5c32fd40d473667e1f680d718eee98acd5304905f98a373a7148870096721ff1

Analysis

max time kernel
139s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c32fd40d473667e1f680d718eee98acd5304905f98a373a7148870096721ff1.exe
Size

240KB
MD5

f9fdb5b7033a52585e29e9bef79bbdca
SHA1

42cf207288ef14f3d6413b4b954970e344a2712f
SHA256

5c32fd40d473667e1f680d718eee98acd5304905f98a373a7148870096721ff1
SHA512

fc5038879626b3a93bb8fe0307870fc6f09fcc4ad6c9b41ed694a54c2722740ed5423835866e9c5f4d77ab29f4788900506201601420455c2ac240d8ad511fca
SSDEEP

3072:P9HGyWKWBlflZ82JOcaRilY6u20i5hHcYF0sa:PRGyWKWBlfb9CRj6uvMc8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2900 msedge.exe
2900 msedge.exe
3940 msedge.exe
3940 msedge.exe
3940 msedge.exe
3112 identity_helper.exe
3112 identity_helper.exe
1932 msedge.exe
1932 msedge.exe
1932 msedge.exe
1932 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

3940 msedge.exe
3940 msedge.exe
3940 msedge.exe
3940 msedge.exe
3940 msedge.exe
3940 msedge.exe
3940 msedge.exe
3940 msedge.exe
3940 msedge.exe

pid	process
2900	msedge.exe
2900	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3112	identity_helper.exe
3112	identity_helper.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5c32fd40d473667e1f680d718eee98acd5304905f98a373a7148870096721ff1.exemsedge.exe

description	pid	process	target process
PID 5004 wrote to memory of 3940	5004	5c32fd40d473667e1f680d718eee98acd5304905f98a373a7148870096721ff1.exe	msedge.exe
PID 5004 wrote to memory of 3940	5004	5c32fd40d473667e1f680d718eee98acd5304905f98a373a7148870096721ff1.exe	msedge.exe
PID 3940 wrote to memory of 4076	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 4076	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 1964	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 2900	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 2900	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe
PID 3940 wrote to memory of 892	3940	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\5c32fd40d473667e1f680d718eee98acd5304905f98a373a7148870096721ff1.exe
"C:\Users\Admin\AppData\Local\Temp\5c32fd40d473667e1f680d718eee98acd5304905f98a373a7148870096721ff1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5c32fd40d473667e1f680d718eee98acd5304905f98a373a7148870096721ff1.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82aae46f8,0x7ff82aae4708,0x7ff82aae4718
3⤵
PID:4076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
3⤵
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
3⤵
PID:892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
3⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
3⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
3⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
3⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
3⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
3⤵
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
3⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
3⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
3⤵
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
3⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15456634214489306565,15248704107210980216,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5c32fd40d473667e1f680d718eee98acd5304905f98a373a7148870096721ff1.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
PID:3096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82aae46f8,0x7ff82aae4708,0x7ff82aae4718
3⤵
PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4468

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
2dd2bc000aa3d20f1ff0b8debb111ac7

SHA1
42fd55245f3dc02519ab403bcf1de2aefed9a8fd

SHA256
e46462699c0daf02be2c3f814f69b5aa5409c2ac5e074f148a93fe76fc53026e

SHA512
d4d81e186ac5e5793d09e1ac6c48c1330381f406ab031987a9508fff4c28eeb570874c26175111b52c1b5bbed5183af723457e7ecdb42f1839b267fab3d3b6b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e5a3577d09b3d68ae35bd1678e0b86fe

SHA1
2bc2c796cd99c0bf5e17f6e97991d42dbdd2f9ee

SHA256
12f2b301095dadb86d99310e769c7b96de24f20ecff28f2ffcc7f0387a26af10

SHA512
d45fff0817206d17853426a4346a680fb5ba9196cd038c147685b755e5464d598ef6fc01f0972f578eb258ab2f18dc9a1934442400d1e01418500c3157acf3be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
dc0f01bdf39b4af154ba58d0190bff97

SHA1
f278f54cb91f8dd5d85b990aacd423e064ae91e0

SHA256
7f84bb609078ec886d02418960e9f5f90c17824ab429b6f5d3fc80fb805015ad

SHA512
3d4f0dcd7907b4841234e467dd0bcbbc3a7f060a1327477acc79773475e20f4896226a5c27abf8ca2db5cf13e3ad3d85d65d9c8b1e8a6add3b23c05fc76fb396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
357ebc7526ab473f5a5245f9fdc6fd79

SHA1
e925afa5f2dd72727ef09f4be13fd8ead537cc7c

SHA256
40af135331ea750fa9334fc64055be17c9180351733dc8b83bcf11ba5f5e1fef

SHA512
92cfcc8e0c3b06316187973eeb56f5457ce9510baedaa8ac8bec0095b7f75fa5d1472f6ab9a40a6b62d1ad3c2d3c2470d6d197c6097d92e520faeb16ca60f06a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
bad93b9a3ea0598a7fd112370000c4e1

SHA1
3fc3b28b55d52709abb1c95c45913260d1794c8f

SHA256
53b9cc820a8a3d5bf0e0963043173645abcfa2829a5880b9b4e8dc267835201d

SHA512
12be66fb957eb336369b9d2423f09a67ecf33c2991e650dc63de329d485df354e97fb9323f2b5b6920b17a1458973d50f95dfd5464000ac11216139f7c86b4e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fea3.TMP
Filesize
371B

MD5
d32149f6de340d4c9ccc8674949743b4

SHA1
460883bdffa9a8c4ed30a1101138dd8aedc8f28b

SHA256
e3823ea1602089a04ed3608063bfe403d1e13bc68bdb22b3f0f4ea48d6823aa8

SHA512
e441d69361a02fdb18e3b13bf5836aa5beaf6a38bc29a00504f384b1e3e0b62a3b88d16bcfc0c6fc67efdc66437a2a5486d613272161c477e283097dce223476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\da096bf4-96b8-4539-9fe4-48da746add82.tmp
Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ab80cdc6aac87cd0523c4018126440c8

SHA1
5829ee1623f7c0c6f239c6e72e098b744943f3f6

SHA256
3b391c6dae4c9ce503b6b3539d7b9bd5a65727ec3a81949ca16617f165bba101

SHA512
7b4856db630aad53413394517196156d5db019aa4ed1129e97b9c50d6e78b2f15995eae78bc6e70b9a7572d6fff404cbeda28a5c6eb72a142e0fc1b3ccc9f4b8

Download Submit
\??\pipe\LOCAL\crashpad_3940_ZPIYCLVAQLDTNLJC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit