cb793928639247e8899b1d752e5bf47cd3e4f13b904781c0a2765d0dcc37b4f8

Analysis

max time kernel
156s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb793928639247e8899b1d752e5bf47cd3e4f13b904781c0a2765d0dcc37b4f8.exe
Size

3.0MB
MD5

0257a2810aa490a7720bb288119b0e20
SHA1

590db34fb7d8e00cc4e44d18fe936b65f5422d9b
SHA256

cb793928639247e8899b1d752e5bf47cd3e4f13b904781c0a2765d0dcc37b4f8
SHA512

f6cdc23040a2e6b7b1acd0092c90160917625cc2b6148c6fe241fc2ac3790b21b0e6743b206910ec33b703fe2caab62715174fc48a5ca56c95b7583039d2dc5b
SSDEEP

49152:A/jeL0/GUl+v8MUITduNy/Auof/tkFyIQ8fLdiPps5XC5wmKD+jqBrNMcG+SIOJR:cqoK0MzuN5ntk2AN5X1mKD+jqBr6clWb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
1436	msedge.exe
1436	msedge.exe
3396	identity_helper.exe
3396	identity_helper.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3488	cb793928639247e8899b1d752e5bf47cd3e4f13b904781c0a2765d0dcc37b4f8.exe
3488	cb793928639247e8899b1d752e5bf47cd3e4f13b904781c0a2765d0dcc37b4f8.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3488 wrote to memory of 3116	3488	cb793928639247e8899b1d752e5bf47cd3e4f13b904781c0a2765d0dcc37b4f8.exe	87
PID 3488 wrote to memory of 3116	3488	cb793928639247e8899b1d752e5bf47cd3e4f13b904781c0a2765d0dcc37b4f8.exe	87
PID 3488 wrote to memory of 3116	3488	cb793928639247e8899b1d752e5bf47cd3e4f13b904781c0a2765d0dcc37b4f8.exe	87
PID 3196 wrote to memory of 1436	3196	explorer.exe	91
PID 3196 wrote to memory of 1436	3196	explorer.exe	91
PID 1436 wrote to memory of 1508	1436	msedge.exe	93
PID 1436 wrote to memory of 1508	1436	msedge.exe	93
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 4012	1436	msedge.exe	98
PID 1436 wrote to memory of 3352	1436	msedge.exe	99
PID 1436 wrote to memory of 3352	1436	msedge.exe	99
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100
PID 1436 wrote to memory of 2040	1436	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\cb793928639247e8899b1d752e5bf47cd3e4f13b904781c0a2765d0dcc37b4f8.exe
"C:\Users\Admin\AppData\Local\Temp\cb793928639247e8899b1d752e5bf47cd3e4f13b904781c0a2765d0dcc37b4f8.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3488
- C:\Windows\SysWOW64\explorer.exe
  explorer http://www.adobe.com/cn/
  2⤵
  PID:3116

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.adobe.com/cn/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb778446f8,0x7ffb77844708,0x7ffb77844718
    3⤵
    PID:1508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
    3⤵
    PID:4012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
    3⤵
    PID:2040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
    3⤵
    PID:3032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
    3⤵
    PID:3664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
    3⤵
    PID:4540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
    3⤵
    PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
    3⤵
    PID:4916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
    3⤵
    PID:2476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
    3⤵
    PID:3992
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
    3⤵
    PID:5060
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:3604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
    3⤵
    PID:2168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
    3⤵
    PID:4684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4658398644513131750,3380898333124733217,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5660 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
acd41968a9ae8a1fe930f6d1f91ed5c8

SHA1
5f5818991176435fffa6c1184947ecbe5349799f

SHA256
8d395165dfaff3450d0092f083bcf78a83a9038761b02ce6aa4b638794b420ae

SHA512
169b43b7cd2d5a10534c480886149fe74ad86b3bce0bfd25145a038868fce899dddd3cc01343593066b0408fdf14e161a14f748e0f3016b251e95d57da2b858b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
f94758d1940194fe257294037f61d213

SHA1
5fb214440c3b047cb87de200bd6bb5b39d5db9d5

SHA256
82b61046c99e8ac8498f089e4b5a1fec32cdd76094982684352a8ba489362baa

SHA512
d93d88278879f409003f2d4500e5de2257ebd9413d927253082dfd8389124e32d22c27eab8d61c6e6911ca2bdbfa4a2fdcec80731aa85e1a2129cb0f0da55ca0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
299dc103b21b061824dd286d5a6dda61

SHA1
943f827f4f0942f45f7be2091261432bb53445e6

SHA256
14f4f875754d6540b8a199bd4fce9610a77f9f24d697fb00c87b096490d7096b

SHA512
e6dbddf5adc486c0e84fe8bfadf9cfb9cebf93df767a0d7401c5964dec4c866a39a073fefc71fd95bb0575bc4dcdc5036033d6926b07190567fae127ce7c2ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16c2a9f4b2e1386aab0e353614a63f0d

SHA1
6edd3be593b653857e579cbd3db7aa7e1df3e30f

SHA256
0f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81

SHA512
aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
0f287d2aa37adbd4259389ca0081c4c9

SHA1
e65a21d87703ae0e95c543bfac627ae530584acd

SHA256
b00397bacc8a1e05ba2a8d82c209d0e21f38bac0830320b3b3921f24831926d4

SHA512
ba7ae076035bb449d99bfc523f7fe17fa46d6e59a9d47518ed76fe00c4e205e5663717d45d884c0f1e73dfcc3ab3ab2b36ae073a6131797894d54061f92975ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5be9bf6ae08e3ff27278bc150de0fd96

SHA1
da4333502580d1df323bd3620b6b7ca721abbcad

SHA256
fa2db754d91e3a132d3d39a78dd07a33445b91d48079d48d4d43746627d71f88

SHA512
2a8311814f39e1e33faee53cdcaab450eee606bc1f1f520a3db035cab9f13fa723403bd9317b0350947282c321ff89d8b3e5ee3fc9043e828fb9f9604de69899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1a1ef00daea191c14438b40c4352189e

SHA1
fab664b4ea57891e0e55cbc15d6dd418c113cb7a

SHA256
2f39b353672e4e46b1306f4ddf6146684159e217380c8c9402d6cb5905feae33

SHA512
f578e0e4c6259673a9fc0416d3e5c7dab1095228a5f192bde16164e8a2741a2df8972bb4368dcc701b02e7883506fd921c298c0a6e38bc35ff26e53cd0a1e991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d5f9a4cf81e4b771c0beb45648f44032

SHA1
f5a38e2424f218d84ec2c3ce8eb71c611f57b09a

SHA256
ea797827ba348c7338cfe05f3775fbe63cfd814d9c38024bba3461cfc992f7bc

SHA512
69c164eaeeda4a2734549e1d2f5bac1035f80d288b3db8c11d34f6a498f904d25236c98dfab68eef0c061307df6b9b9c13277b6e870675030a3deb4bb9316e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc93718cb1d38edf7d96c645c9f6ee61

SHA1
e031792a94046206b743d80b82d8f5c9b5dcb26d

SHA256
849b6037c3a1a8abd582d89f944a592736b7d3da4e0fac1aa2b321fea65c7367

SHA512
45aff01ea741d2ee7c57c664ec4bd674e6a2009cddab7d73302818a42df3631310004a9258c6b066505bffd0b5daeebdf2691a1c88f09e3d4aa909f00aad9925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cd2437478210d89917647b4431de921c

SHA1
e3d83b64d80e38b42c4f9337a8a4084a308dfc80

SHA256
a429883622d5aede2dc563101045cbbe9117bb88d944f73f85ead3d565d4b44e

SHA512
c6ab5c2b7b25940abeef0d3ddaa9efe4a1a8037f5e2e83dbc2eceee69af871545f213dbf5d5d21037dbc6f8e0c30a2a0fe1c735d135579dc3add514f7af9f6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a98349fe09c09c54baf6a772f9bf00bf

SHA1
c5d64e7735e34d3d84c49c36ebc099fc5bf572a1

SHA256
4e43886ebc7d339a144f2c40155261da569734a527d290c1cb05075df2db27bc

SHA512
287c4393974eae713c35fbe375978808ea2be0adcba6b20de5a656324ff0e6f9420b74366df3de0cf3f3e18839c9aa167e5a4e91b8cc8c2bc6a0e3d42c6eed9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
699e3636ed7444d9b47772e4446ccfc1

SHA1
db0459ca6ceeea2e87e0023a6b7ee06aeed6fded

SHA256
9205233792628ecf0d174de470b2986abf3adfed702330dc54c4a76c9477949a

SHA512
d5d4c08b6aec0f3e3506e725decc1bdf0b2e2fb50703c36d568c1ea3c3ab70720f5aec9d49ad824505731eb64db399768037c9f1be655779ed77331a7bab1d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d8d05327c5274855b1a8796001e4dc6b8f2e344f\index.txt

Filesize
156B

MD5
56b376fcb8b81c58cf2f47fc9953a4cf

SHA1
6e86e0262429ea4f002bc7f9ec2211db7593b7b4

SHA256
b771a6019af979216b0331a18754674261330677a1029d9b5a8e9feb184f0da0

SHA512
2a39973ef4f86d17aeaa01599fd1ae112aa10db632402959d7d02127a509dfda29eee0b903139d4a49ec58055251a8dd39a32caf27360db8d90fcb9d2b6f540a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d8d05327c5274855b1a8796001e4dc6b8f2e344f\index.txt

Filesize
149B

MD5
c2a5c4d097c787004776776f141bfe67

SHA1
de522de54567f9962932b267df4dbbaa7483584d

SHA256
392ed3bf58836d43b0504a78a9475e5a3bc71076b0057c4f97d61fc931581832

SHA512
596c7509b23a1a20d56efad779b40fa2905fd593ccb6df456de3c44b8da87cb65012ab425ebc86ddf591a42927f2f92ccc8a736e373076f597fd5bc01a3cde43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d8d05327c5274855b1a8796001e4dc6b8f2e344f\index.txt~RFe598090.TMP

Filesize
90B

MD5
2b751d1e889732e28ba84bdf302226f0

SHA1
5f14168ac35c4ce2a2f2e74d3c29eb183e2e81a0

SHA256
717a41e355ccd35ba36cb085316ce38915139d4516ef67771c1510a75d399802

SHA512
dda4cc94b7852ef63dfba8c8d4750be71304371ff7400f0bfe92f1af37543290cb055719ad7010fd94d9248b787052cf7de2c516b9377d4b13824a6edc3eefcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
60781864f56a09e03351dc8adc134152

SHA1
297811358784e251f129a58375d484b275979e42

SHA256
962163e34c9d5759f6f8424a1e82496573c2edab5429091a83d44660003f2d88

SHA512
31874b84648be2d515901d3ae11b1bc51f08868b0601f1cd732939a410d36d0bf1c78293141b7068b4b2baa2f6201ae9da21f3ad358b234a0092c0be469fd3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fde14f2bcaa2a1a628a128ad78207c48

SHA1
96d6bb9d2fddbef2afb19e6f8dbdbf7a2da05b07

SHA256
fb0792d821c7378650cae74b4f3675c7d657c94bac1d92b2354970d9310aa6ea

SHA512
fcde3decc2f3d00ecf53cfe9f07b2f433e1db188c668bab90e86afa9d823e5a994e922d2ad70434cbdc6742d871ce426050f46e34d7bba3b83a0f5c7bf834e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
863f15a3e87b01a74ae85e0bb6f7926f

SHA1
06dc2864d531214d7419592ee577656069c5d1ac

SHA256
b8ab497823bd51f6cf559567f3083a8c01da846296e9d6b2d0177b647ec479e8

SHA512
7f65d037a753999c70db1b1849fb0063b99c0b1078cd6685e1ed7d1de17f412e506f9a8a7c31c457461f703416c146bbb7a042f417c3bd436c7fec615ecd6525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5928fa.TMP

Filesize
204B

MD5
6460468a53dcffe734aa5ff5268743cd

SHA1
29630fe935b082dc9048620f95657480c04e22d8

SHA256
1edad38eff1c6b954674e0c29eb4298ff43a43e696b10e4b1196a68a46323d5e

SHA512
dc8c7188f4842d768e28c1169b6e4105bf266d43a7c35f903e6aeea272b7f3eff885a994164405e5dd220bf4afa164584124c0d8726418121b1f7d5e7582441b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
acf1540c2f52a0203f9eb408779a9341

SHA1
35b8c950b40a305fe850b7c088dfb98b61ceb126

SHA256
c5987ea84bf9926599e5983fc7c644eef7c8b7020d8567c6423a61afa1028324

SHA512
5df606da31a9a72e0df89d604c3c62a3dc9f7ef61106657381bfd43c94421f506e06898477eece7affc2cef7e96e02ea9147efe6dfa23e048f12e78cbe828358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
08d9ca050a0a10c4a905004044f5663f

SHA1
357b4dc0e17b23355fe574c959b3ac4497accbb6

SHA256
0655519ddb701bd9a89d714bdaf1bbb7a673c33bc4d40f22c4abc727afb78d2a

SHA512
980c7310dc3d38525f097e48dc026f5c1784f7f1012feeabcbe8b7e9e6dc2ef7a33845ebd73c0039ea13e49011e5a7987f7f5a2db385789d11aca0e05d80b57f

Download Submit
memory/3488-5-0x0000000000400000-0x0000000000702000-memory.dmp

Filesize
3.0MB

Download
memory/3488-3-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/3488-0-0x0000000000400000-0x0000000000702000-memory.dmp

Filesize
3.0MB

Download
memory/3488-2-0x0000000000400000-0x0000000000702000-memory.dmp

Filesize
3.0MB

Download
memory/3488-1-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download