hxxps://usacsacademic[.]com/tournaments[.]php

Analysis

max time kernel
204s
max time network
210s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18-01-2025 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://usacsacademic.com/tournaments.php

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d8f7ade8-dc51-4e6a-bbba-e1da6a9d6140.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250118195019.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4220	msedge.exe
4220	msedge.exe
2344	identity_helper.exe
2344	identity_helper.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 5112	4220	msedge.exe	83
PID 4220 wrote to memory of 5112	4220	msedge.exe	83
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4884	4220	msedge.exe	85
PID 4220 wrote to memory of 4056	4220	msedge.exe	86
PID 4220 wrote to memory of 4056	4220	msedge.exe	86
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87
PID 4220 wrote to memory of 2696	4220	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://usacsacademic.com/tournaments.php
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb308046f8,0x7ffb30804708,0x7ffb30804718
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14765057547667753263,5543099940447277315,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,14765057547667753263,5543099940447277315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,14765057547667753263,5543099940447277315,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14765057547667753263,5543099940447277315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14765057547667753263,5543099940447277315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14765057547667753263,5543099940447277315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4052
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff649f15460,0x7ff649f15470,0x7ff649f15480
    3⤵
    PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14765057547667753263,5543099940447277315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14765057547667753263,5543099940447277315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14765057547667753263,5543099940447277315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14765057547667753263,5543099940447277315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14765057547667753263,5543099940447277315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14765057547667753263,5543099940447277315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14765057547667753263,5543099940447277315,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ef0e81b130f8dcf42e80097a75e5d04d

SHA1
d8694b7c5fba1ee2e73e69dd7790ca5b1cb882db

SHA256
fc53158d948d1742e3f960124f9fdb138eaa4aa711d0f43833fa893247de4918

SHA512
c85df1696537dfce601de46183b1b22d7f0007b0f695f1904bbd1a6e429d7787c3d6199bcecdb21936d811b35eeca57a9800bcd3a3b585569aabeb0b5b497efd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c58ccb4da696442ae40d3db9e4b41c3f

SHA1
e27933a94d57f04c75b8bff25ad7012171917f87

SHA256
d0d75be801bf0c5f715665c73214bfa38fd714dd9ee846de410855d96dd75931

SHA512
82a7cd39758d67f1d177ce7f46a5ee560eb60207ca7ca1e39b9a08a269ed140532bf1ec85899a033a54d20a0d59592d1cd5f5d35f71da98f6b6e35cd904e1872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
234KB

MD5
b103aa0b92365c317afc58726b4c6e0b

SHA1
d116c8d92a9120528e9b924bd4052e4574fe00af

SHA256
02c91db2ae55cfbac36dedf57da05364f8455f1d45f218ee76adbb6299a5b367

SHA512
0520e44ca902cd1e9da95e935c3e4885d3cee0c528b5d9e76512bf6a2222707a0bb2e120d3018359a6899899c19dc771dcba45a62f97264ce259fd655cb0d936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
7000407c991fa9864427f0356b4c33bd

SHA1
ae764656a073f54480ca2186d519a8bb4c66dcba

SHA256
49db80de48309fc206044b77459e9dbca13104999d84cb3868f9ea3c13c01aa2

SHA512
756aba6ec8f5afceb93230bfd4d922be933af26769dc6d588ed2d682d46ef4ae44e93a6197088e932474bf9ace87230cade60d5004c873fa586226b214b6f9f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
ef9557bee7ad63986363f90b5c056634

SHA1
bb86c810b5ef28ff0043bc2e7df78733fd694f67

SHA256
7a446787fe2177d733c40ebf2c5961ad53b18d5ba5510eaa663889206c87c947

SHA512
894ea71d29bc133cff172254f8c6366d3810d344697e9d8269287e4c54422ab6f1e5d04372db8cfb40f0dad49a37b61b12c2763b64efb79ae75cded47ea993dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
062fe67682fc939ee7825c36ba269eb7

SHA1
ccc5da717366a68ccf1b15d7916a7f0f0924d98c

SHA256
d85df7eada476194efe51a63b5280f643acd7437ac7c2765cefbe05c8a6a05d4

SHA512
aa495f10fdb268f7d01b100305a9731ad77f3e1ff6589d6dc681bb1f4510c2fc42a64a37856bddf805868935077a2cb825f7be28e06c472705b69a1d2402dcdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c2f783d13f1f546f5dbc3d9644e8bf13

SHA1
02ffb3a3131da7c8e34e184e1ccd3f7f1ceb3007

SHA256
12d9f4dde3db278cb92bda020b626d193103822326b0bcdba0c82e04b44aacbd

SHA512
0b8bf3ae4981b25bfb4cadf98db9a499413ff9ecddae423ea7dfa6ae661de0d7c003caeb1b59a6835837d004d6d1658307c5b8378c87afac2e74720eec32f31c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5863c6.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2cc4cc29b5b9539dd50e0e6ce24543d

SHA1
f9749842cd4c0b9ff23c5417a7e675c0509ed8ed

SHA256
97ca2c742af90127ca0652eb3cc4295e97506577fbda154f81ebcd1106b5b440

SHA512
8e3beacc2789f5c544214ec09b64ca9fbf2232db092bd705f1b42fe5484e54248e4f450d650c4ebf8b1e6596bd35fc23785e636c674b96caaef9285df7962da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
23c1170b136182d1c0142968ca6a1640

SHA1
9f3e2090a2c6a7d07d3ccd6e2642b43241fb9821

SHA256
b7bed781e758e3d19da042d38fd9fbe0447d01ace730378c4babff141cc5603e

SHA512
a5d6e1cd389916d78ae1cb01d3e848b5a270136d247d79ebe921d703b46e4a2bf85432ca64a0fb6fc302b04bec574286c9a11d4ca20c76db081287cf5295e800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0118caf01324d0e8b38433bc02a58f81

SHA1
a8b74e1b9e80824e591bed75d7b399cde44ecd58

SHA256
9a7f49ec159dbdccedad9103af6a8570bd9e5255d7db8debda8a7b1ddead11a4

SHA512
c6b2549ec0549a45f08a1dd48ec05acbd747a072c1d68b38821394135867b31971526e7b1c6bc2f374494c086791d7c8186193a1466995776975fa3cdf21846c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a18e33a424007376b810134dde07fec6

SHA1
3acbb4070e7fab6fea0f6c618aeca0964e39f7f8

SHA256
12852fe3bc04c3a3f6cdb76d7fa37cf0d7f91ffe801c70caf5ee4f5bb34e2821

SHA512
3a08afee6762546ba967965d72b90a0e0ed2a45bee0e195696c92f511c4b92634acdb669e6320359cb436e809c9672c0371042990aaf26b90da06da523ce6b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
62aee047a3c6cf2fec2a29a34157633b

SHA1
51b6eed704d65a62d8793ea18885d12aa39a5cf2

SHA256
342e67b65a4070bbd6e7c2fbf75c98e727d9db45fa071181cae0f5eade726ddf

SHA512
21ee4907a0dcf077f9233542462b8bfd01d976dc1fe4a7b7c4ad70d691e7b9101bddcc292e13fc83a22f56355aa5b93949ac124c84da1f43a80851bf313d895e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c894b680c3393f3549f3b1b031a92737

SHA1
9bf22b777d9af2f7294263907f53845bcbf987a6

SHA256
f2e431d444550ca8c524d7fd354045f3f010a2f2cfa2cbe02ae585cdbaf4fdee

SHA512
b8aa937fd33bb473c9cc492a78a0d8a451e4562d6532b29317e1a44748d9e6db444e76432eff87a658032216d143dad67515f65acbaaf1cc9efb4967f3eb37fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c28b5b14828604627ad4b3286450d8b7

SHA1
71a276eb659e69629a41a4dbe0671979e66db1db

SHA256
5c529eb83c5e4cd4918783d0b97856353d2ef3fc3d978be27e668c393467e5bc

SHA512
11faf4f201dee0a693287076cc4d8b517f2ead41d2339e3b6b4cbc6212724bad5a1dead4ca4b7e6b41611c2d8feb43902c9cbb6d559ba182a9f6ca7f2b874570

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
29ead6cd938d14348a3267288d23c11f

SHA1
76414fae5343b0db60b841cf6164076b7980eb06

SHA256
ae9f4199de8aa0baa07cced599dc625ab29af90ef98a3bd6016ad05be55a6a50

SHA512
dc37b480cb21cdae1196bfa518aad423486e8bd5e8ab2d4260287b663005c73fa9bdb6da49f41d3c35f6da2d2e581c85d9d68643cae352d9357a468cdcf0f26b

Download Submit