79796ee3eea8b35869d4fa38792a4b6ed4de6eb76fd810e43188423952660c4b

Analysis

max time kernel
162s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79796ee3eea8b35869d4fa38792a4b6ed4de6eb76fd810e43188423952660c4b.exe
Size

238KB
MD5

f6af855e87d1b2184bc6833f7e63003b
SHA1

05a3ef73ecb73602411689d1c4bbb088fc9e3709
SHA256

79796ee3eea8b35869d4fa38792a4b6ed4de6eb76fd810e43188423952660c4b
SHA512

dd6afff12da04deffbdc1b382e62d00be1ae4604a29c96b60c5f4d3ea42d6a66347685ca6047d82058fada501d627e701b7ff889534788f498cdea11cb177532
SSDEEP

3072:L4h5B5R9DS2QZZa1PdtTdrTXm0DiZUEq5vn/YoB7:L4h5B5R9+2QcRxnm0uZUh/N

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{4A2F7F0A-FDF8-40B4-BD78-C80D2B353592}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 4504	968	79796ee3eea8b35869d4fa38792a4b6ed4de6eb76fd810e43188423952660c4b.exe	93
PID 968 wrote to memory of 4504	968	79796ee3eea8b35869d4fa38792a4b6ed4de6eb76fd810e43188423952660c4b.exe	93
PID 968 wrote to memory of 3332	968	79796ee3eea8b35869d4fa38792a4b6ed4de6eb76fd810e43188423952660c4b.exe	99
PID 968 wrote to memory of 3332	968	79796ee3eea8b35869d4fa38792a4b6ed4de6eb76fd810e43188423952660c4b.exe	99
PID 3332 wrote to memory of 2104	3332	msedge.exe	106
PID 3332 wrote to memory of 2104	3332	msedge.exe	106
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3220	3332	msedge.exe	107
PID 3332 wrote to memory of 3500	3332	msedge.exe	108
PID 3332 wrote to memory of 3500	3332	msedge.exe	108
PID 3332 wrote to memory of 3916	3332	msedge.exe	109
PID 3332 wrote to memory of 3916	3332	msedge.exe	109
PID 3332 wrote to memory of 3916	3332	msedge.exe	109
PID 3332 wrote to memory of 3916	3332	msedge.exe	109
PID 3332 wrote to memory of 3916	3332	msedge.exe	109

C:\Users\Admin\AppData\Local\Temp\79796ee3eea8b35869d4fa38792a4b6ed4de6eb76fd810e43188423952660c4b.exe
"C:\Users\Admin\AppData\Local\Temp\79796ee3eea8b35869d4fa38792a4b6ed4de6eb76fd810e43188423952660c4b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=79796ee3eea8b35869d4fa38792a4b6ed4de6eb76fd810e43188423952660c4b.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=79796ee3eea8b35869d4fa38792a4b6ed4de6eb76fd810e43188423952660c4b.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x34c,0x2a8,0x35c,0x2e0,0x368,0x7ffea3b92e98,0x7ffea3b92ea4,0x7ffea3b92eb0
    3⤵
    PID:2104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2580 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:2
    3⤵
    PID:3220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2804 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:3
    3⤵
    PID:3500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2908 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3480 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:4508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3504 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:4380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4772 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:3756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5156 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5168 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5308 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3272
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5860 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3104
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5860 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3624 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4500 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4520 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=672 --field-trial-handle=2584,i,4517227434100325556,16788985268293101639,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3144 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:3864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5772 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=4612 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:3280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5272 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5356 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
2a5dfe4a9ae4635aca1206bc89dca998

SHA1
7eb7253e1e6039093a1fb4a714319b9e79d59546

SHA256
fa25efb81a2ed1789226bcb479a16539a85f82949522235511c948c75f029222

SHA512
0ee280287272d8cfbc5d53d14fe48f2b1c2c1d892119395bca7794d606507b8ae1bc03c40436e13800921ef644a0c8406629b55f5653e84315544b56d665892e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
3fd936c14948f8a4b9877a8400f0381f

SHA1
7fb21889408a7b968e4933684149575ba8c402f6

SHA256
bb4416b9239b589e30b48d52854b35f90cedb1590dd44c6883ea6443c3a4f255

SHA512
c975786c95546741cf5f225ada3bb26c3bc49d8c3ec1e2b1afb4ce8e7f94a096cc19a65da0ab59636def2eaa54adb5ae3717c6c4151b3c6f790516eea6ea7cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
a340ffe76837556febdca78fd4498526

SHA1
14fb3981101a4c859ee1085b00ac81480ce3e5b4

SHA256
d6106c27315bed85d01b304df1ece8e3f24ef890c60d94cc8d0090ade589c3e9

SHA512
e5fdec773f251140b2cb79734b9e8b9e559cc1847693c27007ee7503a8c23d54f4ebb8f97976275956b078e0dae0e6ce46c0d472a2f6dfbcdeb5a7bbdd196879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59b685.TMP

Filesize
192B

MD5
dee0a263bfa74f65d985310c87912741

SHA1
fec3dd307b66387316e1a6c98f7af6e6d8ed73dc

SHA256
4605b901a12f94a5e0105f719569b2a8588e239509b7e3ac680f0d0f244b38f1

SHA512
ea5d582dff85768198940d86b59a622cbc55295e3217820837b7fe320d0a6513ce56e4473328f54b63f7c7957b33f407f4c5ccf4cf220063f73b77764dbe3241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e4cb52f4408a840d7ca7741f774b4c68

SHA1
930a3d354842f8c845161589c247d6694564df86

SHA256
8c19020a3c37169857c837af5040f85a73e9ac730deeea0234e7e887faac4bfd

SHA512
c2ba978ab737179f4448c6ef76d51835ae0175f15f63a27bd6354b8a602ea47e4b25c55e0b4c68bc32b681c24414a52a08120dd21d3943ff75f771e5d50f1310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e3f8b7f4853d363a63eb3f7f44991f0e

SHA1
23b5f878ec2d2f720ab22bdbfba6198775963c2b

SHA256
8774836aeabc6e56b393b3f2777abac3c0db2d6e0de487dd55b541b962d4bf27

SHA512
0ac0c8e0eeaeba8a7e38db2d72ea3229e39ec9be31aa290ee38735f486dce3ac9bed812152599d406d32a048f799e169c26f2377b2eb784ec7ae76e2d56b6ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
0b0ea468a44ef6fc7bfb02bbe5f6874b

SHA1
b18350489575c0c67f1aa6f5830c1be9cca27976

SHA256
d21265c23e1ff7f9ccd6656cd94db7f6dee5d0baffe2b9acce3c5b8a49597276

SHA512
49f85f8ef1436907afdeed8f991a7832e4e3b8a6b999324c0f6b5cf7b637ed6d8360779df5d2d9b61fc193ba3384bfb390c83c0546986e6716d58a78733755d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
033964f82b4869df34ebb910141893ae

SHA1
5067054039639013adc108d3b5ac1c8ec092358f

SHA256
755e9669b2fa4043fb4f81ec99c91c4d3fcaa219ff90959944355acecf04f74b

SHA512
390e7ebf0626d901ff7e3aba2664a6f7860703771a94f63eb3bfae1f19022d814ae98c6fc2d663fb26e28bc3ec8c58ade09e25ee2d98e8c396df80afcd0789e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
0254aef4589da762a87ac5e4b2026206

SHA1
0cc6c3bf734487e581c69652344a98600dfab884

SHA256
1e05f998a24db7275a66d40618d0ef25d21c72da03c40ed9b8acaa48af5536fb

SHA512
262c3adda81a756afb2a9e1c2a424a6a529e8a7e978e6ce4a54e35bc65223d4b8c0ae347eecce4904586e6b63fca4d6a10e1354753fd1e4c5bb30ef11d63b278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
2a6c33c6e9e37a0be61b44d059d6ba67

SHA1
8953278bfb2923d2e5a5d87fba53de1fb360949e

SHA256
a7bbe8534633e28f303494db33140abd9de2e8739434a41d03b38ca0f3696bf6

SHA512
7226ebde704f45af6f76c0253d20a6486540b6526a7d14ca7b62a634fd9081f8c0053454c59cdabed211b4472537bd1a00cb91a4ca02930a58ed83dfe0ae769e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
585d617b33f4036d46ade8e3e13127c9

SHA1
2c2c05031b64bff67a1b81d0865b769ed38656b6

SHA256
0da20033e0ae056f794a214f26cc24af629d681141087b91c0a0bb59aee552a9

SHA512
1b68e9c2857cbd109976a99ae445af5a0a123c0217418005b0b840150fe00b322cd253c78ea6d7e1d0f508705236157f35dfddc1233da987510162991b8cb4d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
45KB

MD5
586ff22b59fe930133cb5e8550de3223

SHA1
ca8ac0067471cc3353e3fac939e35fb5fe9c7ca8

SHA256
2d544a6f6e5b6bb07415bd6075fe24b168c2749b2e6685b934480effebc4d79a

SHA512
1398d0cf6f65fdd056bd41866294f9af65c206b165e41d819eef700dba1d8511f67aaaa7eca30721ace03c9c54c15f2bfea086e0d05da245dbacb69ae83ae2f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
1f2ede446342c378c7f8f60455c12b21

SHA1
0692f10fadad2ce52da1079670ebc8fd8d4ff5ca

SHA256
24fb71bc0860e1636eaae5efe9de092c44717d02f26550c984d55030be6036bd

SHA512
54b17b4593bcde0c1dcfd64b552221bc12912a61adb6000712bf2da21d630292b58bcd3b848f7785d536eef320d3b9b99f5b43b18954cb752672cf51c6f0d4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
a5bc361ab806c5ae7557390445a27c66

SHA1
d4120762b84f08237e6511ed5be314f18ba429c2

SHA256
2642fede5165f55fd2157cde56cff4843fc25dfa31fbd1fb725636e9bb5fe020

SHA512
46688a45752267543510e79071231940b8437a590dbd6651c09c59d37f18214c39813e951bc30e457c19f69c8febb8fe4b033ceeeafe2e4d34b47189fda3e747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
05385ab20583ee83804bacca6d493ca0

SHA1
2d6ac21711c3a8ca29f1fe0b655f2252ac204b7c

SHA256
cc7dabacb7956572045269f8dbd3020fdf577fb185654ef704edcb9e511af79f

SHA512
0a812f15c09b69f46b8d719b58d41b956338c0e3bf59b3f823a4bf664d1aaa30e3c1f2541e7109dee27b696e647d03516b9dedf0338885ccc3572507b50185cc

Download Submit