32bcbf0329ecf3381ef055a18c8769899a306ec69eaadf7a0985a4fe096ca8e7

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-10-2024 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32bcbf0329ecf3381ef055a18c8769899a306ec69eaadf7a0985a4fe096ca8e7N.exe
Size

23KB
MD5

58b264ab60c3c85a15ead3ce83106f40
SHA1

27d86f74cf9d2b6d43753337641ba59f5fa6be97
SHA256

32bcbf0329ecf3381ef055a18c8769899a306ec69eaadf7a0985a4fe096ca8e7
SHA512

b5c43290279fd9dce7c30525483cba71f0d8c075e074fe26613231ff91f6a27d15bf0eda21893cde9b9472070a9578dc5f9351abf5d440d46d78e41bc5efd044
SSDEEP

384:soWtkEwn65rgjAsGiYk55D16xgXaOHbZ6mRvR6JZlbw8hqIusZzZ6/y+:b7O89YSFRpcnub6+

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	32bcbf0329ecf3381ef055a18c8769899a306ec69eaadf7a0985a4fe096ca8e7N.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
3240	msedge.exe
3240	msedge.exe
4352	identity_helper.exe
4352	identity_helper.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 3240	1236	32bcbf0329ecf3381ef055a18c8769899a306ec69eaadf7a0985a4fe096ca8e7N.exe	92
PID 1236 wrote to memory of 3240	1236	32bcbf0329ecf3381ef055a18c8769899a306ec69eaadf7a0985a4fe096ca8e7N.exe	92
PID 3240 wrote to memory of 1056	3240	msedge.exe	93
PID 3240 wrote to memory of 1056	3240	msedge.exe	93
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 2680	3240	msedge.exe	94
PID 3240 wrote to memory of 4300	3240	msedge.exe	95
PID 3240 wrote to memory of 4300	3240	msedge.exe	95
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96
PID 3240 wrote to memory of 4468	3240	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\32bcbf0329ecf3381ef055a18c8769899a306ec69eaadf7a0985a4fe096ca8e7N.exe
"C:\Users\Admin\AppData\Local\Temp\32bcbf0329ecf3381ef055a18c8769899a306ec69eaadf7a0985a4fe096ca8e7N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=32bcbf0329ecf3381ef055a18c8769899a306ec69eaadf7a0985a4fe096ca8e7N.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa246246f8,0x7ffa24624708,0x7ffa24624718
    3⤵
    PID:1056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
    3⤵
    PID:2680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
    3⤵
    PID:4468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:4960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:3776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
    3⤵
    PID:1480
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
    3⤵
    PID:100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
    3⤵
    PID:848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
    3⤵
    PID:3116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
    3⤵
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
    3⤵
    PID:1052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
    3⤵
    PID:4152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7170939295780043659,7414544639455797962,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2760 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=32bcbf0329ecf3381ef055a18c8769899a306ec69eaadf7a0985a4fe096ca8e7N.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:1836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa246246f8,0x7ffa24624708,0x7ffa24624718
    3⤵
    PID:3212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
6ed1315fca496d272f53c7064e763ae9

SHA1
7bb93d29d960fab38adb320f477a126759004e49

SHA256
1454d2cb34391f7bf68842f8e9ed66914df52e5afa744dc283065bde3da3dc32

SHA512
1a5aa3df041107b1dba50a692e9d73bdb2e7462af296f09249ece0e78780da12eebee2dd99bd7b637fccf1ac188688f110aece12d07d2935ba45cdab529de1ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef986a32112d345dbe0e54cf8238215e

SHA1
1a751be01a3eb9ca8c5fba4a4d32acb02b7fd64e

SHA256
870ca7a13b9e555a54cc1c30c0a14b1424fe3069dd8704cfc3ab2b951accfde1

SHA512
12522cef9098566d30b9ca1e9bbe1e8ba23933d06ba6090ea164e5c6ed5b0d353be51f1d5e778d4293c95d051d6e5fc10346871ba83edbe305c5897aaf87b7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e31c04255c19c64694a6064644d87ef

SHA1
734c7b57483cc039b477a9e539cde62a11d6fcec

SHA256
dd6181d14968813356e4ebe32452c39da0808c197bfd879bf5c0b291cfde8b38

SHA512
dd35086543e68da335f0d8f4f5f0433f1bd1576f188a8e538a157c30effa5e2c8254eb94c17da4786f729be16a9796ca30901bf5626d97ea467cad5a7a5551b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
bb25f4e99fd64d7f6882ab96af47e2c7

SHA1
da899f6bed9fa4de383944e6c0060f80d1ad87e1

SHA256
0eab508680152fc058ddc43c46368d23993f5e5c93b9530e41a178d5a6e96187

SHA512
7ba7a6b0fc5fb50b18461d28bb2a78a666c3b2e5aa628971ab98abb3a4365192c1d810edb871c920952df27294fad50a4b7174fe0b2809bbd4cea5e1d4e84785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581eed.TMP

Filesize
371B

MD5
6dbd64dccc45b3daaa74737538730d93

SHA1
3d0f1a7cbf72fcf6eef92ba7783686ff5c17b6dd

SHA256
79184410a9f67ea9cd9194f95f757c51c49bec08b75ca5d2a7a4c69b50cfa3f4

SHA512
edf50e95069e72a5fc9db37dc070d9e2733a336f96d7f70b50177709b17fe133ffca933ebf1fee5c4967198b5d049a7a0beeed4edd01d6e2b548f105b97352cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fc9bc872-551c-4f37-8ef7-72e23fb6444a.tmp

Filesize
5KB

MD5
30dc876f498f4371db4b37348d73c17e

SHA1
853560dc912ce9b87cc3f23e7db4c37cc58158c8

SHA256
cfecfa9054b5b81903e1914cabae965a53ccc9e342560075882a2ccb5e6db080

SHA512
56efad89f685b6f8d16d5e62ce6a50b75286df6418382af793d556b8ce1db3640cd01c3dbb557459adca6284f61abc17f783c368d9069235d1a22e3f6bd4b219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
263e020c0027dbd24956bc10db3c497b

SHA1
e3336fc232706044bacc2f523d1a86d1f089bc34

SHA256
5dc4c4e7fb610df17cf1097f6d8fc71d5891fbfd4d259f22d355665b624a3d0d

SHA512
78af2198380df1eaaac0d82833f37af6920fed9874aa48dc6c382728f9900a08923fd75cb38b9741486df5c8e6d174cfe790de0b32892dad1234c31ff8299f1e

Download Submit