hxxps://cdn[.]discordapp[.]com/attachments/1300886873148756050/1300960864043663533/winws[.]exe?ex=6722bdb8&is=67216c38&hm=6421a3d612c9b6c41279c7a97310aba4b86dbc69dc16a3bc8027d28cde7073e8&

Analysis

max time kernel
300s
max time network
276s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
29/10/2024, 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1300886873148756050/1300960864043663533/winws.exe?ex=6722bdb8&is=67216c38&hm=6421a3d612c9b6c41279c7a97310aba4b86dbc69dc16a3bc8027d28cde7073e8&

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\b6920f25-c4f1-4ad4-9c9a-3a326d2f199b.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241029231435.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 971273.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4224	msedge.exe
4224	msedge.exe
3728	msedge.exe
3728	msedge.exe
2408	identity_helper.exe
2408	identity_helper.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3728 wrote to memory of 3508	3728	msedge.exe	80
PID 3728 wrote to memory of 3508	3728	msedge.exe	80
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4452	3728	msedge.exe	82
PID 3728 wrote to memory of 4224	3728	msedge.exe	83
PID 3728 wrote to memory of 4224	3728	msedge.exe	83
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84
PID 3728 wrote to memory of 3064	3728	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cdn.discordapp.com/attachments/1300886873148756050/1300960864043663533/winws.exe?ex=6722bdb8&is=67216c38&hm=6421a3d612c9b6c41279c7a97310aba4b86dbc69dc16a3bc8027d28cde7073e8&
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffaf3bd46f8,0x7ffaf3bd4708,0x7ffaf3bd4718
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2544
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7c68c5460,0x7ff7c68c5470,0x7ff7c68c5480
    3⤵
    PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2061637434713845011,3356925124461889356,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5fffb9ed7c2c7454da60348607ac641

SHA1
8d1e01517d1f0532f0871025a38d78f4520b8ebc

SHA256
c8dddfb100f2783ecbb92cec7f878b30d6015c2844296142e710fb9e10cc7c73

SHA512
9182a7b31363398393df0e9db6c9e16a14209630cb256e16ccbe41a908b80aa362fc1a736bdfa94d3b74c3db636dc51b717fc31d33a9fa26c3889dec6c0076a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
32d05d01d96358f7d334df6dab8b12ed

SHA1
7b371e4797603b195a34721bb21f0e7f1e2929da

SHA256
287349738fb9020d95f6468fa4a98684685d0195ee5e63e717e4b09aa99b402e

SHA512
e7f73b1af7c7512899728708b890acd25d4c68e971f84d2d5bc24305f972778d8bced6a3c7e3d9f977cf2fc82e0d9e3746a6ccb0f9668a709ac8a4db290c551c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58c5cc.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8f8cc4b5d1eabaf4f0ce1acc3da601a0

SHA1
c61028a62b05cf4e3305a026dd1bae484903d7b9

SHA256
2fbb827cdfaa365580e03d5ddf69dd7bcfc1f495dd0b913c24612820a0f3d0b5

SHA512
b70c3a1d10ff27fd6607edf4331a876eedf40babfa4f8dc65c052bf6e0f7059f2c0812a363df00390048c98ad394f66609b8dbeb92adf39a74dad4f222875748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0ab53788d9c2d47037c11f28b765b158

SHA1
421de8839c406115bb132c8363928a89cf508460

SHA256
5500d85f6eebbe5f6e7b0777570b812517094f9e353d813657122386cc649652

SHA512
8101f4e06880cfdae81c59308370932ba25d73bb8b93b77480d7225ddc9a74f02c0bd33d1a192d203ec9967c32cbe61bde67626edfb0e9dec2976e68fb1c5f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2389dc01265f87a73969af59d17b71b6

SHA1
ab5dd306be0c79b417a74d3bda0af7b4abe6fefc

SHA256
bb939d7a90e7c911ed7e2206f4d55cbf5e2a7a247929509729959234c0689c3c

SHA512
a4af1b7041808ffbd53a90db3201fe63cfbcd45c4dae01f4f26044d27ae001f09ddb8a64bfbc65851328fae6c191c9b8b7b4feb4e8c0dce3d64f1d7d31999adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6e466bd18b7f6077ca9f1d3c125ac5c2

SHA1
32a4a64e853f294d98170b86bbace9669b58dfb8

SHA256
74fc4f126c0a55211be97a17dc55a73113008a6f27d0fc78b2b47234c0389ddc

SHA512
9bd77ee253ce4d2971a4b07ed892526ed20ff18a501c6ba2a180c92be62e4a56d4bbf20ba3fc4fbf9cf6ce68b3817cb67013ad5f30211c5af44c1e98608cb9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ac2b76299740efc6ea9da792f8863779

SHA1
06ad901d98134e52218f6714075d5d76418aa7f5

SHA256
cc35a810ed39033fa4f586141116e74e066e9c0c3a8c8a862e8949e3309f9199

SHA512
eec3c24ce665f00cd28a2b60eb496a685ca0042c484c1becee89c33c6b0c93d901686dc0142d3c490d349d8b967ecbbd2f45d26c64052fb41aad349100bd8f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
43c794880995ad4c2dbb37d294b3c87a

SHA1
be664f385ce3b205834a65136555aefb6ffb2949

SHA256
868d53a560257dac903aeff088b06fbeb2b22841726a443951a4be63aca297f2

SHA512
bdd1004fc0a8121a915f6a290f8725a6638d1bfd8d2f49f6bf67c3a91dabc94c59f8d964ee30e6ee7b9149bcbe4621dcef71e1b834dd579e0c3775fb58039146

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
eb3b2b59837c76bb3bf46881e4e50cc7

SHA1
0ea7e9a198637622e7bd845b9242073b34d9f36f

SHA256
40756dc6cf4088ad3cbdc68846b69a5078c2d16bbe3da1060c561c8009a44511

SHA512
268cc881621c596c10d1faa0ff28fe88b3e82268945b515090f15bed40a107a6aef0119a25767c840db971d3d0f9ab72f2f7e17e2d0be19df3f0b54ecd1d1e2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ee921ed8ad2b429b22ebccebd05efc13

SHA1
33e8b806366b7e668049c5256f5676ddd63b6d91

SHA256
b3a09ef71416fe0430e1d63586620be367aec4b62e03cda4a1ed92a7907d8493

SHA512
5542e373fabf3a7cfe7b8d2ca3f006b4cb997cfad2cdf71fb1d9733ed58a1e8f3b0e5f9df4fde8465b18cdbde5a8269f696c9dfb4b506abf8fcbfeb31db69beb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 971273.crdownload

Filesize
113KB

MD5
7cf417d06a24c1ade73ec6d8ae589077

SHA1
128516790f9c6d8ac1d33a9f1f2b854162d94942

SHA256
270723a06c0f917204923693f09cc0d6cd2cc9cefd59fc051cfbf920d26f17d8

SHA512
3f5615b04489cfc755e19efc30fe619026dfacd250bb1c1677e1c55ceb6f69a80d0f05760c157696985e1090c34e8e403b453e5680fb981f274bdd66e2fcb5bb

Download Submit