7ba94d652171cf59db1f4c08776ffe5718f1158700653eb55e720f5748a4a2ecdfb1b3184c47d3a21306643ce999aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1002B

MD5
f202934aac65cf13dcf7361faf872fda

SHA1
c35256b7862cc7d7d734d97a746eb0e09a3fad86

SHA256
0b95757ee617016c5df87cd13150fed429badbfeb08ad0e007e1bb3187c33c69

SHA512
5aea34766d16d3db0c9e924f70f2aa70ae8669ea0f9fae743cf28bc0860ae0b57d223a2cfe8282a1b312f34bdff6ccef6c61e5d231ee672b426667b330cd7b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6580371df09d3ed1026314c4b71bc6a9

SHA1
f659f1599816808d5fec788e4ba74b85be2fabba

SHA256
5872dce84158c69c58ddcbe80c270a71f60c0239e97e8e11c65303d95900ae0e

SHA512
e77c804b95c08962df93640817c593c5d419dd9a63e402c8c2c0c8d6f3b94abccb1c43b3e9ad60a7289fe3aef10a80403b4e36e575c2fb27dbf674600aa5afe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9c73e0250202f735687d44a1daf49a8

SHA1
04060b51b1fef8b91b2328750c60db7885d8be7e

SHA256
3e554dae7bfa6618b7a6e44a41c1b2052a9c8a6ef151bee6b0ac8e41733fd506

SHA512
532e3e9640f24db6391e5596fdc3404e7ecbda7c86b30538301acd60f9ebf19d41bb5541a6376054352ffad629638aed7ad01b16f6650a36adf10f78fd7b55d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
1e81a40cfd3a65c386bdc179322be0c9

SHA1
273aceb3145aebae2ef1ba6ee641b6056262a603

SHA256
194a89b956d2e0663818515b5454bf9df99817f80ef8e22e2fe828cb6f203f09

SHA512
cc677fed3abc2229dd0557b6f2e4e7d048f685d7afb4c31b0603054d4e2f0637f2e41f9ab7e2a63680e6443787f1011676af1539172eca809e00837572b28899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
3a8d00ed5f3b34006da510dc24815608

SHA1
cb627fd620a6a40e1b27ceac3da2a30531c1d83e

SHA256
74dc22b41faa413dda8cdb01698661474bf98b168d851b77c1f0437a4cb2574c

SHA512
c7fd5011101e939b5910ab3097b01c19352e895a64855ed695e41f13621f3d5279dd59f256d6816506c03b7a900019c01681e2afeded49920f79bc25639dca6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a94b.TMP

Filesize
537B

MD5
47e8fe45784e2e5a0aaf3cd3fc6eaae9

SHA1
31f4abe5ae39bffe132b0d3f7b835a64a4b20bb5

SHA256
030d37a67448373fe98613924bb9faccfe6b09e52a1f9d8cccf73a02d31f62c0

SHA512
c5d081436d68ece5e898e41c9b10b91462ffae4a020c1625b390303e5c85debada25f1a1cb7a8dc49744cf0f1a6b46378de5e934806397f286e81e99c95c3d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
187d8238b52f11981916eda4c130b60a

SHA1
35b830aa700a762dac9e904c82b6f685cfec378b

SHA256
aeab362eb6e2e7ae0b1bf3df10352ffa33ea365b9f0c788a2693c18a9909dc98

SHA512
232d979ba05239c4cc0397e7435418d018922db39ffb0fceaae54ef205278f3508c02a1e167c1bcec0e02693c1a7e5d547957265bdc1fb43486bdc3726cada76

Download Submit