2410f7cace8c73da4e58cccc177729fbe9802d9ad396af7fa34b338633e91429

Analysis

max time kernel
139s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2410f7cace8c73da4e58cccc177729fbe9802d9ad396af7fa34b338633e91429.exe
Size

234KB
MD5

1ec8ff26abba7a85cd397921ad40b0f1
SHA1

decd9151a05c2b727527aefd06f8d7157b054d89
SHA256

2410f7cace8c73da4e58cccc177729fbe9802d9ad396af7fa34b338633e91429
SHA512

3cffcc4a324d163b968bbccddfb069baf4ca567ec5866360183bbe7bf555790c52dc5cf1a69069a9f0e84e64bde88c70708cf1802154c0bbb09c1ffaa8d78c79
SSDEEP

3072:sQIVZlRVAdSEGbjxDiXI2lLX56RwIlwr/:sQIVZlRVuSEGbjx2nlLTIlO

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2012 msedge.exe
2012 msedge.exe
1708 msedge.exe
1708 msedge.exe
1196 identity_helper.exe
1196 identity_helper.exe
4076 msedge.exe
4076 msedge.exe
4076 msedge.exe
4076 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

1708 msedge.exe
1708 msedge.exe
1708 msedge.exe
1708 msedge.exe
1708 msedge.exe
1708 msedge.exe
1708 msedge.exe
1708 msedge.exe
1708 msedge.exe

pid	process
2012	msedge.exe
2012	msedge.exe
1708	msedge.exe
1708	msedge.exe
1196	identity_helper.exe
1196	identity_helper.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2410f7cace8c73da4e58cccc177729fbe9802d9ad396af7fa34b338633e91429.exemsedge.exe

description	pid	process	target process
PID 1720 wrote to memory of 1708	1720	2410f7cace8c73da4e58cccc177729fbe9802d9ad396af7fa34b338633e91429.exe	msedge.exe
PID 1720 wrote to memory of 1708	1720	2410f7cace8c73da4e58cccc177729fbe9802d9ad396af7fa34b338633e91429.exe	msedge.exe
PID 1708 wrote to memory of 792	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 792	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 824	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 2012	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 2012	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4704	1708	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\2410f7cace8c73da4e58cccc177729fbe9802d9ad396af7fa34b338633e91429.exe
"C:\Users\Admin\AppData\Local\Temp\2410f7cace8c73da4e58cccc177729fbe9802d9ad396af7fa34b338633e91429.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=2410f7cace8c73da4e58cccc177729fbe9802d9ad396af7fa34b338633e91429.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff12d746f8,0x7fff12d74708,0x7fff12d74718
3⤵
PID:792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
3⤵
PID:824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
3⤵
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
3⤵
PID:1336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
3⤵
PID:2812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
3⤵
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
3⤵
PID:1712

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
3⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
3⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
3⤵
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
3⤵
PID:2652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
3⤵
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
3⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5433926953897628952,9000550339431453706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5008 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=2410f7cace8c73da4e58cccc177729fbe9802d9ad396af7fa34b338633e91429.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff12d746f8,0x7fff12d74708,0x7fff12d74718
3⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
025ad9a11017d794e19ef56ee894ea02

SHA1
27a372c6d74b37e992e7782f7eb24fa33b463a3d

SHA256
8e226890e9ca8919b83e3cd3ce13b3ea053ecd3317fe103ca2a19e3af1fe4b33

SHA512
3ba02fc1a17112db7e3945569cf451a35da0223c678873d0ace752354ff693846600afff648474036d6ea434f52e6d3160448489ed22a40af19219e4e3d98801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8db56be3f50ebcaaf20cb8a80a9b5f27

SHA1
ed6bec1388f506bf722d6a5fa3667ef0b179f486

SHA256
8df37af0a0367dea05cd2225d1e19f869b5584add3d18df9fa271201f5012e2a

SHA512
41ff9e3c44559c7e898984309c277d4e493e994e9e6e72e9fd0a23ee95dddfac56fb09073c1dbfa27094bc46f0e92fb92371a3dcf8dc0ce38c9d1b4dde1a75b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0120a9866c6443f2f1959167931a9d23

SHA1
9fa058b340ea5e23037882a5c31de06ae2a135fc

SHA256
2113af4d9b09aba28908eedc93104f6f957c6df2c42dada702013c7733485052

SHA512
51d34864a6fc997a74a9e2a6b282f8fca6895d784a1989c49302fd64a0ba92a0d35d1a1fa85ed31596691fdde500dbec7c12853c408a4e3bd17c7d2d14cf5cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
eae285b537276711e69839de3741f6b5

SHA1
1f97b13907cfaa897f4cbfd2a75daf374385b18e

SHA256
8b43b07443bb144520280d10e9e063b8ac27fb374e9379885b4d79af36f22296

SHA512
0e2ac1f1171b2a561c02ab537767a1aebfa6d4c211bc27192992e29720abe1aab8a15fe1fdc6f106877aa640b2d17a79a6dfabe2868c3b02ec6bf10b02c37bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
fb2684403df760046fa7b91468f84f00

SHA1
04f3fc29f9dd918625b4fa8ed0d984d3e68d185f

SHA256
355dd5bcce0804bda7a373826b17b6f05ce6e6df8fc8625aa4d036d5b41c107f

SHA512
f77f67907c672036ca17e44b046ecd3982dfaab0043f7c6c23c63dbde9c8f1a5e010cbc339509cfe1fd54ccb17e0d150fff2d4bb7296cdaa5dcb1c52c016a76b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b798.TMP
Filesize
371B

MD5
a1bf9a814ce7f4c11da260ce13d46746

SHA1
43a77395ad5e148de7d4a588a1494993b92ee33c

SHA256
b4ac9214b8c4d1257c4e8679db91e05e296440e136885c57b2cbbe801ed95679

SHA512
d59c2e722db05559ed6d3bd8dc47311285a8ba1d23ca5cd8a461fe113b71bee280d533e8abac47ad17bd4dbe4bba7cf52f8893c4ff7d4b57d857b45bbc89ef37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
095b7a447c8c6e71b94539cba0d23ecc

SHA1
6866e89530148563778d99b1820371434256fd7b

SHA256
ffff0630aacd54a3b4e2e2beffd11f280364b14eb8097dc9e39d035853ac3d77

SHA512
22f1f03d9d8115258cd200c2765faa83718879a8fa97accf97a4864223ae7ea7d6e357dd65c211fff318d2c2e5dc16dfa83ca747269336c0d5626081e3908806

Download Submit
\??\pipe\LOCAL\crashpad_1708_XXPMCVOTNJTLUXME
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit