70874e0677e0f6e66f92cb72914f8b40c50a6f1588c7fcfe8a892185e0295784

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
02/07/2023, 07:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

864-54-0x0000000000270000-0x00000000002A0000-memory.exe
Size

192KB
MD5

1e6dfb4611dc5761501bc03c5574ef88
SHA1

11f3f1fae036314d522e0a28c6f03a5f70fc36bc
SHA256

70874e0677e0f6e66f92cb72914f8b40c50a6f1588c7fcfe8a892185e0295784
SHA512

65b294a8cece183191e6d3ecbee1380f459b83438aea4fe5da5375edc5221511728e3904166489df2c6241ecf508756d90df5fb70cb11387b4f12b1d2b265c69
SSDEEP

1536:RhbEey6y36sv0W7TDGOIrHuyk7xk2W5/uGxNFVYQffbuclGHQ4N0GkRe8e8h3:RlEebE6Cyk9i5/uGxNMS3azNJ8e8h3

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8d77afb6-c8be-47c5-9054-596e150f0d6a.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230702070827.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
492	msedge.exe
492	msedge.exe
1752	msedge.exe
1752	msedge.exe
4208	identity_helper.exe
4208	identity_helper.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 1752	1764	864-54-0x0000000000270000-0x00000000002A0000-memory.exe	93
PID 1764 wrote to memory of 1752	1764	864-54-0x0000000000270000-0x00000000002A0000-memory.exe	93
PID 1752 wrote to memory of 4668	1752	msedge.exe	94
PID 1752 wrote to memory of 4668	1752	msedge.exe	94
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 1484	1752	msedge.exe	95
PID 1752 wrote to memory of 492	1752	msedge.exe	96
PID 1752 wrote to memory of 492	1752	msedge.exe	96
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97
PID 1752 wrote to memory of 2668	1752	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\864-54-0x0000000000270000-0x00000000002A0000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\864-54-0x0000000000270000-0x00000000002A0000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=864-54-0x0000000000270000-0x00000000002A0000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa69d746f8,0x7ffa69d74708,0x7ffa69d74718
    3⤵
    PID:4668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:1484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
    3⤵
    PID:2668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
    3⤵
    PID:1392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
    3⤵
    PID:4900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
    3⤵
    PID:2124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
    3⤵
    PID:3640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
    3⤵
    PID:2652
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
    3⤵
    PID:1880
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:4984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7f00b5460,0x7ff7f00b5470,0x7ff7f00b5480
      4⤵
      PID:2264
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
    3⤵
    PID:4800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
    3⤵
    PID:1764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
    3⤵
    PID:4552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
    3⤵
    PID:4268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6688990213684581619,3810146060357693983,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3504 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=864-54-0x0000000000270000-0x00000000002A0000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:2868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa69d746f8,0x7ffa69d74708,0x7ffa69d74718
    3⤵
    PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2416

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ed9cfbe2b6990431cadc59eee86c6000

SHA1
cb656fb2480b9f2869949be67cbd662d635bf5fe

SHA256
3b7a8f91da1d21e3a6967f49eab6e6e2c187b12c5fe06669ed3d0f9068128f69

SHA512
32b4181083628ed6d5d18ca56c6b79ff8685d8f18cc598f96b64a9070bccf4d466e79b3c5a56d03c265ea303bcc0b76dc1992d725303b0126667b8b93cd87d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e479233da77016935baabcddd19fdd3d

SHA1
d09799ad7a9cb76c66dbdcb02a2824676d676b0c

SHA256
3a2196aa6d57fe0af58a13f3a73bc8e65b9a118863d7ed26beaf6616128f8575

SHA512
9e5a63eecf7aa6ded9f02be9bec7a561c092ca7e33c1ecb722bb5763719a0adff9976d75ac1e1b8a634656147b304ae9451bcf4bd417550e8081e5d57e22c33c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e583a28f09b5d3d61367a3a0ea2df00

SHA1
01d0a0e11d0508f2926cb089d2a17f3eb68d27a0

SHA256
1d022371732e494625ae7f505ae26cea8185433e5b3a826dd7f5bb892d324788

SHA512
01e83d7bc2dd807613edddb1e724eaa3a0674a9cd0c33072d05e537b97ee6c7526cced5a8918f9909039d14f0f79a766ef8857d3d026a06ae6193f5358e9fa41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9436d7a957b99b744ee55a690076491e

SHA1
73b549e01d4980f6eb7645ea2b3dd68e69ce7ed3

SHA256
7db58707ac2c1fde94a3cefe64b9ed20c04658e0674da4bdfc8a824d4a64bb00

SHA512
34750fb63c41ff6ecb0d0ae45b93b051037b6792ace17a397512e06fcaa1f786fc05648829c81063a1331308db4efdd3e05cb832da6f3a63d2b1a8f237f6132a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
2e27fa1d05dec3a83a2e4e8e17550265

SHA1
e52d2975ef23701b16d063ae22f723a79c8a2219

SHA256
e9058e4711ad595bae6e39d4d9c4f4fde9e8460f5de38f83717d436a70f03cdd

SHA512
6564ffe98d4ad1f5f38189f10aac37aa2b16af9dafe0b1d198cca5f62e58230f7c96493122d9c64df372ffad4b8401a9a4fd42e455df40b14ba3cff0824e91a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
346B

MD5
172a03f1e073cbc347cb5102d038fa13

SHA1
83a95a02491a4b046ea79fd04ccf6c5c24b29d60

SHA256
b8193a8bbd8d5c6b71977d040537ea555fc414cb3f7c2d4166e9bd3ac1ef4e89

SHA512
2a47a09a51fbf77f8b2bcc2d3e46db628d45ebabb9bb4033965b3409810e9a6c55c1008a62bfab5d3ca2a64d8b67f5c726f3682da0132738065c14ff77c1f5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
c43c3eb04b7652febd5545db24eea682

SHA1
bc8eb806bf9058cc45fb720eb2d28ab5d8f860b0

SHA256
f91e2f9296105783e89df853f6f41165bfb257a2b8c50c26f5475d750b853327

SHA512
0908355d14b0ed3ada06721ce9cd8ad5171aa7b1a9ef33bc7f41a7b7f87c66082b1bbe81c5af85fbf61171c7e141b146289e4205562d8289812b411052c128df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d52a4237c821b5b37fdb9ff4348ebd6d

SHA1
63777c8ee962f9a07afbacc8092c96331f019da5

SHA256
533ce2772a4d00b6aa278ba120d62e60ea96439b8fcec252e5e6a97f1f9e4768

SHA512
49c1ed27e20291ace720b2ea58faf90db0a3825218b057726d907ed732eb892fffd2d059a944df71fc9119c7eccb42b92abd68f7093452c1890b06ceaa585fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
44e8487d8a19077cf107beeee29a76cd

SHA1
083b2da571dae5bc6aaac2ef0a026b59eb34711e

SHA256
ff4be47982983ca7e730af288cf56ab7096f4a3e530c2d352af56bc941fe0ecd

SHA512
acf3eebf17d8447e34c80e111f80b38065a0ffd7a2482231953649cef3e73561a52232c99876499bad6d46c519891f97b4305f8e8c000cfba3be5db3daa0caa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f1e05306f1cdc82fba51a674a801a193

SHA1
819e8799911cd6aebacd0d90ce28538e5c4edd5c

SHA256
f78d41f65b348543bbc3b8b64e1723fce63adcfcdf9fb8eb015bb1a70ef01813

SHA512
8a46e69ba3c5d81ed63c91b41e28a7941ae878fbb5117d9902484c519e096aab3943c8e5e635b5e5ba8f36e90328559ecbab36e450d754261c1e94073f2fc74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c7e3ef66babd460268e7ff8846ad5392

SHA1
1f1df8f52b64d8faf6e7408e37b427828ffa1bc0

SHA256
18adc63cb792f32e070a5ed545bb177e7b8f76d51b877418f487275bc5173941

SHA512
8f768d6190236946db40e647c05c1cc52249c20cd6b3490f2d5114ffe86a542a3e2f27612e6c0486234af8235c7f7f709de37023e5b65503fa97ddc7ac251aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
4887a0174b74ec55ffb8ac59b5d90ae7

SHA1
28c8217f7e4dc7e3d1761362d0432f34d061671c

SHA256
4b7bc607a7ba7b01992941b8621bb31c78892b26a32e09559f3fb87183e4e76c

SHA512
60cb718efabd82ff50fc463d516ad3cd5526875502bf11fff80fe9232f5596d2a77ca3b57dd7a54c10c4f75a68b0350556b1e797e9b7e1fcc9c16a7468cd981d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe571a5e.TMP

Filesize
371B

MD5
e960bc4f256f8d952a61126f0c2cf21c

SHA1
1717b734acc9c7a73e130cbd943f991d729f213a

SHA256
e04d2120228b8d7dd31d1085924a10c2e0ef8d43a28e173ec2781f26f57a72e7

SHA512
20e27dbdd5d8144e90fa6caac116ca7cbb2ead94b42e8a4e5f866274a4483298c8f4de84f839fd042f4db61a2994d491fda9b4e6213a668ae958396763be65ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d69095a32131057993e7b01364083c4b

SHA1
9aecf16d378f6d9ab3e65480b879c033ea6ead76

SHA256
955dca05ca8e78e0af761a331e87684f4d22a8201344f00cfade1bde0387d76d

SHA512
6444ce29ecf93eecf3a719dc966781781908192b62e79f8ba8d05a0ed56436ad4f006c47fc732401be23cbe26676ea3a3468450244db92d12975515851fb1a6d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
f83adda471b5bd5f1f254dfcbde25f46

SHA1
1e9a0be12f7de236610cdf34c632eb04dca228f3

SHA256
cc3aaa4b5f65b73a9d3ec92a40f11849cf51c3d9a59c5f102eb6fe28a0bfc87a

SHA512
72e4f4e34fdf646f2e20ef0bb1f1e09056558f60160b098cd4be3c2cc86a97ce073457ca73307f6b30a283a9f305b68cf4656b2dc2fa6bc3385373efc1de8fa0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
34e2b2a0ae574a9aac46ebbadb3a7aca

SHA1
3a27418cb676c79e351df262f9326156e83a57e4

SHA256
b02ae4f2bc6af335a3026495478039bac077d533bb875ff0f59f1363b229595b

SHA512
cfc560897f8dbc634c7e9040453b306752c2636404dfa426d8efe59e8e26f314640a7bfd6c3f8003ce993c3a02305031f44a7e9c5ac473eaa54c31d09f9bb541

Download Submit