5e4286f343cfe02662a3e20d4bdd6004615c9b3f32edfccd5c96bb058e9090cf

Analysis

max time kernel
1448s
max time network
1453s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-08-29 2.39.53 PM.png
Size

77KB
MD5

bbfb13f6920a0deda64fe6f075287723
SHA1

ee8d750b6c3d74445cbaeaf7b0e304fe5bf4bf7d
SHA256

5e4286f343cfe02662a3e20d4bdd6004615c9b3f32edfccd5c96bb058e9090cf
SHA512

789b4c928ce9ede34da3578e515b2120961326aebb5d93b4bdb35c1fc107edd86e380ca934a88d19ae408cc1e45ad170fe46690da58019e105179c1960878276
SSDEEP

1536:d01duqLdPnbDQni5YRJmzVLNop28rayrFe5+5j91TNC2jQ+bkp5l:S28bcniPzdkHjBe45j9Ko1b0l

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{AF866A9C-760A-4FEE-A7E0-CAC99230CC02}	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
2292	identity_helper.exe
2292	identity_helper.exe
2412	msedge.exe
2412	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 2608	1840	msedge.exe	98
PID 1840 wrote to memory of 2608	1840	msedge.exe	98
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 2864	1840	msedge.exe	99
PID 1840 wrote to memory of 4300	1840	msedge.exe	100
PID 1840 wrote to memory of 4300	1840	msedge.exe	100
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101
PID 1840 wrote to memory of 3228	1840	msedge.exe	101

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-08-29 2.39.53 PM.png"
1⤵
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa211246f8,0x7ffa21124708,0x7ffa21124718
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9011358497884689014,17819773447016096840,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1288 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
23KB

MD5
869756a79d2e0b713ca858480b7f4b86

SHA1
bdc763715388227b43dd5f9923a383622b594101

SHA256
145e0e0829ccd796e7d88a5a2feeb17b29fb4ec639cbd565eda012bc3b211c0e

SHA512
59b4a2fcdee2ad31dcbeaf9d5a12a80fcc99dc676c4a8fdfbea1f3ab1c37138c8f6fc542b6897df54253057f3cfd717abca3cc4bb1f0401ea2e64822f75a5f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
21KB

MD5
2af05fe5ed23471c40180a87dac422ea

SHA1
1b861e061d523d5a9cc0669697fdea4b6bcb0308

SHA256
3600d60b2cfab9eb3b9f17cf2e28a194a9a631d5b5858f450ede103d7f75811e

SHA512
27cd81d902494311fdff87dadef7fd27fd5e4184fe1e5a91982e84501ec96a367f98ccb55bb61476cbd574104cc63659a2f0a242036f10324bfd2f0ef7b54712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
55dd03a3a88e68424a18c325e5d0032e

SHA1
2ee0ffc5598bbefeefa572189a908dd298126b62

SHA256
c5afae3b9703ac976deb1df9d3643310fcdeb0e5700efc6bbccf66548bfde0e0

SHA512
d6541ae121ffd6b32af93549cef53925e672861e1ebbccec86eb5d5cf85d9f0615a316a9b5c7913a50367d98a8198330a297f8e78597fb1ef26b17047bbee539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
867B

MD5
388d641283376a5d7645104291135d78

SHA1
3329cf3b08151048fa0ee7a7d2a3e5ef01bf2827

SHA256
61994938fdf672b488f5726e2e75cd94aa54336bb8eae1ce9ff46f8cbe8557a8

SHA512
36dd1e66777e62e1afabe9a53f8d683ca81d00e2f363bf3654e4a5c9ca7b2937f313c134657aa955d5947b1fee64d93b885175cb5c629927b77317956589361a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a434af1fb6a53d799aaf7bdc5f9611c5

SHA1
f52de0a4386be5a918e8d6bbe1fa3e57b25fa63e

SHA256
562582c4b577464cee04295f1d46a56996c4463cd2780c1e85e23b32eef53d69

SHA512
a4e235ca2378059b14f77e7582172a9a4ec014bb3c0ec5bca7ccd8efb3eae6be6811b0cc3ff4d16b709bc1b0422261c91544183061fbbe7778e2897d3d74a413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
934cbb6b9e5cf077694e87f647aaec24

SHA1
9ff8c3d720360730dac490d74ca164b1299e45e7

SHA256
d0e17171a37ca1a4d3bb06bc926949b26229d4ed3c7cf56f7040975c9de4fb8f

SHA512
cea00b8bbaad95a95e07ceb4519a9975745db59b5226a34f31ec7441c2d29f33998cf3384849110b5490d159773e695290b5bb4f2520a265e9424ce93cae63e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8318f15c4b777f98428bfa974dd4be2a

SHA1
77d52fb2b342727fe2037ef88c4c71109c8962c8

SHA256
4e8d834b00a648da9b90fc6b4f98e625fc1ec2feef779f899fc02a84ae0869c3

SHA512
a36460b89f9b44ef165ad3f2e47f3efedc60abebf6c743745ba5b71b26fabf6d8a16e1935debfcbfd5f10b32a74aecb2f8a4038aae3e5530c3bf68a0232ce9cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5a21519c79b0a03eddfcdcaf2ca3fa55

SHA1
69ccc12741143617ecbd947d5371cb308ecafe06

SHA256
2a40990762bc96481484dac24da69593f6e2a6c33c0fd2f372316b0872c2167c

SHA512
e10a5f753a74a6fca13e1e1d42b50b9cb6a5b76c4cf848058f0de94c7a7fbb2e6534f2ea1904a66bcc2ad4abce81fa86a423f0f41b03b464a99f527fe6e34fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
05d723568273472174841c3d9b456451

SHA1
825721d5ffb7c4f44f01b4ff0c3e515ac2c06f20

SHA256
d0d0e4bd88b6c969abd1332c36e3c177430b183864de8c95d3466a02be853830

SHA512
8386e4c6a66448fa011c5b596cb53ef17422bef9de297d06efaaa3295a8eaedcbbf8c96f073ccdcf5a005db96a354f331f07569eb3e70a3aa48f867809e49d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5843ab.TMP

Filesize
1KB

MD5
7f19b68a18cfa82903fc2da3bdac4d95

SHA1
d1c2402f3f193e05846c375380fa29b8b0a5c1d7

SHA256
0f1c79fc8eab92b11d658a119609ca7a50b583779412d28afff5fcf3b97c6e20

SHA512
55c566a676f7f20d7bd2405e3b2e30aad2b7646236070aa4a6bb5ea95ceceaae2e6de7d07a5c4e29e2ffad293d77713855b4a18324babd53211c46a8799db8b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fb4c9b39-2180-4c16-a50a-fca6baa4da39.tmp

Filesize
6KB

MD5
3e4126ce9318ca9d6bcc7925f148536c

SHA1
a54a09e700734ec185700f8a16bd5cec972f0e5b

SHA256
a6ee788800058200ba6c2357d160b4c3ffbfcc16363e68264c96e66543abe036

SHA512
98bdeb89bc6d670d1e1f775756bca748e3aa86d44448c75b770f91e69a31f268f5366106881445c3997aa26a82fb1cc483c6bf685b1377d67acbb229e160f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2f0819efed0bed61542071a5dd3d7b82

SHA1
9fdce3c8f184acf7388d5a75db649b6cadd689c6

SHA256
9aff866825f518c5ee6bddce86e8331e88d9920bee9209071a5db534e4933891

SHA512
7858183c04c485926e5fd81258a4aebd11082c907bf3752efa1615926a45d534ad4d565eacb345eaf713bfc7b510a021a0dbe76586a402a7f84ea336c09d3a2a

Download Submit