259ee4c394d7e504667bcf35cefc42b5758f377612c21facdb05f823e95d328b

Analysis

max time kernel
138s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

259ee4c394d7e504667bcf35cefc42b5758f377612c21facdb05f823e95d328b.exe
Size

1.3MB
MD5

a8b6c17b28cd0e165938cf5c5733457f
SHA1

4784d659572d665130e11f1a5cc50c656c49a8db
SHA256

259ee4c394d7e504667bcf35cefc42b5758f377612c21facdb05f823e95d328b
SHA512

0b9c2bff9f455903d9fefab9b417348dd7648a9f3d95ee3b713cfbd36dfb2ec8a8d4eba27b120d6d3708b88addd65a05fe134f337bd2e74bc9c0c4af030793ac
SSDEEP

24576:nCwvrnrFzp25uycTQWlMXcx5362MTJDUJ4RxzM478dgvpKc3Lafl8/TzIE15gnE9:7bxp4uS+53ifRV7/1bKlOMgaU

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: B3902DB45388D9620A490D4C@AdobeOrg
phishing
A potential corporate email address has been identified in the URL: helix-rum-js@^2
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	259ee4c394d7e504667bcf35cefc42b5758f377612c21facdb05f823e95d328b.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3832	msedge.exe
3832	msedge.exe
456	identity_helper.exe
456	identity_helper.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 668 wrote to memory of 3832	668	259ee4c394d7e504667bcf35cefc42b5758f377612c21facdb05f823e95d328b.exe	84
PID 668 wrote to memory of 3832	668	259ee4c394d7e504667bcf35cefc42b5758f377612c21facdb05f823e95d328b.exe	84
PID 3832 wrote to memory of 3624	3832	msedge.exe	85
PID 3832 wrote to memory of 3624	3832	msedge.exe	85
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3404	3832	msedge.exe	86
PID 3832 wrote to memory of 3796	3832	msedge.exe	87
PID 3832 wrote to memory of 3796	3832	msedge.exe	87
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88
PID 3832 wrote to memory of 2364	3832	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\259ee4c394d7e504667bcf35cefc42b5758f377612c21facdb05f823e95d328b.exe
"C:\Users\Admin\AppData\Local\Temp\259ee4c394d7e504667bcf35cefc42b5758f377612c21facdb05f823e95d328b.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ni.com/rteFinder?dest=lvrte&version=22.3&platform=Win7_32&lang=en
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafde046f8,0x7ffafde04708,0x7ffafde04718
    3⤵
    PID:3624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
    3⤵
    PID:3404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
    3⤵
    PID:2364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:1944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:3944
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
    3⤵
    PID:2480
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
    3⤵
    PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
    3⤵
    PID:4952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
    3⤵
    PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
    3⤵
    PID:944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
    3⤵
    PID:2444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
    3⤵
    PID:4980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
    3⤵
    PID:5016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5960 /prefetch:8
    3⤵
    PID:3400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15500619547134556050,4714597551958654629,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1996

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x4e8
1⤵
PID:452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
bb417aa6c25570d90d7e05a43d3dc642

SHA1
d42372aa1acfc36960ec7c1b0090568612a5eedf

SHA256
91250ce138ab0451dcebd8943e5eb7f9baf39a90a8c3ae84312bdba6a8e81ad5

SHA512
dd713824bcd1e13dcf9cf5b4ad19ca7cee2ac0155e9e5c4789ad44f9b2b8835ebb8e2edfff43d62eaa7af92098e430f3ee9987748a3bb1ccb746cca8e049b0b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1b45dfec3332dbcaab9d561379dc7e02

SHA1
bb3627678baa4089689102241be6a370059aa58d

SHA256
cc8d22f1ba0f19a53d7445d137c841afef3bcf21e32a5137dc65f7c73effd53d

SHA512
0ec030a2d97db3e7641f1067030dc19fc86213a47b00fc7c2b167b164c693d45a2c27411f8934809872b6eec3c80aecc2569b5aa973d4c382ce7f3c6a9759dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
145dc678ffb68b27d9f616277047e790

SHA1
4e7635979e62047dc3cfee022bcfa0e2ab616f59

SHA256
f0cb52719a4a3435c2ac3a14e7f3344d0e6f32616707f6338af6c3c4ec80d833

SHA512
1636a4fa00cb33eddfd9001eca2985b72c2d38fca1c9b3fed4e88f5b98eefd3d61872bb11377109c11c2ed9388ec2ff696039b7ce073b82742ad51d8bcc18a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b1c1c22736caca35d99a7a9c4cb145b6

SHA1
cef1c45f2ab4a2cd726b8a18f523b7706a3baca2

SHA256
77c70558a9acae110448b196341d6a9b0a47331dbf8ed50874fd812f12181d1e

SHA512
a364e3b70ccc5d20656c325f461f93b5db9c706ac79ec0352772c7ec8c53f44c1ec406503ddf90c33b6600147789264664b0ae2b1f520beffbd5628f790e7bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c5c18ba83fa80351b6ac500860530f99

SHA1
c54c10bda402c06385cd18fcc3dc190170cd5ad7

SHA256
e6ef7d64148f7c371675adfb1cbddd144ecf94d4794e0968b8b821ca77361e17

SHA512
875c8e63ebe6cd857788b470da732aa3c2fbe32f837473d675039f57c9073f6f2934e43cc1301d69a7cf79fe849757763f7548feeaf24712c1255b98ae94d7ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
27b3c49c076bb427aec99fc7cca3e997

SHA1
6645d7f20ebb1e1eb45d4cc52ee10ee4130d65d0

SHA256
b86f1bf0538dd06417978dcc69b3f0cfeca8e714aa72fd0e7adfb7b2e0a412bd

SHA512
9b490584cb3eca1c97dac89131eb65144f58dd45db81625581c2a8d48c86d0fc8133590a4d2eaa6847ae380f0d9da86060f909f3ce3b826c27c276a65a28c367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c717ab7a5fea0252990bf85382524229

SHA1
60fcea166b9f84772fccffe034c41e2ffa3e1ca1

SHA256
b9a534b7bd2d296f7f57730b79a3e395fde00803fb20181fe7151c6e83e65fcd

SHA512
09cfe18545a6f76d9464f4fd012d847ae47708de19f40620c0bac7a8dcb087e39a93ac9a097c95d66a281076d6631f5b25d31053ca0137a3bd3dc07f424da3dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ec73.TMP

Filesize
2KB

MD5
2b7f6ede7dec4106f939959c4d9fd5a1

SHA1
46ac87795fdab442fa75b4010ce81712ecbde6b1

SHA256
6ab2cde7d677f97d9b68efc79fc16b2875d6e2c7e8de2c79dadd77802fe0fe00

SHA512
bbcb56817501bd2567389cc585a62459b1f493a06347fedbb6f4ffda6b0043c09ab5dae4d6873f9abadba2c6c7554be4efe769453bc3da8d41de5f394fc123d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a3edb75190d83a4635411023a3a4db0d

SHA1
8b80c1a9b8b36ee12623cc93607db633a07dec70

SHA256
7cbe388b9ea3783e7f1268494eb1f43614bc764b42dcbbfd9c0c67d31ec83dd0

SHA512
40f52a062d46451045685f99e7a97f2735060bb9d4064f481740dd29088d197c56c8ed6ca8019ba5b67fffbcef70123651bf63459a03c71782928cb9a6b12ca9

Download Submit