e376bae94dc023f41d031a476072fde476caf19f00492c851e7698b6e1e6b522

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e376bae94dc023f41d031a476072fde476caf19f00492c851e7698b6e1e6b522.exe
Size

233KB
MD5

131d9bcc9fc03211f0aba528b58c0944
SHA1

e02a895b8cf608b96a288dcd08d109ec9d8f06ca
SHA256

e376bae94dc023f41d031a476072fde476caf19f00492c851e7698b6e1e6b522
SHA512

380d069657c5b345451c783403822657fd0e825b46bbca3e51c7d3acef5d1f4b70153a420e20505f7fff33a6d074ca560c041f18179ee9490129d532246ceba1
SSDEEP

3072:6V1Llsr3zn7lxhQ6K83xQsiJIaeuwPfP52mRtZPt/8:g1L2r3zn7G6K83xQsiJM/PfkWtZ1/

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{EB8F2FC8-D725-4643-9BB4-AF898896E8AE}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 228	4108	e376bae94dc023f41d031a476072fde476caf19f00492c851e7698b6e1e6b522.exe	90
PID 4108 wrote to memory of 228	4108	e376bae94dc023f41d031a476072fde476caf19f00492c851e7698b6e1e6b522.exe	90
PID 4108 wrote to memory of 1148	4108	e376bae94dc023f41d031a476072fde476caf19f00492c851e7698b6e1e6b522.exe	101
PID 4108 wrote to memory of 1148	4108	e376bae94dc023f41d031a476072fde476caf19f00492c851e7698b6e1e6b522.exe	101
PID 1148 wrote to memory of 3904	1148	msedge.exe	107
PID 1148 wrote to memory of 3904	1148	msedge.exe	107
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 3288	1148	msedge.exe	108
PID 1148 wrote to memory of 1304	1148	msedge.exe	109
PID 1148 wrote to memory of 1304	1148	msedge.exe	109
PID 1148 wrote to memory of 4440	1148	msedge.exe	110
PID 1148 wrote to memory of 4440	1148	msedge.exe	110
PID 1148 wrote to memory of 4440	1148	msedge.exe	110
PID 1148 wrote to memory of 4440	1148	msedge.exe	110
PID 1148 wrote to memory of 4440	1148	msedge.exe	110

C:\Users\Admin\AppData\Local\Temp\e376bae94dc023f41d031a476072fde476caf19f00492c851e7698b6e1e6b522.exe
"C:\Users\Admin\AppData\Local\Temp\e376bae94dc023f41d031a476072fde476caf19f00492c851e7698b6e1e6b522.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e376bae94dc023f41d031a476072fde476caf19f00492c851e7698b6e1e6b522.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e376bae94dc023f41d031a476072fde476caf19f00492c851e7698b6e1e6b522.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x354,0x358,0x35c,0x2a4,0x39c,0x7ff96bf82e98,0x7ff96bf82ea4,0x7ff96bf82eb0
    3⤵
    PID:3904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2304 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:2
    3⤵
    PID:3288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2512 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:3
    3⤵
    PID:1304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2556 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3416 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:4864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3448 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:1140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3852 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:2160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4604 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3584 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4592 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4028
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5664 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2736
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5664 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5808 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6048 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5996 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6108 --field-trial-handle=2308,i,13035820421085128805,1932907096619660695,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1340 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3764 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4928 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
1⤵
PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5844 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5424 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:1152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3740 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
1⤵
PID:1752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5856 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
1⤵
PID:3208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0335eba73988df5fdd180d4afcab39fb

SHA1
8980dfe822f4b001b9b217cb93ad57ae30da00df

SHA256
8a96c6b02aa21f0aafed58ba70b400c4514acbd4ba18a3f47a8ec710a8f06151

SHA512
a1d5b5cd545fce64f0e176908b0ce338d88ce2031c5b4192c9d6935e31f198a8f59a5edcabaa678fbb736b730d2882e78a082e7241db199b1976811c9a8229ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
6bfeb3d94f8ddb89d001f4c0e87fd9f7

SHA1
b2ffad9e46d40c44e43fd8f0486c317ed604f2b4

SHA256
998ac7ba048ebd4ff32c6002e3bacc1135c62b9cf4a78f6ce8477a90c70d0c02

SHA512
42665db26855bbfcac047a0b4ea0f14712000af626fc7edad71cc2adc58922d68a6cd49bb06afb3b6668a50ab7e15a8d8a03c7d47dd3d5153006da5b41489691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
c9a9f6c879151f9ca824b8365adb7b1e

SHA1
2eecf65df27112dcd4687edeab308529b79223b9

SHA256
38028f3e2cc5eada2dc80a71a217bd5963586168bcf35be1ecd5ee46496f68dc

SHA512
07ea31d9d809690aeda7d9101bde0612e79bb196943b6abf0298eac170930222626c81c75dddf5e06378260ff41b33732399709dd87b7ec738902f43b1b62c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58dc71.TMP

Filesize
408B

MD5
63ee75057eadebfc0aa935fdadbc01f7

SHA1
4a48e754ef6c781ac5ee8609131a0f53c8cb2e2e

SHA256
ebaa3ba4770a7b03aa5aea9affa2f2fcf73d0bd5c171cb638ed782ed1c4cc79c

SHA512
e697a259ece6c8ceeac6eca45726d0521cab02e1f03ec5de3b3a78922510e455a7f8e9a4e2a79c77dd8e1d4f54771ac4d1cbdf049ee1cfbde8e0d207fbb5610e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
43bf81e4bca1aedcd9f7420aeab55286

SHA1
c30e502a23daed2065988d516a7f71a903b161b4

SHA256
ff67ac72b8b89d543882adbf47a01939b283a4f00c05801ff1b61347cd4be937

SHA512
79223f4640202d9da529e4cf2120cd32b1b6074c4406e51ae30986a759877ed43853fffae0241efb128ef7001c3a862ddfc50222f543ae3b1c313a29bb62369f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1019B

MD5
d6c1054308aa95de521eaabda5b54963

SHA1
424f7b382ff534f9e9a77052753a8e353ec5e301

SHA256
1995e5fd90aa729d1d94389f0e28c1035a0049be2b19fb01a16bad9f47a6a3f5

SHA512
1f74ff7d64bed5358d1f177aeb82546cd70698ec798a1a562731e11b973154e9221ccfde3474131f52a522bcaac71a58a16a4d3901cb192c8783531abfdaaf98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c30aaf7cc93b88ed6a71c1dbe50b3cee

SHA1
f391e571e2a0c900aa32edcf04ba19f8327a9445

SHA256
43115e57b9b55a6e8426e080487be7f63b2843eefec6deb0834c1c8dc70b0d2b

SHA512
861a52454fda4f915924563fa45c1c3dd727e2cd1a011223b0de068f64ab63abf24b254d5aa88d8588b312663b1671803a4c5665dfef1c0bb614f64d16857fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
aafa5cf8308a00b0ee8809f102c1d118

SHA1
022bbbbdf136eff53dbd9b68d6a493b09ca0bfb9

SHA256
15ec5d589713e86f7e4f4f3e8d42540025e52ff7c5b87986a49e295b811313e1

SHA512
7270b5b358751780217f7b6d50365499bab2a78570f0dbd32f5697d6184f881b4d4987c49ea5b22a3081ba61e00a19e02fd20f104d02a6f193438a955aa7fa60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
51KB

MD5
7e6f9ee76c0828681bd7392c57596d04

SHA1
116f53c2ba09fe7dff47dc5e0a79d476c71d1c2d

SHA256
02e07c9ba9802e710c9ea0ae16b9ce9e1100f6a50707f796516e94ae455d9253

SHA512
f846f17c8c924308ab1ccc186fac1c64b825925849337f24e11dc4071964937cf69d10e799c5d111346d9496fca1e729739a6b36a53007619fd69d6b98e1b2d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
519074232e2af923e703adeb841d479e

SHA1
f3e3048876018a6a5be4e900d2bec5613eb14811

SHA256
9076bd20bd0fa257c92d0a6add25980242ce1bed27615055e1b17e83f24c0773

SHA512
a0858c906a82f8d0c90828607051fe3b474b7097658292bbbd4429c669f3c673a5165513e7be0ebc35f66f72c1a4efaf2af46f81c7e9fc82a66d93bd0a4ef056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
42KB

MD5
88a6908e40d6d0ae54c81481b759b4c9

SHA1
6297839ae9a2e66cc8890aabd3b27a450eaff898

SHA256
b875f8f1d64a63da52c8edac70d49537f29ef8a1d6c079f509363cb1b8e09fda

SHA512
05ab4eb3cee984d0c519884273956eadd48f45da7bc7227a8975b6205ffdd4a4f8436058adb06b55673b2163bb7bf7448956f6dc0d0142e25b16d1670476e96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
fcda26cfe46812b39cee187e3452f624

SHA1
75abe752dc43ff9ef97e46440fa6d86d4d5da213

SHA256
31f8e72c571f85fefdf7b335885ba3ff10e8879d73e784f60627ef40a86ae519

SHA512
b37fb21c0fe72ece581fef7efb9de509dd8ab7880437c4066039dfce39de9cb7bce8a3ab01306bd5f4a8ca66067a3317757471a461a7bf32cfb3aadde4ec7468

Download Submit