e63458524b71d15060aa6deed31be11196e833fd036a8fb4f58c48bf763161d0

Analysis

max time kernel
150s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-97-0x00000000002D0000-0x0000000000300000-memory.exe
Size

192KB
MD5

dcde524c350e0a02ef9c8d8395b14cec
SHA1

156e21c3f922bf27c8cff53bebaf463ed0975599
SHA256

e63458524b71d15060aa6deed31be11196e833fd036a8fb4f58c48bf763161d0
SHA512

57005746247a4f9030e4e673318b1b856d34368a4d985b152b5e51b7501bfb87d87086374e51bc95aa3ccb255019bf49a63e37a02f9f5d3da5ae18e7ef5bf570
SSDEEP

3072:K47FCYO0NJQ5S0xNcIA7qVJeNGs8e8hy:Kvd0AEnCVJeNGs

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{E0A4048C-EEE7-4851-99CA-62AD461D27E4}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5532	msedge.exe
5532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2736	2788	2024-97-0x00000000002D0000-0x0000000000300000-memory.exe	102
PID 2788 wrote to memory of 2736	2788	2024-97-0x00000000002D0000-0x0000000000300000-memory.exe	102
PID 2788 wrote to memory of 3576	2788	2024-97-0x00000000002D0000-0x0000000000300000-memory.exe	111
PID 2788 wrote to memory of 3576	2788	2024-97-0x00000000002D0000-0x0000000000300000-memory.exe	111
PID 3576 wrote to memory of 404	3576	msedge.exe	112
PID 3576 wrote to memory of 404	3576	msedge.exe	112
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4616	3576	msedge.exe	113
PID 3576 wrote to memory of 4968	3576	msedge.exe	114
PID 3576 wrote to memory of 4968	3576	msedge.exe	114
PID 3576 wrote to memory of 2200	3576	msedge.exe	115
PID 3576 wrote to memory of 2200	3576	msedge.exe	115
PID 3576 wrote to memory of 2200	3576	msedge.exe	115
PID 3576 wrote to memory of 2200	3576	msedge.exe	115
PID 3576 wrote to memory of 2200	3576	msedge.exe	115

C:\Users\Admin\AppData\Local\Temp\2024-97-0x00000000002D0000-0x0000000000300000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\2024-97-0x00000000002D0000-0x0000000000300000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=2024-97-0x00000000002D0000-0x0000000000300000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=2024-97-0x00000000002D0000-0x0000000000300000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x354,0x358,0x35c,0x2a8,0x3c8,0x7ff90cd62e98,0x7ff90cd62ea4,0x7ff90cd62eb0
    3⤵
    PID:404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2308 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:2
    3⤵
    PID:4616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2944 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:3
    3⤵
    PID:4968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3068 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3436 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3468 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:1776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4888 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:4900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4908 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5224 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5232 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1172
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5812 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3860
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5812 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5904 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:5404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5168 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:5412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5128 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:5520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:5308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5136 --field-trial-handle=2312,i,5517915047466776436,3504167675260964783,262144 --variations-seed-version /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4108 --field-trial-handle=2972,i,4036376905309803364,5412922217215781933,262144 --variations-seed-version /prefetch:1
1⤵
PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5056 --field-trial-handle=2972,i,4036376905309803364,5412922217215781933,262144 --variations-seed-version /prefetch:1
1⤵
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5048 --field-trial-handle=2972,i,4036376905309803364,5412922217215781933,262144 --variations-seed-version /prefetch:8
1⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5520 --field-trial-handle=2972,i,4036376905309803364,5412922217215781933,262144 --variations-seed-version /prefetch:1
1⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5572 --field-trial-handle=2972,i,4036376905309803364,5412922217215781933,262144 --variations-seed-version /prefetch:1
1⤵
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
de566db69f6b3b6b93653d714e8fbcc5

SHA1
af370d059e7b18e11059abe305393c3fd1993e64

SHA256
fe2e25df476c5196c5b3bb61a049b1ec9772ce86bc43d9bc44aafb95c6de2b09

SHA512
3700c1c12d1c4657b4bbf370cfb124e45a9af4c4e3395166593d354aa95d47ad3ef29a8acae7e942e6ecb8de2718babd15693eb6ab243de88c3f6716bafa87e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fe168db42b695331636af61a5dd558b1

SHA1
560a20510d6cb52c999d53b27a4c6bf7c9498dfa

SHA256
84a1c44f3c47f6381dd78ef225482f0624ece1b6c4f058ffdeef27ed619eb1fe

SHA512
7915476b95445656305ec70c7f4121c45cb879b62aef4cd38223bffcb62bf1989105b5fc04dd05f167c2bcfb707b55c59af7f8930c02881599fa5e4bad165861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e4f9f2a5e5928fbb072c63168345b491

SHA1
63d175ed620f63b319fcb5a1003fb2ac33570bd4

SHA256
421e9abc2ee533e8a62b973097c122eeef9c5218cedc0d01599ec87a01d4d74e

SHA512
baed41156c03b5d50d778c7039f089e1e5715e6fd98412067c76bdc8022de4594415c362388c03549afd87c850a760997b6975f0df31f21b3895a8a8023318a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe583832.TMP

Filesize
192B

MD5
f52ad2fd4616d8db42702db6e741b535

SHA1
723673efd4f5b1133f3b4ed616d83154c268b572

SHA256
58338dcb6005799cf76e0ee57aa459bcd605e7c90c603755a577ed85ce54f345

SHA512
d32b1a9714a0dcfa6d4da5ee027988fb16276f48f8e614ff34b171425e9803e1f4ce2754482fbd685d23ea3d61587d8e762d26a1c725cba468d5e7fa3fea0119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
abf21afbf38559b38ba0b24adc9ba14b

SHA1
f97799bdd42ae7b99792651ffd9b411d35f4b18c

SHA256
b285f83095a4dd5a4a6ec897e884f7ba7574065ad0bb5499a2f0eecce000757e

SHA512
06d63c0e84a13f01e08ee2e53765513ebb1979531423d44d3821782157e57c3b51e14a3d22c5f27fa451ecc09cac22843f769dba78cb7dce6eb848c5097a34cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bc29837b9f3dee1d88ae20bafb2596d0

SHA1
1a608bab0e991e068cfe3a216ff3d418b0d5f323

SHA256
8c3415f17cb7d231e5adc1753a44d7e61918fe5248e25b7122fffbc002e092fc

SHA512
8c7bc987fe1e0a0dcbf6416317a3258e5fb92d2c278164f82c7fc8ec1b7b8f8c0754ec4689291d4f9b315723e585bcb5f07c6763beb226cffc602e61fdea55e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
65a2e55d2f51c64559d56570dbe1d38a

SHA1
ca8e2e15511262432dc7bc586277463bbddca54a

SHA256
77077447122fa8458c8f560bb758b9d2edcc9c1f13b5cac832b8406542f58deb

SHA512
0fb3e334f1897a06643bf52ff38a7493a89deb78a40a1ead9b8bb51d49d365dfe8b94ccfc692289d168cad5809431fed8242fb49cdeca88f204290839a06fe0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
6c10235457905d75fd6a8b7ba26ef79f

SHA1
b8b36039c7c86bf5a1a6a8bee84ee073055d85e8

SHA256
039aff15ec452a4be0c554085c5117da8d4d1653714e724857a3c0ed51d15fdc

SHA512
c11ef275020be9db992995e768d9a8973e1c133116dcab9a90e4e67d25148b4c1bd12cb813fcc2352332759eb1da6cd87ea68bc24a2327f83e55d5ee74ae8ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
ad0613bcd7857cc286a40a46297210f0

SHA1
71e9b8cee3abdfd43df64955b288c53e73d4efc3

SHA256
2529b0b11efead1d34995ef35f3dd458eeb6dd685f474d4c635240cab1bf6aac

SHA512
72fe330fa725381da8e1e220894f19f0a0d4b36ae9a34263fdf4bd825c7bad6aa1ba3e6fdaf4719ec6a624aaa25e494e1c92dbfcc54d4e9c17d3eadd769d009a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
1ea1ee16827b2d57120743cf40986390

SHA1
1cebf4fa17e33741af2749f472b7d250222b2586

SHA256
44ef7a5be70851c9714e984ea80111dbcbf204d94db81e4ee1748e5efe13abb7

SHA512
8826bce75e1943e45bfa78276bd73dad5ac748e88aa393f10de31efac381cf2c0de321f12629b193d2f73ee0e85fb2935e16cf7fcff7b8d3cb8c9d9c9d8f9065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
7d4746761cef57584991b339577bb1ba

SHA1
12eaa8b6188f7036ceac26d2eb6daff0fec54706

SHA256
05bb49dac650af27516f3576501d2823df71be93836840ffd6460acd78a4fab8

SHA512
12cb66e87603ba042812824ae59a075de4956d64752071ad454d1810f3f16486a4f8232f68917af70edef8699a64727205b75502c8b7c68e682afa427b9a08d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
bf1ed6e9e4b7ee4589d38c17602873d9

SHA1
2785aa65b4d17bfa867f2423f6196f10318c501d

SHA256
2f6e63dd6670681cfa8737693b59fb398a606ba73e3b529d9a8ac34e2d46453b

SHA512
73c1c951337490263e6c273a6e80f62e1a1fd33db5f989078708645350995161c322f353d4a8e37c11bfae864b1a302282cbaa4e3da92b808d7a485bf37bb0b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
e911372740f084b784e0f8615d3f81e5

SHA1
9e48da6ee9a44198159e0bf0a7d142fd488bf0f4

SHA256
e6b988c9475bd67f42eab2b11317f016565dcbe6680942c7b85840e22b6513e4

SHA512
378f12e1aee589a4065f960f0ee44c5c87bebe81fa2fa0be4dc88f4ba44146a0831d62e044072725f50fd0f5b5318f332dbe54aabbbb806913b182ff036c02f5

Download Submit