c067d17947d091cddf12708becbd1391914c2fbb63db19be5cb8146962618ef1

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2023 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1776-272-0x0000000000580000-0x00000000005B0000-memory.exe
Size

192KB
MD5

38c74804d4cdcbf4343f169df2bc9c94
SHA1

e87dcbdbeaeb35d5b4635c11f402c19fd5a32689
SHA256

c067d17947d091cddf12708becbd1391914c2fbb63db19be5cb8146962618ef1
SHA512

ef60e49f18297f270cb3d334bb0325953cb71f6f75f538bf53ee89f308e9464312f9d613bc3f58c14180613a84c2e7bd5be94f1fe8bc49578b948582e357d3e0
SSDEEP

1536:bhbEey6y36sv0W7TDGOIrHuyk7xk2W5/uGxNFVYQffbuclGHQ4N0GkRf8e8h3:blEebE6Cyk9i5/uGxNMS3azNc8e8h3

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\04eba86a-aad9-4814-a040-fe946e9df3d5.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230702020903.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3828	msedge.exe
3828	msedge.exe
4748	identity_helper.exe
4748	identity_helper.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 3828	4352	1776-272-0x0000000000580000-0x00000000005B0000-memory.exe	86
PID 4352 wrote to memory of 3828	4352	1776-272-0x0000000000580000-0x00000000005B0000-memory.exe	86
PID 3828 wrote to memory of 2296	3828	msedge.exe	87
PID 3828 wrote to memory of 2296	3828	msedge.exe	87
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 2324	3828	msedge.exe	88
PID 3828 wrote to memory of 3636	3828	msedge.exe	89
PID 3828 wrote to memory of 3636	3828	msedge.exe	89
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90
PID 3828 wrote to memory of 4692	3828	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\1776-272-0x0000000000580000-0x00000000005B0000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1776-272-0x0000000000580000-0x00000000005B0000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1776-272-0x0000000000580000-0x00000000005B0000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff14ee46f8,0x7fff14ee4708,0x7fff14ee4718
    3⤵
    PID:2296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
    3⤵
    PID:2324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
    3⤵
    PID:4692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
    3⤵
    PID:2024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
    3⤵
    PID:3196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
    3⤵
    PID:392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
    3⤵
    PID:3440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
    3⤵
    PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
    3⤵
    PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
    3⤵
    PID:4124
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
    3⤵
    PID:4532
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6b0845460,0x7ff6b0845470,0x7ff6b0845480
      4⤵
      PID:924
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
    3⤵
    PID:2140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
    3⤵
    PID:2924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17948701864552059822,14081535770102694888,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1776-272-0x0000000000580000-0x00000000005B0000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:2260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff14ee46f8,0x7fff14ee4708,0x7fff14ee4718
    3⤵
    PID:3608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3228

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5577898093952163e585fc1356275cf9

SHA1
d46e9241b7e8e0b97598907a260c3c6ad7229b6a

SHA256
275315a835f78d1d40d3425488d1ed277924ddf5200cfc9635bf24afdf083cf5

SHA512
00a66c6a214f0a35144217c7738a237e41e7b9b5f66ecf9a94baf487e2b90533070092eb6930247532a7907f5415cc842d51758d3a76a48568f476ef30f1cb01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b092647394f1376f80bf2d4e8797d7b5

SHA1
1809389720e213a4733352f838cd1f16bd20d3db

SHA256
fa55709e752681e7d9f38d74a3376c06d31bd333fbf94f7aca17468f9d8fc85b

SHA512
9d70333ced82fa5ffcff47d6a25b3051916e8f5a069450dd86676315a15a94fd131a0d7973f19562e4807589249213dbf64ac374cd688e1ea17dd190f8e3761e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
82362da31f2b95d09159bbddeefa8a0a

SHA1
9145ce372ffdfa48eb48aa6075c05b87fe0a4fd8

SHA256
39f1d6e8275208e54b91b48be31372e0a081db251bc75e56ecd4d9504d474438

SHA512
129715824f38d43319bf5575bdf40279151ea94dba77d8ad605017ee58b95c21ca4b84df5f6c452dd763943eb115f5e4fa9be5a5eb42b03cffe6fce13af6c2c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9162097954e31566dd4c9ae572977ea9

SHA1
1e37c5d6f2577b74fe2e056481ac30c49bf630be

SHA256
a7d2bea5cd442f8e24e1c776b45ffcbded84c0939127713814f0a889c7d0e5d6

SHA512
2017968a6af966d0efc9858d6e18619a2db18ab9096e9bc81b6d4d23c154415d260daec1e9ad538264cacb8554c0ea92d598d8cf67d6bebfa9a27a679a3fbc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
6fd05cd0c97baed75d4810c7458c3900

SHA1
043a5d5faa77ae3077200252f1b3f8053d6b865e

SHA256
c0ab720f799c71bf2a745e6e02fe002e703c83f9b1a582fc61e6d9541e41fd15

SHA512
35d3aaea24d3b62b5d19d44d559b16e6538d51ec4f7a5425b1058993d5cb565779f3e8e80839f22bd05773dd380698c1ca9aa13991a648fc59b3030ac031ff08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
260016f7884d057ff71c6d3a4c7307cf

SHA1
65de0c2a81b2007a7afb5e7de8f244d6169aaf97

SHA256
ed45e40c305b2217539f76ef73231c88be4ecb90d5c5f5de805bcc752ee21977

SHA512
3329e0c1fec951c06a7084705d49b48dd1bd43800f42f3ce6e425dce376d40e80a670a49894597daed2a185faf980f27a471ca2d4e596edd6fa19ce0a67918ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
566B

MD5
381ac45cdf7aedc98e646056ccde4a8d

SHA1
168e192b23a595e9f41cf8d107d6c1d601c3ca77

SHA256
9f056538358e029a4a7f13bab71dec7dcec6a9ac69b95c766a887849faf49e84

SHA512
98ab242ae61cbeefe9816b68044a15f7118e2576c6e559fb1fb801cc405d4c81310183c6c6a31ab46791a1477d0f61ce113d98311f9858619e91a03935e8a4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
adecc59eaccfffaf8931b14e80c6fed6

SHA1
ee00a40e6e5c80cd32eb349e1a5b5a58f0b1eaab

SHA256
d9d773fb606dcab2e2ff99caee687443aba5725f745a88a20756a5d9a5c7fcc0

SHA512
7ed1c62ae6be791827a433246472847ef325f2aef9efd5f2673c65bc11643f45367145ffee034a4a9660ed33d41a47c7110f0f434c8c274a70c0ef95454c2e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da14c182ba7127bd3eef53cd8bc8905b

SHA1
d5f28efd44740db4542361af8618371ea8f53cf0

SHA256
89f216c9f317c6de9e5bdef5f7d8643e11130c55fa02a49643c5ed5b347ddc01

SHA512
660fba47b0be090ff9501c5d10bfe0279c8f415fa6f127e7ee130e59be22512fdde1b19b33d938a9e98164976b0af24532c8463e9a771c4df7db55918c053293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c36906785040ce021833c1e63f2ed0d9

SHA1
1e701e2a5c57610e93f4de21cb60641c0bd3e8b8

SHA256
c009e0823ff33502842ad8cf37b3dfdb46881c4862c7afa25338a1eeed3a7ee8

SHA512
2417be3ae5061d1a08a8a2addbd3045e49989153135d0db7083911de5713074c709352d30b6f4cf83d9c7d7698eed3d7bee36c0558af6cc3d9205eb009929513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
bfb396f724d87b5dc03bf360219fa3b0

SHA1
5c110515ef78880ca230a1d418b6ee92a3565e4d

SHA256
4a0f5896f8b14c1d99f37e76192d6d84c433000d50a7b5ec831d1ebecfbf2264

SHA512
8bdc70b2413a4e8ddc1b72fe4628106f76e7a5246c113575aca817ff6dce051f945016eac9e8bf342716c1a0862a737c015cc933c13e44a013555ddfff6f527f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
aefc5ee3f7d446e4f589d384871089fa

SHA1
f473772b9fad6deed5ac5ab67e21e80a32beea15

SHA256
cafbd5930c58521f476407f52bc923d7ad33b37e5dbff9be9b1d6b28249d0ad8

SHA512
697ff96fe24ee7016dcfead1ed557b89f2123306749939ac0bf8bc09eae97fbb040314d59991482dad192006a278343cd1176cecdd79a0cb98138611e81bb02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
41ca927f2a18ebf26c44ac40f3c2e2d3

SHA1
ec5cf37da84f4a18535ffeae200174a754df7f18

SHA256
97990a9fdd6894d3a6d08298f072599bd1b4fa7f31a96b85043fd5a174898e20

SHA512
08b4376368e8bc6b14f89045ff34befa51c8e3aead8423167caf58bd3e58e0da87b4b5982c510693f5683b17644127ded012501c17abd752838b39a9d5e5f23f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
1a24ce9312cd594e598e6f8c5045e2ce

SHA1
17465e3ad43a13cd7f2fe5623dce694ac3e577df

SHA256
29ac38b59d1a66565be43f71c2c193cecfabb90f45a7a5c9c88894076a529d48

SHA512
447680fcbe6b6dd61183299938b0246b20b6cfc5f9c3d8a80319364d851924e3f8d9e334f6af422ce6da5b5e03fc4ea89dc0942823fcd8f28c32af770a63721a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
2a41a01db925dc2f37fe3b129d99422f

SHA1
285761a508ae551813dbe5731023fa92b5884c65

SHA256
c0cd05ee20aa410668452bc97a16fe4523dcdc57d2d923dde3408513ff2dd392

SHA512
f0542dcd66398f9b38f032b12d830f6c0d04873645c1f6fe268737b7c7fecdaad8615407b3010c2779d852fdacac55700148fac863479d164fa3fdd94a491967

Download Submit