dd95ff1cd98b08e9c099e668053ce125c5feed1820d8e1b1f03b422010417b00

Analysis

max time kernel
134s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
08-02-2025 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Uninstall.exe
Size

44KB
MD5

83cac9da65204dca68d957c5731a7059
SHA1

0291f20c8144494e9eb06b818bed447afee91f09
SHA256

9704a03d01c430189525b18b519d77337e230ccd09ca37d2ee1a25a38f5cec0f
SHA512

4be4fc5cfd21ba4affff87ca1698ba63a62a2d899538ba6034e71a2451d63f545b4e29f8fd5875e0339f97eca360b46fac85d7ca26c7e37a8ea4b3ca65457673
SSDEEP

768:2QSYaefDRwYxmDTR9RAdJF4cZqF86eWkJ6ls5PyXbNOEF5M8awPPw:jjae1wYxmBBoskJt5REF5M8awPPw

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
77	2932	Process not Found

Deletes itself 1 IoCs

pid	Process
2912	Au_.exe

Executes dropped EXE 1 IoCs

pid	Process
2912	Au_.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Uninstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Au_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4532	MicrosoftEdgeUpdate.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral20/files/0x0007000000023e25-5.dat	nsis_installer_1

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
4780	msedge.exe
4780	msedge.exe
2548	identity_helper.exe
2548	identity_helper.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2912	2740	Uninstall.exe	90
PID 2740 wrote to memory of 2912	2740	Uninstall.exe	90
PID 2740 wrote to memory of 2912	2740	Uninstall.exe	90
PID 2912 wrote to memory of 4780	2912	Au_.exe	92
PID 2912 wrote to memory of 4780	2912	Au_.exe	92
PID 4780 wrote to memory of 2940	4780	msedge.exe	93
PID 4780 wrote to memory of 2940	4780	msedge.exe	93
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 4080	4780	msedge.exe	95
PID 4780 wrote to memory of 4080	4780	msedge.exe	95
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ardamax.com/keylogger/uninstall.html
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff319a46f8,0x7fff319a4708,0x7fff319a4718
      4⤵
      PID:2940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
      4⤵
      PID:1476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
      4⤵
      PID:4304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
      4⤵
      PID:2444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
      4⤵
      PID:4712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
      4⤵
      PID:4600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
      4⤵
      PID:904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
      4⤵
      PID:4180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
      4⤵
      PID:800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
      4⤵
      PID:1464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
      4⤵
      PID:1432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzEyN0E2MzktQzAyMS00NkY0LUJCODgtMEM0RDlBNTI4OTk0fSIgdXNlcmlkPSJ7MEJEMjQ3RUEtMEUxRi00NUQ5LTkzN0ItODJBNzY4MjlCMjNDfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7REE0QUE0MkUtQkY4RC00NEFELUI1NzktRTI5NzRDRjRCQ0IxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU4NjAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODIxNjMwOTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Mjg4NzM5ODY0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff4d54b3aadb5200432594708f095e82

SHA1
c30bc1677a50697ada032b1be526b0df6952daf1

SHA256
f63398b148e870edbfe75f8a7d717a64c87b8a05f35ae577d39d157744bfc78f

SHA512
bcb34a847f9b1c2c4347008a8208def98a07bf55d6c11cf6e0b237df1e5f7f5f3a7a58c3b7d0efb1c99ca8f2fc41c6fe776a8fe205840f9f212bfcde67e3f8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f27aebac6cf2154266da570473c0bab7

SHA1
088feed439d7d1bf0962a0d7973a00808632d9b1

SHA256
d11ca93fd8845403bb3deeb8333637cde2f52ca868dc78d3e36a3bcd10ae6e40

SHA512
e56f8e3aefbaab4e792cd989f28b9e5ba069c432a98ab039829a278cd930dd550ee2f1e9d3f45307eeb67a56eb7858d1281afdafebcaf6833ba8bf1b3d6b0753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\34ba4e0b-dc68-4793-acab-bbfbf1fc2453.tmp

Filesize
6KB

MD5
1b46488591ee3f233834574b9afec61d

SHA1
fe77088fd28147d49335dacec738003c7b261480

SHA256
ec84ca647611ff6caef53ee791d742efd12dc942a7f8f3f1c8ee27944615b9a5

SHA512
93d05f8ab2194077fa3199d4d8355107f5ef1a77153be05d7f0a7a6b11cf39abc3bbca931b516fa991858466135c3e43e78b739bafad8ddbd1084587eb01cf1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1f1e09a5f2c23c4e7e0532c1b8ad862e

SHA1
41b52d37cb6990c07af22c60a4782ef7e0f2fccd

SHA256
0159b13f84d5c471adff5af901332f3d8dadaba080e4a23a356c862380d10d2a

SHA512
33add709347685df0f977945adc2c06113fd6b68fa7ad2337b249446bcf7785ca9203e3edd3266269da35029084698a444c7152ba1551182b64119311d8c0ffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
838B

MD5
7ae30383252a98ccbce9d3a230e8215a

SHA1
5077fed5df4e457dcfbd97f33429b74ec9e0ea33

SHA256
2f908647466f3f8373143f7ee626f33372ab830739cac2b48514f54795c97b9a

SHA512
ba5de183f3e417bc16b0e2bde15dad0dc3acc8cb7d3d1b36a1f17925e50fa9b362939793092144310c352f5541b733b03a4918af2e28995ff11172162c0cc57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9a5f683694a60b3ff1c199f913cfab7

SHA1
7aac752c5221b358da9f172bc7d7b2928d677448

SHA256
68e25f41e17fa6dd7d14f4ddf8dfdde1507cb8d3a82945ba8c2fad0298d0da99

SHA512
bf92d43a50f7a958db7d04a9adc3d4a7045c60ba3ca6a2b08d79ceb10a8340f9e3126d46b05481f2d8c2fc0b66bee8753b3cec9f3962ee56e06e580f9a19507b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c05ec11b5672e732444a4f7fdfd889e

SHA1
4ec224846170e57d0cecbb8a06857f4b672f723a

SHA256
d68a16a6c79d708a169c8e699565fe65d19cf8300f86c30bdea9af88495bc079

SHA512
99c050bbf14c41f21f13c3e520e05f2c72f5bb2f4192a92e65bb87cce2f8ed44534cb671e6f311d85146bd1f86763246cd8d9e93ca6bba22b655db718ea63e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f934baa0c47c876b6090f76314895d05

SHA1
782310caecd56d85f41d5c339e67b46d05332530

SHA256
80442f6b0dc72a1e1d1d22ced56570c5503c50016caedf846554669826b24fdb

SHA512
f68bb4cd504da65d57caf8ee6797dd21c435fb8e3092933e81d0dd3507dc0e227d0cfc9fcceea68ba248c6e70a38f2732138c162ed0b81b46c96df2f5cb4fedc

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
44KB

MD5
83cac9da65204dca68d957c5731a7059

SHA1
0291f20c8144494e9eb06b818bed447afee91f09

SHA256
9704a03d01c430189525b18b519d77337e230ccd09ca37d2ee1a25a38f5cec0f

SHA512
4be4fc5cfd21ba4affff87ca1698ba63a62a2d899538ba6034e71a2451d63f545b4e29f8fd5875e0339f97eca360b46fac85d7ca26c7e37a8ea4b3ca65457673

Download Submit