fd5cf4773e02134cc82de1cbe3476855181d1c8dd881a4cbeec5b99eca341f0e

Analysis

max time kernel
146s
max time network
143s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19-11-2024 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

All_Employee_Memo.pdf
Size

41KB
MD5

651ec17c3f52d8ae3476c25d191b2ef8
SHA1

e69e0caba40c838f783eecfdaaa0596fac766120
SHA256

fd5cf4773e02134cc82de1cbe3476855181d1c8dd881a4cbeec5b99eca341f0e
SHA512

98f9c4e4647a3314c5b59803a1adcd5bbab67785364b036d162c8994bf1371e383a443bcebb9e20a57bf398b536e8a5589352df6611816d39a10c232f237a241
SSDEEP

768:ajKzzjgn1+qN5Mm3Ch22pPkk+N6LAH2NrqAYCNqUR7+X6FLKxlUYiDHnUQ6w:ajR1Lzq22lkk+gGsYCUa786FLoFiDHdf

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\47ef49f1-a341-4c43-beb6-72ba9b179bb1.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241119133405.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	Process
2848	msedge.exe
2848	msedge.exe
4436	msedge.exe
4436	msedge.exe
4660	identity_helper.exe
4660	identity_helper.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

msedge.exe

pid	Process
4436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exemsedge.exe

description	pid	Process	procid_target
PID 1564 wrote to memory of 4436	1564	cmd.exe	82
PID 1564 wrote to memory of 4436	1564	cmd.exe	82
PID 4436 wrote to memory of 4520	4436	msedge.exe	84
PID 4436 wrote to memory of 4520	4436	msedge.exe	84
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2072	4436	msedge.exe	85
PID 4436 wrote to memory of 2848	4436	msedge.exe	86
PID 4436 wrote to memory of 2848	4436	msedge.exe	86
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87
PID 4436 wrote to memory of 3064	4436	msedge.exe	87

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\All_Employee_Memo.pdf
1⤵
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\All_Employee_Memo.pdf
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x100,0x134,0x7ffbc6fd46f8,0x7ffbc6fd4708,0x7ffbc6fd4718
    3⤵
    PID:4520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
    3⤵
    PID:2072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2316 /prefetch:8
    3⤵
    PID:3064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
    3⤵
    PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:1376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
    3⤵
    PID:3140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=4928 /prefetch:6
    3⤵
    PID:4672
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
    3⤵
    PID:4572
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:2460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x118,0x13c,0x188,0x254,0x7ff770b65460,0x7ff770b65470,0x7ff770b65480
      4⤵
      PID:4808
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
    3⤵
    PID:840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
    3⤵
    PID:1528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
    3⤵
    PID:60
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
    3⤵
    PID:3164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,2392839075184534735,1892039880084717330,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5268 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9fc751d5fa08ca574eba851a781b900

SHA1
963c71087bd9360fa4aa1f12e84128cd26597af4

SHA256
360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb

SHA512
ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d9a93ee5221bd6f61ae818935430ccac

SHA1
f35db7fca9a0204cefc2aef07558802de13f9424

SHA256
a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968

SHA512
b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e881841c23d3430d5e3c8c2977d5f4fe

SHA1
ee4d396d5d06e3110a60a151c47d274c3cee09e5

SHA256
71bc0b2a061316ae82f45352354b5eda207efd0ca2a251712d030d3552d9c632

SHA512
d9cc872a1951df3e783673a9561346caed69927dd98630986a2f972534ffc18c300f610e35abd0dab15587ad3afa737372c0bbd05c48cfcd72295520e9c9abe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
84f2d72aec30ad4b147b032bb3ae2136

SHA1
1a11b3e84e627c3f9ec807c8e76d2c12d1fcbde0

SHA256
76b8e4c74ae1d528c7547fcec397cbdb02711ac0c60d23e6d1cf8641f6c92c4d

SHA512
70967b55eb95917530b3d64c116813dbe12e9aff17b1255634f11846c3cc65b9ba3e369816ccb5e80627c0a9ce4e6bf1059dbd85db77d2aae4e30ce6d5160dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8fbe344c96c327bd106857acad2c642c

SHA1
817f367cd439a0d51d7e3a8f548a4208edffa2c6

SHA256
0873931a0ee9f2869c3bb36fb17a1a7b990115f3073484c29fd2c4f77d9c3f30

SHA512
fd3ab0c3d484ca7778b4019c25f0f4ec659c76c2efb60c8c1881964e2615458d54437be91bf897a46389c0cf80df58f1fa684d387ed9e20e1ec59611ca922b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f9055ea0f42cb1609ff65d5be99750dc

SHA1
6f3a884d348e9f58271ddb0cdf4ee0e29becadd4

SHA256
1cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348

SHA512
b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d3412a01d4c3df1df43f94ecd14a889a

SHA1
2900a987c87791c4b64d80e9ce8c8bd26b679c2f

SHA256
dd1511db0f7bf3dc835c2588c1fdd1976b6977ad7babe06380c21c63540919be

SHA512
7d216a9db336322310d7a6191ebac7d80fd4fa084413d0474f42b6eff3feb1baf3e1fb24172ea8abcb67d577f4e3aea2bc68fdb112205fc7592a311a18952f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
8d6b81bb9a07979b7435e46de99595bc

SHA1
c87150fb7e62fe99b8c9a0b076a3996e92f8ec06

SHA256
2a6fe7dfa55a197a3ffd66ba88da2ded617cbd42f124ff3cd5903032932d2d00

SHA512
13838db2e3461f4805ac5b4d55d7ebd10f2a4b89f4ed706b336ab597f01cd3d9681bb7023cee250acbcda9e4ed4120ed1284394c2e2ed2440239601188d0c5c4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a112258126c8f1edc0a84ea3b035de92

SHA1
bef439ab71e03829b08f7ba5826321ecc3ee3668

SHA256
8d17e095148bde4ed3a993a3dc4b0c5348556fac7e22cebd8cf8139a4a444613

SHA512
e32913f54a10c94147dd5cb4721617158ad259bfcfb26f5f0b630a83c4a6367f1d7ab7cd5bebe9e83db3d6c90d36962b1deedce030a6d472cd47bf6728a21a38

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
fd18b43aecaa87c43b20ceedab8f149a

SHA1
ddf444e4bb813e3fa4a6e57b55934caa0ca9c050

SHA256
1133dbc5eafe93e3980d6494297a338134db80ae4b65cd804ca812a0da2cb43e

SHA512
ef1d280680e6d4ece9403480b654556b7dd07a81488e47133548ef0604b43e4c300c47d042e9687af5d15cfadb3cafb651d2f262d302369acb0f8421d0276f82

Download Submit
\??\pipe\LOCAL\crashpad_4436_IWLUGOJOAGDUIBPE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit