646198beb72edbff9ad36ba534f28af732e7d4576bce2bc87a574f11580789b8

Analysis

max time kernel
157s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1696-122-0x0000000000290000-0x00000000002C0000-memory.exe
Size

192KB
MD5

9e126b8028d92ea1b73d83ab8ff42d6c
SHA1

fd0a118b76695cc546d486722c05e3a6c3c7c7ca
SHA256

646198beb72edbff9ad36ba534f28af732e7d4576bce2bc87a574f11580789b8
SHA512

60967e0f1f91e2a5d16d3e247c46ee5aa3f5c67fbf52aedaf0e8d8c9ed7f44521c14b4dbfb80e946fe7ab5e9df4b4edad4f63ddd12e08b29b740d4760d6312da
SSDEEP

3072:VO64zyFlJDGx0HqSYxNXUfMim4G388e8hE:1f1s0HZ8em4G38

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{DE7A9515-7BA7-41C2-9C99-1934C2405AC3}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 4968	3052	1696-122-0x0000000000290000-0x00000000002C0000-memory.exe	101
PID 3052 wrote to memory of 4968	3052	1696-122-0x0000000000290000-0x00000000002C0000-memory.exe	101
PID 3052 wrote to memory of 2264	3052	1696-122-0x0000000000290000-0x00000000002C0000-memory.exe	115
PID 3052 wrote to memory of 2264	3052	1696-122-0x0000000000290000-0x00000000002C0000-memory.exe	115
PID 2264 wrote to memory of 944	2264	msedge.exe	117
PID 2264 wrote to memory of 944	2264	msedge.exe	117
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 2292	2264	msedge.exe	118
PID 2264 wrote to memory of 4348	2264	msedge.exe	119
PID 2264 wrote to memory of 4348	2264	msedge.exe	119
PID 2264 wrote to memory of 1144	2264	msedge.exe	120
PID 2264 wrote to memory of 1144	2264	msedge.exe	120
PID 2264 wrote to memory of 1144	2264	msedge.exe	120
PID 2264 wrote to memory of 1144	2264	msedge.exe	120
PID 2264 wrote to memory of 1144	2264	msedge.exe	120

C:\Users\Admin\AppData\Local\Temp\1696-122-0x0000000000290000-0x00000000002C0000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1696-122-0x0000000000290000-0x00000000002C0000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1696-122-0x0000000000290000-0x00000000002C0000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1696-122-0x0000000000290000-0x00000000002C0000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x354,0x358,0x35c,0x2a8,0x364,0x7fff688b2e98,0x7fff688b2ea4,0x7fff688b2eb0
    3⤵
    PID:944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2308 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:2
    3⤵
    PID:2292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2924 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:3
    3⤵
    PID:4348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3056 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3412 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:1864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3588 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:2648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4852 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:2328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4260 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4252 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5128 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5684 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5684 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5680 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5928 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5900 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=1268 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5516 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5452 --field-trial-handle=2312,i,3958453771455279896,7990136498098661078,262144 --variations-seed-version /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3376 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:1
1⤵
PID:2560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5368 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:1
1⤵
PID:2596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3840 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:8
1⤵
PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5456 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:1
1⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=3372 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:1
1⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5592 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:8
1⤵
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
91e60e466cb23688852776f8bb2fc42f

SHA1
b947a5d32579b0cf10e57995a1eaf1f6659e3c10

SHA256
6ed2529d5ea92a429326b215995c9e2ba7d150bad6044448f0dbfd88f180df8b

SHA512
6733dad3b4cba7c806169b11d1f9bf55d329a20efca6e64569e72dd67519268b539789a8554bf71a60645b21560017659d482ac500234754728fdd768dcb5a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
b58211ad0be2a2e0819203d22e07c2e4

SHA1
090b9c4c425dba69e4b66650745cb229846846f7

SHA256
fcc1a21bdbf065abd75206ebc208a4068e5e74dbe5a377fde2050cac2ecd34a5

SHA512
7eee3d92834509f833668dfd47913efff3b6af152e98a7df927558bc8c747347de7cae868e53730f8c22b38e358cc76634308a06eb75fff4a00c7af23e6b63f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3de50df7-4096-4c09-ac5a-bc023322cd3b.tmp

Filesize
30KB

MD5
035c4326e60fd64901e76010725bd84a

SHA1
cbb4e893b082edbb2eb8c355dc2b23e77df98720

SHA256
b0f9854562f425bfe382812e86dd7908529aca9ba347088a22f2033e8f06e6ad

SHA512
c0ef7ca5d513837b3d0db6569217261d6efc5842b724850c22331ef3e195034bfa802a0c237aa9bd2245b6c5464474a9637a118caeb383517eb8393b2e493baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
e1810b0ede893d5f7ad35d4fc884fcfb

SHA1
3473e5e4b45b1d77bc4aa4464e7d4a596880f19f

SHA256
5603e0fdd1245ccf8bc1e3e6e6d9880b08c9b274205e6373f302c86ba357d127

SHA512
6614af28513989b6199168f3ee316e40f2c71807eda330ffcff6c4bfb34c52d5bd7d815d1d13705327dc904dcb1036e7d5ec3a99440166b1976dcaadf724facf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe584baa.TMP

Filesize
408B

MD5
2e9a126729bfb6c8b278529d3e10e66f

SHA1
667a4822a4ebe9ca3f2853feeadcb68146a08805

SHA256
5c4ff31624a12b914b5942e7ddede216f11e7987779e2b72e601ba0e1140199a

SHA512
885ac87b588b5c7ae29a0aa9977764b0d71572c2c1cd74b2898bb6e790d7cd2b34da9b590e013a78dd9dcc557efc533922c31af6b017a2c91c322151726cfc8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e1d4c6553a09719310f141851fc18c2c

SHA1
43311a74efe3d648a9a1294c293050265e5aac9e

SHA256
da4f545e6e3fea8fe862641c63617bf6bea7983e7aca20f6c62395d4f1f1eddc

SHA512
8caa8fc0119b6bb1ba8be945cd325c428d8e018454d5bdf7f67fcdf78552d4665da7d960bbd252028589f3bae3a7b9c8865d9b7c965756cd6560f32d591647d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
463eb51acb060b68298d893d131d4c14

SHA1
70fd173f687f5742afe610b8885619ec9206619a

SHA256
1474b9c5dcacb85794c55a01f5f97ecf51731e114b424a4bc31010b0e93ee279

SHA512
7ec840799ad7712e8b28fa50fc5d261d7a6e94507a09a945250a74269c818132c4358ec36ac6b89d85e269e494717f1b6cb62a3cff9f3576b92b2100fdfc8180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bd9bcdbf3e6139a8171851f723cf8307

SHA1
19bc25b06492c266e4643a7ed0a2c0fc4a5e631c

SHA256
6e2781ca274146d264bbb7ac59de7edaf68b6ed524286ae751bdc7b1522ca59d

SHA512
80fb807e3dcaecfef420a04630158f6c0549cdfe2f3c9956fe41106b3d58a7f8a9e432176a1c81b693e650e97145dd00e382253c7806896060d12b20dc1609be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
a39f3319b09e6f57d6a4753a0ce5d343

SHA1
ffa924eaefd7c787cfad530bedbb9bc336725112

SHA256
19eb1815ea9c45a4744dab12f019efd186cfba3b05e3974920ad111df0a0430b

SHA512
04524c5ffe152b4f04149629add999bdee5ba6a3577e7061294a1e7961f7a688f79e1e19db560905110fb82e92adb7643e01002bae193963526bbc8a14589c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
8d04e549545ea156617e68d62724a289

SHA1
283cc337ff35134c3ef945ee4ba29d93274db140

SHA256
895e6ca8a86ba47093f816278b107878e5accbde50c1104b6db39f0a4b9a6453

SHA512
333f348b59444b341ce0fe2e549feb939f4f291002ba8ba2fe05d3e40959396d69fc37d3cd1126a4fb6457a0efcd3604f4d21fbdc60fa63d0074602690d8f9b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
8ef7e50d63f05daef055177c70c4c449

SHA1
fca155ff2b7ad1382b1973162399eb98e12c6e9b

SHA256
34e8a4d3b5267ec03244189cb6704faa17a06ffafa990cd0241796fb2682da0b

SHA512
31b904de8d503870a00525934b67114a4885d7985b683807e8bffec5db43f097431bae0afb59009be659358a82a1de420ef40b29f6539d53a019962c3a583777

Download Submit