53e135d7af8ed00e2819b9dd44210d3b9980df8ff2f52652bb27d69cd37c0196

Analysis

max time kernel
122s
max time network
133s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
06-01-2025 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Resources/info/How-To CFF Extension.pdf
Size

267KB
MD5

180313065942d47df7858ade74cee19f
SHA1

0371b23100df3fd5739585473c3718c4bf85e974
SHA256

b085d1cdbcb15b6e8e12eb2b8f34d5e900509470bcfd49ab9565663960e2f38a
SHA512

6764ac65d610b6f7e1f5c622a03752cef606840603285b5c49924f1a3f06c669c43a2d3083f3d823f457554a2205989e3d6b881189e3160a2e1adcbf21dd3996
SSDEEP

6144:cbNke00sOHmmZx9VDwXJSCCCCCCCCCCCCMo6XHTa6aaFa50cZdD6N9S5uLJXe5n2:cRkNOHm0x9eXJSCCCCCCCCCCCCMTW5ed

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\eb3c40ec-90de-465f-b77f-6e525355cefc.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250106192719.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
3076	msedge.exe
3076	msedge.exe
3172	identity_helper.exe
3172	identity_helper.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3076	msedge.exe
3076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 3076	3984	cmd.exe	81
PID 3984 wrote to memory of 3076	3984	cmd.exe	81
PID 3076 wrote to memory of 2848	3076	msedge.exe	83
PID 3076 wrote to memory of 2848	3076	msedge.exe	83
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 5008	3076	msedge.exe	84
PID 3076 wrote to memory of 2176	3076	msedge.exe	85
PID 3076 wrote to memory of 2176	3076	msedge.exe	85
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86
PID 3076 wrote to memory of 4464	3076	msedge.exe	86

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Resources\info\How-To CFF Extension.pdf"
1⤵
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Resources\info\How-To CFF Extension.pdf
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x40,0x130,0x7ffacd7a46f8,0x7ffacd7a4708,0x7ffacd7a4718
    3⤵
    PID:2848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
    3⤵
    PID:5008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
    3⤵
    PID:4464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    PID:3108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:2400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
    3⤵
    PID:2500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5016 /prefetch:6
    3⤵
    PID:4752
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
    3⤵
    PID:3036
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x7ff66ced5460,0x7ff66ced5470,0x7ff66ced5480
      4⤵
      PID:3540
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
    3⤵
    PID:5068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
    3⤵
    PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
    3⤵
    PID:3036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
    3⤵
    PID:864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12972434797983543345,10972072892299713058,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3908 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9fc751d5fa08ca574eba851a781b900

SHA1
963c71087bd9360fa4aa1f12e84128cd26597af4

SHA256
360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb

SHA512
ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d9a93ee5221bd6f61ae818935430ccac

SHA1
f35db7fca9a0204cefc2aef07558802de13f9424

SHA256
a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968

SHA512
b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2fcea909-e3d0-4433-8097-61744de16e2c.tmp

Filesize
4KB

MD5
fe41a6534c3f2a9e00aa8153dfb57c5e

SHA1
96607a8287ee681fb6cac10128949f2643dfe431

SHA256
0d96ec7f2a5c79d13b9207f7ac6ff583c0bc16ea851ffbeba63d7b9f79037379

SHA512
315382f48fc59211065ebf30204d570cd5709adcb11475a6b6f019ecdf8f5e734044af9e836f42dba3b6080802b351cdfb8b4f45eaa0c26d8b2bc831fa245663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8aa7e4b1d710b1feba71b18a00a47ede

SHA1
140b2fae6ccc048310c120f5c3b1ddba0bb5661f

SHA256
5b8d778890a2017d8a8b7758c6f6d59cd7cc450c452fdbcf20f69a1cbfc28bab

SHA512
f5a83d2ff219e1c0e99f11217461900c1f6f77355facc42f67c767ad9f7e7465a8231ea93c04a366d89cb211b11abf35f0fcb059ce9e5c15c7d6429359b665a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d20b8f699f6f376e7918f730c022e28e

SHA1
b03903dffb59d735108999630fb24533353cec8f

SHA256
21a962e1fdf715e9f66b25158436c0ef7276869005b23e808ced04c20ed6cc03

SHA512
2e94f700624a8abf9840e24169d081ffe073d822b9fa3a5fc9172761a4e908fd2125d5b6c671aeb85e610a23c9ed00ba1f9109a7a271e199c269b597db9a4e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f9055ea0f42cb1609ff65d5be99750dc

SHA1
6f3a884d348e9f58271ddb0cdf4ee0e29becadd4

SHA256
1cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348

SHA512
b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d3412a01d4c3df1df43f94ecd14a889a

SHA1
2900a987c87791c4b64d80e9ce8c8bd26b679c2f

SHA256
dd1511db0f7bf3dc835c2588c1fdd1976b6977ad7babe06380c21c63540919be

SHA512
7d216a9db336322310d7a6191ebac7d80fd4fa084413d0474f42b6eff3feb1baf3e1fb24172ea8abcb67d577f4e3aea2bc68fdb112205fc7592a311a18952f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
78a764f89f6610211f407f1bff6f7e63

SHA1
9cad68d40f13ef866839422a041e4156f82ece96

SHA256
6130be7aeefa934f192d1ba702cdf098052585df98d6e9087975ddbbef7af59f

SHA512
2a655e6aa27ee88f09cbafd6e5d8883ae19cc6dadad441215d980f7a24e31f562ebdabcbc71df32c322154d0e17f08d0a0a474c2b889ff445c125642aafc5f6d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4ecbc8d65459e88df691b172fc93107b

SHA1
e93a5497ab7f9194c38c9b022f3b3c7dcdab4ae5

SHA256
dd2322dc5b77bc0fdcbb586001d2cf827f84747778441de37a58bb74f6ef16a8

SHA512
3a9c8cac36cd02bebfb21f2cf37c8c6963d20b6369549565d796ce9e5a1b007dbf4aceb709affa2a4577cd1da9592098541ba42ef970f1cb10683763b7910371

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
439de0dbb0c3f44a55ee17abb1df683c

SHA1
9d07d0eba105ba0e9f0678cfdf889b8aa9b33101

SHA256
a31af3619526c473886f97aea488597a5e065ce27e2e109682a83eceba39a49f

SHA512
760416f57e8aa773a268feb4b19ffabd24f99efeea68115e15d3c1dbc222f2391899277f011cdb601b1f6a5a33ebbfa78debeb7e97e57b8a8b4ad526614e487a

Download Submit