c78469777fc1161f849cfdd308c6d94e61e49917380c15afe023e7375b9df656

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
02/07/2023, 13:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

276-97-0x0000000001D10000-0x0000000001D40000-memory.exe
Size

192KB
MD5

da5e25878ef9cfd4b0a53994df76da5d
SHA1

5149d77d7536fff8b3ba7877112c345b47095539
SHA256

c78469777fc1161f849cfdd308c6d94e61e49917380c15afe023e7375b9df656
SHA512

3b90330e320e5ac223bd6973a8cb62c3514d771f36f538452824bae403502787ec570c40dd38259d69f8a05be4542302fa90622a81b44a7914bdb73fd0bc5cf4
SSDEEP

1536:QhbEey6y36sv0W7TDGOIrHuyk7xk2W5/uGxNFVYQffbuclGHQ4N0GkRJ8e8h3:QlEebE6Cyk9i5/uGxNMS3azNq8e8h3

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\9f17cf6a-6039-4688-afb8-bcbaefff8ee5.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230702130814.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
3816	msedge.exe
3816	msedge.exe
656	identity_helper.exe
656	identity_helper.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 3816	1176	276-97-0x0000000001D10000-0x0000000001D40000-memory.exe	94
PID 1176 wrote to memory of 3816	1176	276-97-0x0000000001D10000-0x0000000001D40000-memory.exe	94
PID 3816 wrote to memory of 4572	3816	msedge.exe	95
PID 3816 wrote to memory of 4572	3816	msedge.exe	95
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 1544	3816	msedge.exe	96
PID 3816 wrote to memory of 2504	3816	msedge.exe	97
PID 3816 wrote to memory of 2504	3816	msedge.exe	97
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99
PID 3816 wrote to memory of 3708	3816	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\276-97-0x0000000001D10000-0x0000000001D40000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\276-97-0x0000000001D10000-0x0000000001D40000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=276-97-0x0000000001D10000-0x0000000001D40000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe2f2c46f8,0x7ffe2f2c4708,0x7ffe2f2c4718
    3⤵
    PID:4572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
    3⤵
    PID:1544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
    3⤵
    PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
    3⤵
    PID:4492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
    3⤵
    PID:3580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
    3⤵
    PID:1420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
    3⤵
    PID:460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:4084
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2736 /prefetch:8
    3⤵
    PID:864
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff620935460,0x7ff620935470,0x7ff620935480
      4⤵
      PID:2960
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2736 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
    3⤵
    PID:2020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
    3⤵
    PID:3612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
    3⤵
    PID:4660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
    3⤵
    PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4639157948528284746,6048257396513753041,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2876 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=276-97-0x0000000001D10000-0x0000000001D40000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:2176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f2c46f8,0x7ffe2f2c4708,0x7ffe2f2c4718
    3⤵
    PID:3100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5577898093952163e585fc1356275cf9

SHA1
d46e9241b7e8e0b97598907a260c3c6ad7229b6a

SHA256
275315a835f78d1d40d3425488d1ed277924ddf5200cfc9635bf24afdf083cf5

SHA512
00a66c6a214f0a35144217c7738a237e41e7b9b5f66ecf9a94baf487e2b90533070092eb6930247532a7907f5415cc842d51758d3a76a48568f476ef30f1cb01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b092647394f1376f80bf2d4e8797d7b5

SHA1
1809389720e213a4733352f838cd1f16bd20d3db

SHA256
fa55709e752681e7d9f38d74a3376c06d31bd333fbf94f7aca17468f9d8fc85b

SHA512
9d70333ced82fa5ffcff47d6a25b3051916e8f5a069450dd86676315a15a94fd131a0d7973f19562e4807589249213dbf64ac374cd688e1ea17dd190f8e3761e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
82362da31f2b95d09159bbddeefa8a0a

SHA1
9145ce372ffdfa48eb48aa6075c05b87fe0a4fd8

SHA256
39f1d6e8275208e54b91b48be31372e0a081db251bc75e56ecd4d9504d474438

SHA512
129715824f38d43319bf5575bdf40279151ea94dba77d8ad605017ee58b95c21ca4b84df5f6c452dd763943eb115f5e4fa9be5a5eb42b03cffe6fce13af6c2c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
2fb0c45dbc5271e4f767525270958246

SHA1
b099cce8c974a10e142cab33e7058ddcde5bd982

SHA256
7b867446738fc2a016f3d5e727b9a3ad86310f5d2e3a08340af6ca868af1e72b

SHA512
bd2c666fa9c3c0916efb27875bac319a5b214779298983e5db3bbe304c6f94bb8c611fcf7787e7a0827a7cbfd9e1c91fd67635fea656b682961a92192c198cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
667b2b98bc79fdba5ab9e8b3f130ec00

SHA1
25043081b5a7c7c21d32c7eedcf7b7464aeb0144

SHA256
c54d38be1b620872a8ae9cd10bee0cc124bed29efb4f69728f05e78e39df0cf8

SHA512
9963a15fe9cada3bb6d0d3d301aac6f35ae2baa608cd390fcebb7b863afbe89e45df3e7afaf6cb716c51a2acb3179b917a0787905b029f5f57310b8dca418f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
d16834ac0fdba94159f8e6d7bc867774

SHA1
02ba1e2bd79447d6536b048ab7883c202a095e1d

SHA256
0c87978cbcfd714998eafa5c13a6c9f672293630202c668d3b46b2f31e7da746

SHA512
8fef5ca8c05cdb8f0adbef3d57122355f2ad4cdeb79a8d845a164116d8be6c2dd1fdb618073f2a566972afad7747dad0b72be9e0cfd986bbb2f8e18d1c040de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
346B

MD5
172a03f1e073cbc347cb5102d038fa13

SHA1
83a95a02491a4b046ea79fd04ccf6c5c24b29d60

SHA256
b8193a8bbd8d5c6b71977d040537ea555fc414cb3f7c2d4166e9bd3ac1ef4e89

SHA512
2a47a09a51fbf77f8b2bcc2d3e46db628d45ebabb9bb4033965b3409810e9a6c55c1008a62bfab5d3ca2a64d8b67f5c726f3682da0132738065c14ff77c1f5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
3a958cbf8f6032b6ca5809443d37f8f7

SHA1
bf0a159e5887ee16c90198cc1d33b77b5e732abd

SHA256
67ea866edd3f85fc6103da40d372e999322a3861a842332344772fd6b0db356c

SHA512
d96a5fa560bf390a8c531a5ed4b5fe19a3738a2a6de9e8c2c241a4ba0d7849170241e91aa0f0c847bfbbb1138aefa0d50aac5324a68e463044202cf99ce7fb4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ae80ebf7b80e0af623aa80652d09a60c

SHA1
584e295fc72ae73fab7ac2fa59129e9b770549a5

SHA256
155773b2a38b1af3c7443e4731c37e83ea13ef769f6bad2388da0cf3099830a2

SHA512
535b9e2da1ebea7af891af2c2ba3452cbe076afa327ef234214718adceed7e5639e94c1cb9e848fceda05a8e6433cdae9fd794cb70b24f39f77225b519a2cf7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf02492eae994f7e218b97e87b9a4816

SHA1
97d85d426cf05da1bdafd2dc7692fd40102ffa75

SHA256
dee228511c93d50c715ff964a4929a819ffb9ad58a09753911e232fdc2b53938

SHA512
f2548b34bf74f5fed1075f601cfc05081bcfc775707419174adbb64f94c83c316b23193ea74972fb29bad8e828071673978bf7327a40dfa5b37df55cdf8ce672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
bfb396f724d87b5dc03bf360219fa3b0

SHA1
5c110515ef78880ca230a1d418b6ee92a3565e4d

SHA256
4a0f5896f8b14c1d99f37e76192d6d84c433000d50a7b5ec831d1ebecfbf2264

SHA512
8bdc70b2413a4e8ddc1b72fe4628106f76e7a5246c113575aca817ff6dce051f945016eac9e8bf342716c1a0862a737c015cc933c13e44a013555ddfff6f527f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
aefc5ee3f7d446e4f589d384871089fa

SHA1
f473772b9fad6deed5ac5ab67e21e80a32beea15

SHA256
cafbd5930c58521f476407f52bc923d7ad33b37e5dbff9be9b1d6b28249d0ad8

SHA512
697ff96fe24ee7016dcfead1ed557b89f2123306749939ac0bf8bc09eae97fbb040314d59991482dad192006a278343cd1176cecdd79a0cb98138611e81bb02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
342a4437a991fc4878f53f948d004a6e

SHA1
84719e2b14d659afa3a884f4a59543f610dc8ef6

SHA256
f78b08c98ae0607ced58f358b5689d2a09b84cf7df0470c84fba2b73c2efa84a

SHA512
0b0f0a82df307964023a4b9a971c7e68689d358e096529172d74d53be9966efb4f19abb56d781c0ef8254f18c4cec9bd42eec3b5fefdcdd66d41dd5c6cc9f059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56fe3b.TMP

Filesize
371B

MD5
2d607e4afa12add717002912b097181a

SHA1
83df743521ccf9f86101071cd380d0e89ebbcabe

SHA256
48432282529559414fac242bd00d77103fef9bd048c5615e9aacc14bb289c179

SHA512
1ca96f9c72bd632fdff20718e58d899cd3c8951d2d4c2aec4c9bd11affa253cc99946b7ab181865fc1f2f00b49192511fbd1bf715095d2533a7dfee424057442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
09333b90a9b7f4db4f150a4cd969dbb0

SHA1
173639128147535bb39d93c96b589d78400cd510

SHA256
5da431fbf601d9c824b65c4c724bdc4c6bafc34b74978610871071eca5770952

SHA512
6d2afd650b0c389b2674493e581f3393db0e87d225af3c3513a2e856cc2f579e8276aae188c7bddd9e4d710745aa2f290d31f37e2af8a96fbd43d48d4c778e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
6fc6b279c130b786e27a1ab788ceac41

SHA1
6c3d3570277166ef0f99811deeaae6edfed679b6

SHA256
efa16fad8d77884ecdbef3975d5d514e48dff0bafa599157031c3eda598921ac

SHA512
6a180edd0f148300f177fdf748b43f9be710216d98e59c58f14d44fde6636e89e446508f7d81bb7d99b8f1afdf0d36c9532eb6a68bb2c11401afc1cd83b2ba16

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
1ec2d149291894c6a368bc92735304e1

SHA1
a31cf018a06ec78363acdf44beecccade0883a30

SHA256
e9a1a333961c01288a1f81292043dd1e12f7e9f5f48cbf141dc54b04c8700ab6

SHA512
c6bf0a32b10a2bfd1f56a4fead0da2d28bdc5851d60198f375947ccf796ee5d4d5e16df82c93b7f729dd274473b59826d0df93fb5de8862b65712da9db523f3c

Download Submit