2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad

Analysis

max time kernel
249s
max time network
250s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eicar_com.zip
Size

184B
MD5

6ce6f415d8475545be5ba114f208b0ff
SHA1

d27265074c9eac2e2122ed69294dbc4d7cce9141
SHA256

2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad
SHA512

d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3791175113-1062217823-1177695025-1000\{BE235473-8AB2-4560-BC55-86F27997A906}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1376	msedge.exe
1376	msedge.exe
4432	msedge.exe
4432	msedge.exe
3320	identity_helper.exe
3320	identity_helper.exe
2208	msedge.exe
2208	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 5100	4432	msedge.exe	98
PID 4432 wrote to memory of 5100	4432	msedge.exe	98
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1544	4432	msedge.exe	99
PID 4432 wrote to memory of 1376	4432	msedge.exe	100
PID 4432 wrote to memory of 1376	4432	msedge.exe	100
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101
PID 4432 wrote to memory of 2976	4432	msedge.exe	101

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar_com.zip
1⤵
PID:2244

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe74b246f8,0x7ffe74b24708,0x7ffe74b24718
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,3843797707326951872,11426876590861006872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5564 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2308

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x338
1⤵
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bcaf436ee5fed204f08c14d7517436eb

SHA1
637817252f1e2ab00275cd5b5a285a22980295ff

SHA256
de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120

SHA512
7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
49KB

MD5
4b4947c20d0989be322a003596b94bdc

SHA1
f24db7a83eb52ecbd99c35c2af513e85a5a06dda

SHA256
96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180

SHA512
2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
43KB

MD5
fa938d13f992578fab849f63ad6758d0

SHA1
35f74de235395966c309187b2256270518a13d15

SHA256
c83bea6acdb959657946efaa2cc6a971506bf4b56ecb0c4951e89193b78caa95

SHA512
6d665cbc05fc826e83111014d0258867ccaee6e05d3f7457c78a8843e8c88c6d8c4175979b37e7795e22b6c5b0a4aaa161e8948c1262bbad4422870d0788e0d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
24KB

MD5
657ed1b9ac0c74717ea560e6c23eae3e

SHA1
6d20c145f3aff13693c61aaac2efbc93066476ef

SHA256
ff95275ab9f5eadda334244325d601245c05592144758c1015d67554af125570

SHA512
60b6682071ade61ae76eed2fe8fa702963c04261bd179c29eed391184d40dc376136d3346b3809b05c44fb59f31b0e9ab95f1e6b19e735234d1f0613720e532f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
18KB

MD5
5d04a5aed02ac5a2f8a4269a6c2570b5

SHA1
727f0be60a1bd0abfe72a018e5741204006d5f03

SHA256
7d8edeba0329989214034e43d9b5c089bb187c2082dd29a811cc766ad998c258

SHA512
88bcd58efd108cacc3818994606e9fd58f0fdf59e4a0beec4be6081f49d0c236c08168ae9a8b975e7a8955068d4fa2765d68506e5a042bf2a962393aedcf1961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
209cf63b94334e63ebd4606041256e2a

SHA1
c89031c0322c4fac7543d50608f0e1de2716e778

SHA256
fee62b57fb7e658589e4b758fc7c5f2224592d3bc6d3eea1ac80400e5cd7114f

SHA512
5e5bfda3cfcd5b34dd54eb4e8b87dda727a4d0d1dd4803ca58a0759c241e19df2e6747999c7d008703f525aa67ebc5d2c27800b6ad6c0038e3ac011c08fec520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
de43437250dc739333c834514b144578

SHA1
27f62874eeab1c1c238d6d1cccb16819a8667c24

SHA256
445b1025300623b38ef2def5477e9378e8a924ac82328df7be4c9658ce367f89

SHA512
221132897db8d62cda934beab6cc105b2ff6ea700a8f84503f01ce62610e55c56d8c67d3dc11465274de96732491280de4d692d548c64e4e54e68cfadfb1d46d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
931B

MD5
90e641f7d72f638c97cf409e6a40a9e7

SHA1
935dd88d91406efbe89b7bc4efe0ac018a6e53f2

SHA256
519f0e935925dd02101e82eedb99f12aece13c75b62e22ba65dd38bacf5970d0

SHA512
a783c5f4789e057e337a3da7b1b884183edd3849d5205ab370d136800700f2315805c250fb22ee4e096a4349b60d386108334550f5706ba44b274d472e172ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5c147f4a3a809a6326593e518a663bac

SHA1
dc4a08acb810e1a7e050c8d666601667767a362e

SHA256
39204aa7173d43aac3be935958602672f90b4d0a8f6f691b6bcb0c651bf2c244

SHA512
54e6ecd658925b7f18e49e362ac7c11401dff419b9d401b22fb80b074f41a4d39443a93b9d36ee52c5b23df13a32339c17eebb730cba251acb0166073c86c91f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4dc346e28833b6d3f06657da3511e17d

SHA1
9c54619d0f5cc19741df64f9bcf64c4c2b185b61

SHA256
cefa1394c305dea0b4d78bb52fdf7f0ec57907355b2860bcd3f1939f285206bc

SHA512
d0bcd685f8856223ba5e4c615f6ecf991aeead87b5c8ce7078291f916299c6264ac59c7d4ef8a610004768ec32598f31b141fac29644df5ff01471d63a2c41dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
831da856b29966eed6650b978f829ac2

SHA1
2ef72c59523735b390aff0eeb0563812109a0099

SHA256
d94bfb57d613abf1ff15c24aac516f17b324b6db84263f6aa5d1e74176c93dd1

SHA512
6025865dd15da423855f5f229aa7fa716eb6ca195517306e112a9bd18cc53b92ac878d90019a33eec02f5fb3dfea2a53ec6eb467b0c5e4505b8e4a085b8848e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d84c8f0acc870bd66e931592f30cb62a

SHA1
a6bd63c03c4698f65a3ac18e6cf111b303fe379f

SHA256
0f2cd53f771a68b5e435f78f1b4c6290a1501192a25edffce99c4f719cfb89c2

SHA512
6f9cecc1ccc3c8d677d0db8cd91be92008f8ff98a58c9a2d0576d275e9626a21230893241cc6aef85b1537fa170985777143f5e5730ed923c88a35ac72daf472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
001bae08aca5ec4bc907b8b8e3706c68

SHA1
905900d7cb122ffbf6724cbf33369a546c85a42a

SHA256
286415e8029b311eb8e8d7a7cbb5a02855dc8902f9bd972e9fc14967d56ea8c9

SHA512
d5da2108dd8346554c81136b8379bf578db386431e2dd446d5f7ebc44fc06b8582e0a559c9d98299295246bcf7e54ff616e59fddd3a60314d2ebc050cbab5d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7973fe58cc7449c81a5665d58f043d8c

SHA1
f7a0d18497bc45f86daeab1d0de6dd31fcaf7479

SHA256
8efa2b184bb800e1234b1533baeeb119ef3459fc02cf5c1efea3f9f228bbaaec

SHA512
745a842c9732e9803f5678f1f19f80b149bed904affab0339228f545690a28b76b829c081f3a945c6fff8b90459dd0bda836102420fe68f10dcb81e62b050776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b0ba6f0eee8f998b4d78bc4934f5fd17

SHA1
589653d624de363d3e8869c169441b143c1f39ad

SHA256
4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f

SHA512
e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44a0265c5348b3f3d6a43218c47fe6c6

SHA1
45378e21d259d72192b80557eb79da4562b63cb6

SHA256
fba123a7a5a9608a8a827060e151ce71732fed402655c81ece63f18ad49668bb

SHA512
d68aef3efbb6ceb59bc0812657f2528672a3d3847286ca6fc2dec708473118bc5c2bffa8958cb01fbce20bbd13059efda4f58a72609f6ca3d5fbebd2921b9b99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
726446ee1f0787ba6c911b8e3d2431ea

SHA1
8e86f2675b6e4371bd0ab55fabee99a92c1dfb0b

SHA256
deec6220f853746e08051d5c27cf01c5a90f67d1a513ab83b01dca2d780deadf

SHA512
5482a0e9e7245084021e872a8826cd96f554ed2cbc07490a2a5358e4b21abd3c8c1b863660ff61f9042a421a1d1bda1234791e2a51b68a787733273ef5eabfea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d27c287587cda2c0e99b46a792877c4

SHA1
2dae605fbec366e13a919437405d719a8cde07db

SHA256
0692156cbc58bc44f2cc73227f68b857563fe6735ad1b60453725f6ce8ad2bb1

SHA512
26d4bf542657f3d19ee77f0a6d5d4b1581515223d19580fcf49f3a964df826c786c62838baefc39e3a677dbbf70d9229336596387064c82bd19a775eeaa74616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5910de.TMP

Filesize
1KB

MD5
5203898ef4d41e8373bf806b233a9efb

SHA1
a2a0c41580d965bc305149a3bdcc03d8dfe166ed

SHA256
10c85a3ce5dc3ba1ba340be03ad32ab83586c43fc37f057293af8af73bf07023

SHA512
9b1025ea77d2deefbbaa1c730e416884327ae8e17e95176eef91ac3f78cb06d35fe92e8074d4453f62aa795d11a58766f73e99f25757a9c31e2bd78f28b509ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2e9e9653f8e11d77507ddc60c1589fd7

SHA1
7d4e79059d0a12d1607c53b617584fbd36bdc810

SHA256
d358a9b205eca69f2f8936243ef61af2204002d30e6219f8674d59b9b18dc704

SHA512
3710a6b0eab24132c5dbbdd104f8cd13c627604599b90c5a8ee4f91484da5716f5d4ecf56b5cdb823f8084f3f4db17d2a9290ae04a945ab0ddbde164ee828dc8

Download Submit