614402c2936d3c6e8159d14cd7b7632659eb134ec664b5a90f4cf2b274d9eb62

Analysis

max time kernel
146s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2024 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

614402c2936d3c6e8159d14cd7b7632659eb134ec664b5a90f4cf2b274d9eb62.exe
Size

39.2MB
MD5

7972b103ed493f4002bd02a82d08368e
SHA1

a4297f94887a16de9776868996f8525ded4f7421
SHA256

614402c2936d3c6e8159d14cd7b7632659eb134ec664b5a90f4cf2b274d9eb62
SHA512

95b0b1aceefbf2b7a259efe2f34c6d51e9ce7c2422b2745b57b8f718c36229acf747da03919c809ebcdb7df3238d130e8ee1aa7922df8e30d8d9c64bdd0b7d72
SSDEEP

786432:Il6iTfRwFOU8ofAl2jpyY2JcDxvVPyaPZF:uf2V89l2YXJcD1jF

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	614402c2936d3c6e8159d14cd7b7632659eb134ec664b5a90f4cf2b274d9eb62.exe

System Time Discovery 1 TTPs 1 IoCs

Adversary may gather the system time and/or time zone settings from a local or remote system.

discovery

System Time Discovery

T1124

pid	Process
3272	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 386219.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
3272	msedge.exe
3272	msedge.exe
1560	identity_helper.exe
1560	identity_helper.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 3272	2940	614402c2936d3c6e8159d14cd7b7632659eb134ec664b5a90f4cf2b274d9eb62.exe	84
PID 2940 wrote to memory of 3272	2940	614402c2936d3c6e8159d14cd7b7632659eb134ec664b5a90f4cf2b274d9eb62.exe	84
PID 3272 wrote to memory of 2900	3272	msedge.exe	85
PID 3272 wrote to memory of 2900	3272	msedge.exe	85
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 4564	3272	msedge.exe	86
PID 3272 wrote to memory of 2140	3272	msedge.exe	87
PID 3272 wrote to memory of 2140	3272	msedge.exe	87
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88
PID 3272 wrote to memory of 1420	3272	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\614402c2936d3c6e8159d14cd7b7632659eb134ec664b5a90f4cf2b274d9eb62.exe
"C:\Users\Admin\AppData\Local\Temp\614402c2936d3c6e8159d14cd7b7632659eb134ec664b5a90f4cf2b274d9eb62.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x86&rid=win10-x86&apphost_version=7.0.10&gui=true
  2⤵
  - System Time Discovery
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1ad946f8,0x7ffb1ad94708,0x7ffb1ad94718
    3⤵
    PID:2900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
    3⤵
    PID:4564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
    3⤵
    PID:1420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
    3⤵
    PID:2604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:1384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
    3⤵
    PID:1104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5148 /prefetch:8
    3⤵
    PID:4336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
    3⤵
    PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5220 /prefetch:8
    3⤵
    PID:2844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
    3⤵
    PID:4912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
    3⤵
    PID:2684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
    3⤵
    PID:744
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 /prefetch:8
    3⤵
    PID:536
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
    3⤵
    PID:1592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
    3⤵
    PID:1408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9711556482774249440,190942843820215947,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5208 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
506e03d65052f54028056da258af8ae6

SHA1
c960e67d09834d528e12e062302a97c26e317d0e

SHA256
b26d2695dfe8aed4d0d67d11b46d4542c3c9c8964533404dfe32ce7a3e6cfb98

SHA512
15da55267433c41febebbe48983023293c6d436f89a56138cef1cea7deb5cdd7d4bcf58af12835e1152a8ec59e08cfc965e521eb54eed47fe44e1f4c2d1557a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a15dea0d79ea8ba114ad8141d7d10563

SHA1
9b730b2d809d4adef7e8b68660a05ac95b5b8478

SHA256
0c4dd77399040b8c38d41b77137861002ef209c79b486f7bbdb57b5834cd8dbf

SHA512
810fc1fb12bceae4ca3fad2a277682c2c56f0af91a329048adbeb433715b1f707927274e3e4a4479222f578e8218663533440c71b22c49735a290f907cc0af1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
642100f64dc719da47e70fe6cc7042dc

SHA1
b816bc16ae8b0f018ec2004f0a2f96bd8424a5e8

SHA256
278a6f1f2c0db5a1f17a8fbf47c71a732e96daa4dfd0cb8ee5742b1772287f86

SHA512
20a5021f12164dfbdeaaaf19232afd89326eddc690f1923d2a08d558d583cd8233e1e0bcb4e5c38af71b0d98eb503f25935884475a0278b59e482f6d5a966bb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1002B

MD5
ec63813c280f8a58939d33c6a5ecbe59

SHA1
a5bc5d88d51d3034563239cde98ceddba4dbd566

SHA256
cf013dd337810579a2cdf8355b432e761413aad1fe00370dc1a0343f79e45734

SHA512
f4f0c6589fd5885a54b692294ad64a9f30150f4599432416c44dbab72d569462fac049e2f6a4f0005a7a1b170ae6593425fad64a14498ec690fb90946344d2d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
902B

MD5
5211e96da56798fe254472d03bb301f0

SHA1
bb8346863d21d3c9a8408f7bbf4dedae61e061de

SHA256
ea6fccb381c196ff2084deb01e12808e33987d54e5be268374c9673a15809e34

SHA512
af56d09e1c66a517ff0756bd8c451d4bb79c5504ba9ace39d748eabc5f32de5e3fe62874687cd9c4f1376fd7b3e2fe56d13a9c1ff7e16722d3746e92a57716ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d43781c436be8730935726c8eedd94ec

SHA1
ff0f02e530e1b12e2f33f97b762a6d318cfb5d3e

SHA256
0c298633ef45b4570d25818f89cd023d950d80ce930d4bbd47b510980b54b4d1

SHA512
b6c5722d5754a75f50493df88527e23398bbccbbf91dd7428a6ab65a464a8480e781de0ad80b694bef6a9bbfd70c7c566d1f8161c92efc8f94c5b2605d61dc94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1978919f3d8f0a2b1f951e2405b85201

SHA1
8879d1eca59c6bb5f47c4f6433b0629fc14adae2

SHA256
1c0c7f10949530ca15d1d5029f31e208307f4d0cc0b298218618a29cbf2191d1

SHA512
0ec4f1dc63461b87159fe808fda0757a28b280f4e2708866956219fd43f568bc9583efd06aed656850e3c4608b15074c547f738c444802940372f25c62c79ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
30f6f2c65e6b9aa3e5eae6f5fb98f5b8

SHA1
d8aefd3074471e7cf55d82af29462e633f2be06a

SHA256
7d9754cb750e6df93d71a7196e15129abc178467e7765679710c506d77683a96

SHA512
d82256f7bc62367bb759a16a96a96e974fb54065f260890fe93341aaee150b8dd95f9244c9b550801cfe3ab1636f76fbe082493d4cb65a74b462e5eb61e5af0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
f6f84399cd7638f79feef1dd695851c6

SHA1
f2ac0575e887c1576931105c1e2f82f9485b6c6a

SHA256
8db0b57c3c2df946b67bbda1e7db74fff411063f023599793ceb14deaf8f6e23

SHA512
52aa47c429315aabc116be0dc7944f1758ab20d86bfc96399f89c0c3290d6122d00bbc149918f7dec9b2df067526ee39d66be9188ecdbd54d5a52812c7705194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c1a5.TMP

Filesize
535B

MD5
6ecb591f7a665278d9707da042c2ec95

SHA1
ca4490c33be478c8bb26c8ac308efeb21ce80097

SHA256
084ef82de4f1f783467d6879860cff976de6e69e59c81027d8564580af7deecd

SHA512
1867dffbf80ed436f97de140d27d58b99dd310d80f9845bb17fd837b414175e89507336b36a82088a6ae4aa23aa45ffdbfc46e40df04147a40f39718baabcce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e719c1f8814989047e7b38e45d53096

SHA1
ac2e9049727296b41f9634bed6b34bff8ae10657

SHA256
e4490f8ce49a600a55a1e6026497a3d5d13fb8b7cabd48c12e88460f7c1926d4

SHA512
1b0369ca9f9120f74a595952e10957331e3ba7d44ddf283e090a03c4dd283e7bcb2c4ebfd43687e2400923e38df4fee283db04dca9347353c299455060620913

Download Submit