hxxps://github[.]com/mat-2000/Adobe-Photoshop[.]git

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/mat-2000/Adobe-Photoshop.git

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2628	msedge.exe
2628	msedge.exe
4568	msedge.exe
4568	msedge.exe
4376	identity_helper.exe
4376	identity_helper.exe
3148	msedge.exe
3148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 3948	4568	msedge.exe	88
PID 4568 wrote to memory of 3948	4568	msedge.exe	88
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 1984	4568	msedge.exe	90
PID 4568 wrote to memory of 2628	4568	msedge.exe	89
PID 4568 wrote to memory of 2628	4568	msedge.exe	89
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91
PID 4568 wrote to memory of 4332	4568	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/mat-2000/Adobe-Photoshop.git
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8f9446f8,0x7fff8f944708,0x7fff8f944718
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2212,11066567998742061576,16158563562753751816,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6936 /prefetch:8
  2⤵
  PID:456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x450 0x4f8
1⤵
PID:2200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault942e6bb8h8200h448ah98a5h09fff94ce509
1⤵
PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff8f9446f8,0x7fff8f944708,0x7fff8f944718
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,10993907476091291657,12276904247071969041,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,10993907476091291657,12276904247071969041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,10993907476091291657,12276904247071969041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65a51c92c2d26dd2285bfd6ed6d4d196

SHA1
8b795f63db5306246cc7ae3441c7058a86e4d211

SHA256
bb69ea4c761c6299b0abbc78f3728f19b37454a0b4eb607680ed202f29b4bb01

SHA512
6156dd7cec9fee04971c9a4c2a5826ba1bb3ef8b6511f1cdf17968c8e5a18bc0135510c2bd05cc26f3e7ae71f6e50400cf7bec536b78d9fa37ede6547cfa17e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce1273b7d5888e76f37ce0c65671804c

SHA1
e11b606e9109b3ec15b42cf5ac1a6b9345973818

SHA256
eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c

SHA512
899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8a7fedcc4e996732221c825148a2970e

SHA1
45e75257895124110816f38228e18e45694cc605

SHA256
59544aee7b0abd044eb71d75680112dd1b8eeb1cc4dc7102f2dd125b5c94d2e0

SHA512
7c6d6edff9fd77e613ade57bfbac98dcdc236ba5bab06761fb409f664e522c029ba8d7d4bc99b03a340dcbb70317af1aab1b65dce124853845b26305bd6ed666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9c5aece4636ba702cca586c1a74ccd4a

SHA1
e7c15d35567afa5da51a73b2e27e6993b8c60ed3

SHA256
6f003445d86306cb7b8b1b4f47d671fd9ea5eba57b4902c87a9e704bce0a0bc3

SHA512
1a0536dc54e8307e24410fff3530e8933fb35c850641fbd0bc331383a45f918ba6c41d85e1ba9f9d0a07b9a911f7d356df8817a7003c7ece72eeb69439a432f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
da1f91620be628651a1610645368594e

SHA1
7915b2113c19d1f98ead82b5fc2a992c83127158

SHA256
46919f7c7181de250765f0a99c40dd73ad60d6194c25a63032c1b773097ff815

SHA512
e066398402d54b41e93581c81d3044ade0a5dffe88f711853116b8cde0c1166f0172d2804b7c7b3cb4e5f1ce19e25e57b9fc5f6321718ce51ed2252b45a05f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
9d8db2cff17e9c7cb9f9110055b09484

SHA1
2c49de5131b9ee43ef38bc5bd39fae5eb13d6c07

SHA256
050261ba5b36ae858bd63cccc12c7183502745d9537ec1f55119a747f78771ba

SHA512
db579ac76e61ac1f498a0f254ad5e66cbc4b52e3b20981fd2f07dd06cf2526039419ac6de694f26af32459741bcb7e8fe9eab3c500921d07bfcffed67f0ee715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
864B

MD5
71b7de82575ebe0cdb56999fb9e33464

SHA1
ddf4ce6d768f93136a70591fdd0bb8266c3099bd

SHA256
85f508ed0c6df681698d217a274bf6f9056714d664541a6df82f105d904edfdd

SHA512
948644519a122583115266119099d171e3f816e5624ca77a309d354f115c658ee7374e0e0f7421a63ec7f5ef9282d0adcb035cb0f54802aa235608ff725200e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4d10ee72f90fe9fbfd058e2cae8fe59

SHA1
d16954204f33d10ff3bd247e68346efed7a5d401

SHA256
82803272de9e696db654107a5ed45464583d8ce1f5bbc2fee52aaacc7ac3af67

SHA512
be3f041d07ec4c309e21d942f212d5b76954fb936c6c745e4a0b8e4108502e2f827b05744b45747d12fd24d4c3fbbe1055b051da51f87c1b84178ed7e4910719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38abb71b761f6ac8134b436e3b98fe24

SHA1
560d3e90f680562b3ae0b8342768fa34574fea9c

SHA256
c7b12fa246bb33c00ccdd1e70ef9a6b36e7abd51c85c1ec149ba97a854e2702c

SHA512
88350e689d1bb06af6c69fe7dc2166d29cc6604b62f6c80adefe5142960992e9f34e093e021d917345d09a67c5fc023d796df7adb793700bd32ad1f9f3802439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73511e36c1c47df4033b1dc88d3c46e4

SHA1
f17229938903bef9c271da60ab85bcc0e3bbfa57

SHA256
ab640182f9a94ebdbf70025e64bec31d9e706254986c35d6c6a3945000b00e45

SHA512
a7f875565aeb95143738da28f505dc34fb4e6cf8394a8e33c57ebcc820fda659137ef373d3268d92278f287c4d7fa5b2d1f9a1386831a3c6bc6b71c91215043a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
22301fceed0e0445eb1b94a8d483914d

SHA1
5ca37dc407bea78311cbd61ab753e85c897f10af

SHA256
c9fff7c0166c5576bee18b188ba5c1a75f6087001a7e8870f4b232620aed2535

SHA512
d11f30366873488d0270b6471d62c583f35eed730b1e2af78bdd382cb546f66260424cb21f70016f9744ce9c1044d79da69d11875eb3025f394c60e5a238910e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8491c5373f9d22c7412c7e698fdc195e

SHA1
11e19d5672b1895880ddc91ac09cc1cae1e34a54

SHA256
88dc2e87df87160314a938d084277c1815736540fcdbe4267b0890548da6a991

SHA512
910a3633c7fd859453eba26ea56af8fddb8c4dfbcf6947241962975964295c397b37644500715553e7572c3c8cd7bdcb4ed8fb3bebb2e5c889a015ff9412fd0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c19dc883b0797c28dc1c2bb0cc3e9163

SHA1
2f41f2fba2d63583b61267a65bb10e3f3eecdec2

SHA256
772b66f90367879d76e99e5ff3ed22952cea44078db6176f0098b35ec2635081

SHA512
ac30d177de74df1d305f63c23f3c5ffe35d74e91ca234526bace64c5700e10d32f3d73d4932cf71efb8e209b53a588ecac690e2d32ae4b3d77c9d206e3c57dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
256B

MD5
815aaf7ec73c06ed16f208e03e4b2a65

SHA1
adc4107cc96ded94d2e0ddc9f0eb61b6eddd0260

SHA256
c2e5fd5835bc8207c7532cb7d4940ebc7ca7270bd0b18868744e1aee2593f7ee

SHA512
4ef6b8f82076fa1f24c55bf0251fe81ff5587d8835f61da1143b7899a6ff3a0be08329fbe193942169c29e23904e3011c13b1cdfe7529dd9019b3ae446e782ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
b0080b036733603b640c412fba4e47a7

SHA1
3c9eda78b687c9269021f153225e83a3bbe8969d

SHA256
659b70f3241e31e574276af0adb5f4551756d42a011dd02ac0735ae73be269be

SHA512
d191e047149715f2dfd821f228e273dfd6e8619de00826f1549627b918bc47aaa00cd55d615bbcda04007356608af37a05b70af34b50cdf4a8721574d58c051f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
0561c531c2621ec257e0c5ea04ff1b89

SHA1
5181a67926f9a61d8d74eb8151169ca649225a9d

SHA256
de59b68e48b65e8675b82a8926db773d2dbc74008db0a9ab230de874608908c2

SHA512
4fadaa16afcb7ad08bdf8c1b956d49d4556282aca4d15ebaae6ecacb1d11176d37ba6da3622c5fb9e792635f31f3cb06a3d3e3a7dc4ae9d4581c289efa451487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ca7252de0544a065545fd258338a8918

SHA1
3d41a7fc2e8d8f9cbba9a7574a2a5a7e66d4c959

SHA256
599c686a2b7280829f901e2204a42b840124ee2b085f2deff373b40da34c9b20

SHA512
bda87cc8300ec4fe6c340e4e2e3e309585cde67a8d52f18d0dfba60984182efa631f460c7f10f65609848726be249c376f3fc037956b5eca614e445cb84bda26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
ad714ab448ed4385d35b79dad0923a2e

SHA1
66053bb317bbea50476cd863182e67cb7da5d2f5

SHA256
c78e8d2a4a966e6e8338602b4389a70f4b1b181e4a467a02b66d7bfcdf6c2b2d

SHA512
0f2dd42c248799a5320e2aad8fd24c654a0af1a52e76a743c8d7c280e6c1131af27716ab6347b7acbf03682a79b11172b740e39ad8c94b5502c5b0b8908dfdeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c701d673ce46292fd6c82f4a285b6547

SHA1
81bc65ed52b727cafaebb529b7a13da2eaf2ad5b

SHA256
ff4f6252ea8b1d91f3d912b66a62a1423c5a3af8dc785132d5ece49567b04675

SHA512
a2f715833e450424d6a4657fa0b0e4095fa85da1c1fd4719bb98abcd72ac164b2b062b2aefafe3f8ea7e427cdb61819ae3d5379fb518ae57820025fe5c65019d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5818f2.TMP

Filesize
371B

MD5
09eb71c6929c967552bacf22e911be20

SHA1
e71f1f188ac38f49ea33d0ff6938777e9a66dd7a

SHA256
30f9a26194318ae17b5260a258f47d926a460528bf60d26b33402a1f012a797e

SHA512
c50c46d4dfeead1795d10ba8385e9d611b9f5f3a8fdd1739a23106aae9cefc5a01fd98a038588fe5bb47869e0ca290b1fe9e391fd00a9462aa309144c10b9abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
337451ffb40f4a397b676d71885e884c

SHA1
a45ae13e086c95fe9fafabbd403b479eec0924a4

SHA256
35b5a80a86fd3d4b693db8933e9ded42db1da3c6e56c6ee0873e14989365bf7e

SHA512
6567712a1d128c501e085d2f3024f2530e00b86f8c1434974055c2c67197bdfb9ac3f8f874fd7621bfdfc0dba68b977cd2f272bf23a9182325bf46797d409cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f0aa47ab8a8660c127fa63037b0527be

SHA1
a97f35e872ff7f38697eeca46edee9ce6c5ca922

SHA256
b535bcc5ee91f0229fee790155eae738bd47c38604aeb604a2903f5117e23f03

SHA512
642e9a559232986f4b9ecf0302d46ca1728b741a8bc056ace2fbcdfab40e2eacf4601a0eeeb7208713039826587276cbbf9fbb231e1e6d3a16d4bd90b4db0972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f419d6a0f3d7bc131083b10d2f544181

SHA1
02796714d78dcd9cbb2008f9a2f2530881903399

SHA256
2df58fc0aa1a64d3600ea21e9d59ace37fc8e7c0e5aac3ee41c838e924b70371

SHA512
1ff63e94b2b772615be7e6e532c629e01f9c4137f3316bd5987f873fae2931c3d931d0f4a511b5f8e388b7f8b15683141868b514d8c3b4edd19401bfc4fbdd47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
1e8babad61ed82fcea10634607780d98

SHA1
1928c655f5d93ea7e805a8625f5880966199e130

SHA256
2148d12fe9f41987420f09443cc4cf2966fa9ed2b033f403a18cd4810da1eba9

SHA512
166089ea76787433182f1e66e691a78525196cb5750d49820b33e06bf5f2d1a0010a1721d242121a99af08771af2ec106fb1f845fb3d1e91740743d901f7595e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bc067e808724cdae18f51a2a5b323473

SHA1
c47da688505a7d8de2aaba65fece0bd2687b52f0

SHA256
40a9fefb008c80427d47b9ce2a4f87a4469fc080b34f03a1046719020fa0b56d

SHA512
0e24ef74eb186460a9c47be91904f35fc580895f6435586e84b28c54372d5620f766a192eb2665a42b9b231bbaaf78a936192671f05a3585750dd0a61e75e33d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
190KB

MD5
e5a87e5ee58f7bde129d803f21081ff6

SHA1
d6360bbdc1066838c80f031237eae0a7e43c7156

SHA256
20316a8ca97363b23ca79c2c3ae4e3edda0965f49fabadab0e0b7e23e85bdae0

SHA512
f9e824097bba682ddb118cbd9d31b6ae7f60fcbd86e59b1b9b739016836cf2bff1ad6ad0aff85b717758490380c7d4d3ccee1a3cc3f6c50364fccee516a50c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
cd2f5be7d0aa74afa9160e170657feef

SHA1
3bf6b5610f1602572308983c5935f6194a80b892

SHA256
619b28a490efdee13f7611307b06399af5f380730942ff3d1b2cc71713b660ed

SHA512
f33e69ad71c0bc91051ed5990bee4e7dcde8b7f7b17953cfd86233d6006051f90f65292c49b100833f5495d7e6ef5d8b9eb17c2d3c21e6d19651c220aff5d889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
cb9c97ab30fadb51c047a424a58550f9

SHA1
e9fe07ecc831bac581bd8a3f5eff100a869022cc

SHA256
49e521a824687c905c46af0c2db99bf8a8fb4ed539b8a8d40bd7b791e095c75d

SHA512
bfc3a39612e39ae7ffd1213becdddbe40bb1e91d554c7e6bfe51a60d739457407afc57d96a003f25d119973b552164ad8eddc7c67c04c8ea815d4223670862de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
7c8b1e7a6d0edf0eed54234db188ecef

SHA1
ed4f17a50350350e6be4c3ed32d6d1e13622a41b

SHA256
bd8b6fc7b3c5b7e71734506e1b711d48e6e7905c07e66a1a4e794a009f80e848

SHA512
1d267f0ba7ced7ab521dd271b65cfa7ebbcbb4e9a4d37242ad340f72699d8b60bee48e980208aa0bd422d791529e7ca57c42705f557baac6d1567de0bc8d8f6b

Download Submit