634a75d0a188dc16e430cddf68d915d074c0e28c50fe332e645df123850c18ac

Analysis

max time kernel
144s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2023, 16:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

634a75d0a188dc16e430cddf68d915d074c0e28c50fe332e645df123850c18ac.exe
Size

2.9MB
MD5

da175fb65e31def59d1c9200ab7ff0df
SHA1

aab8436e7086aca43ae710432a555827bd5eb680
SHA256

634a75d0a188dc16e430cddf68d915d074c0e28c50fe332e645df123850c18ac
SHA512

71ee40d636b51498f3ef84550beec92ff1a4e3c64f9f9b963fbeffe5a881e8322860ea4a3bf344c4857ae3a3e90ff469c31a069c5db73f740ced5a2f09e23987
SSDEEP

24576:K2aWGoh0OndRBdvogQSP0PXAlCJztaCQoUS8s6eU1HQKVX85j5bZo//J2yLGm22Q:+3he9l8POCisCN6ZZoIygrBYj

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f2d14d9e-fae1-41f4-bb78-92eb201c7060.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230305175801.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
5096	msedge.exe
5096	msedge.exe
5000	identity_helper.exe
5000	identity_helper.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 5096	4640	634a75d0a188dc16e430cddf68d915d074c0e28c50fe332e645df123850c18ac.exe	87
PID 4640 wrote to memory of 5096	4640	634a75d0a188dc16e430cddf68d915d074c0e28c50fe332e645df123850c18ac.exe	87
PID 5096 wrote to memory of 4732	5096	msedge.exe	88
PID 5096 wrote to memory of 4732	5096	msedge.exe	88
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4716	5096	msedge.exe	90
PID 5096 wrote to memory of 4072	5096	msedge.exe	91
PID 5096 wrote to memory of 4072	5096	msedge.exe	91
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92
PID 5096 wrote to memory of 1796	5096	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\634a75d0a188dc16e430cddf68d915d074c0e28c50fe332e645df123850c18ac.exe
"C:\Users\Admin\AppData\Local\Temp\634a75d0a188dc16e430cddf68d915d074c0e28c50fe332e645df123850c18ac.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=634a75d0a188dc16e430cddf68d915d074c0e28c50fe332e645df123850c18ac.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffde62646f8,0x7ffde6264708,0x7ffde6264718
    3⤵
    PID:4732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
    3⤵
    PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
    3⤵
    PID:1796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
    3⤵
    PID:3400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
    3⤵
    PID:3292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
    3⤵
    PID:2688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
    3⤵
    PID:3992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
    3⤵
    PID:796
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
    3⤵
    PID:2600
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:3292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0x7ff77d055460,0x7ff77d055470,0x7ff77d055480
      4⤵
      PID:3308
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
    3⤵
    PID:1444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
    3⤵
    PID:3524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
    3⤵
    PID:3824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
    3⤵
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12633109279856426813,16154951222160306706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=634a75d0a188dc16e430cddf68d915d074c0e28c50fe332e645df123850c18ac.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:4916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde62646f8,0x7ffde6264708,0x7ffde6264718
    3⤵
    PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
895506577c41c483da979755fdd1ebaa

SHA1
e75aac22f737506a859ab6de47e6a6e758d97d67

SHA256
3a1437a9202b1c30969c5922f52f4005c4df03da3399ec9e0ad72fc1877c9499

SHA512
b9042e787894d9269a6e5492b963067dc9b91cce5065402b51f2b2cc2054a00eb360647a2465099f93f84e9beb87805d4962f180662c31ee4dddb26d6a45ca9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
c910b6bbc99419f05a63d019c16bd6a2

SHA1
a613f3abb034e4f631c6ccad299b1ba78f242315

SHA256
3e8d487ea748296a9bf9e5459171d5c0c0229ea0ee8dd33ac992dc2bb1a56b18

SHA512
4210cfc33436da034c24b98d01b48b1e4994234b55544cc7e92c8b0be601965834cf60d55972ce28e879d30a6cfd85c411d156e3cb29ee69be47def9a18a8f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
391ca7c3948e898935e21dac42a414c2

SHA1
a6cfb448fdcd99d9351a0bf45e2ac07e5accb2e1

SHA256
73f6ea4eafcbabba2983db625715b9e25537253d3c62e1591b7ecbbe9d91d9b5

SHA512
466c1c4b0865d9b152cf51827e32d9a6d9f2e4645ab5a6bd03c1defb3f0f16ef8d607d51aef9f9b7d9ab4a93d4b07d4d3aac8c417df6383de58e3378b1a22319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
cdf640788ad69b5518edc209da8d5332

SHA1
b73cc25bc7111d1f022afb499199733e1e745068

SHA256
2f08cc0f208d0010514240aea81883d6b95ddb09bcd46c13b1f254f4c96abfbb

SHA512
b67d37ed286650560af92d26176a108d9aa2449800a4c648181cb8d2aeb20cfd3cd7aeee7e2f089b45e0a9d164bde77bd65e834a0eef4ca0193440df58c12ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
488B

MD5
172d88102f444f0e89985e4d7ab8db76

SHA1
5e4524fffceb02a351486c5c6509830a4ef8683a

SHA256
ee7e98b98f17ea40e47568c95a7b543d73f6b16109d1e1037e440077f1b1967d

SHA512
4b760367e1c2416bc3bd0192c03a950ed299f1cc5c4d71a8f4b540c7ab7f660d8920063fbf8886ca619cf5eb11572d6efcc85fc5d3b85c5e21417a64572ab8a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
4446318e8a29ae20876bf835d44bf1de

SHA1
8fd2bb4af399859700c2ab26f4fb24ec8a727d64

SHA256
6aec1575fb28fbff89bcabd08d37ae0722cf24afb6d16054d1af032dbd61b074

SHA512
678498836e9bfed3e5872651bd3b02009c05629770d13fe86bf50f42b3f6b305f651fdbd4454b1a6beea6b495e82b603232ff75ff001956774042fb791e12f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8b4a0069cd3f42da7f23ceb8b68a42e6

SHA1
9c1edcdede830e95cdde9e2a5764dffbecd1ba70

SHA256
2eb148514ac1d744b97fa125e134600ccd4f1b37cefee86590fb70b026025434

SHA512
8b2b7201176312ba26fe2afb629361694e2aacbc582ec2b4037b838a9154f477dba8f1ca7add2c6326d7d6ccb5a86a48e623f3180c53a68811eda1e65e2a88f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c7358b8ff910a101f2ed5be590c241d

SHA1
36628cdf540e8e610444e47497621c99505c0563

SHA256
5368ea9caf2d0eb5eb0a9f980d0def56dd77e8c2d08655c5d8c1d1638343c985

SHA512
808e960714a5dde4f3a4c745cbae07e49f65a78908bbd9254be51d33c802dd89096a1e9df1eec61b6de2f99799655aab95ed7a1afb238c9dd85813301408cc77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
d2238433885e5b44935d1119836ebb9a

SHA1
06dc615931d470470a831a70cd3bf9ccec8a20a5

SHA256
4f87422f25d4d1f802886954a1b4a95f1f92da33d70caf270befa75557f685af

SHA512
8ac1d146884818e4662bdb50c65cb05ac2550bae960e058f835b5c49a87f0801068b60c4cdbdef29301b095bafc18013a91e2fd74f36d541fe44656506175bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56e17b.TMP

Filesize
369B

MD5
7ba7ed4a6141f797165f199a1cc37f15

SHA1
b3e63f7cc1627a485c2b88432d64b657cd7ba3e3

SHA256
4160cf4030c7e0c65c17ac843e45eda8dcd35754fe43716c14fd3cb347367abe

SHA512
a75e8a4e9aef2eb2575140ed88f2d33973e4817335c734c4598ff13b6541a3f45ba2da7b8565fd30ca04848e383688b23c5120566d00fb56ace44bf12a3ffb9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
adc45ffae770bd83cf6f2ee6e383c073

SHA1
23646ea0d57221d1b8c895b5981a10cfa6ff45a6

SHA256
9e77e7a6013df0ae32c7b242e383d462c4e0d26d05b9bba854c2c1faa97481eb

SHA512
a80a5a2e7b55a3d96eb393fee066927c49809adc5893b46b381df981538c15a82fafba014bae0de0d1ea1256c20921a9ede1393d053b6b25293a0b54265254ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
635ab8208bfde9d2605f4441567a8566

SHA1
e4a5ba686e964afcded6c6c2313e35336ad23c59

SHA256
c23a4bb1ef0c4b0d5ded5b183b0897a047d69a49dd349ac56bcb10b7be33ed6e

SHA512
c5d6f19327ec98f7657e0da7844f4c3742629c36d749b87ec0ec4f8d884c05de88286f374391bf2c57144ecf47412f5fc196f8f92a0721af7f817fe613a74515

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
e889b2a03ed9cc57b2fa4261d381c4e2

SHA1
1e525cf8563ef4acb3deaf01bea98dc8619cccdd

SHA256
be559b7621098e2c6d4add1f71c8e3327d5359d8ce03174c1ccbf182b5f4775c

SHA512
13e542d294ef098fe1bc17ca39659eefd91daa88318a2814a81e9ccc5bc06696eb7385f98d8b535dfdeba1ba818b79bbf646f79723629e7f876030d1055e6de9

Download Submit
memory/4716-146-0x00007FFE02E50000-0x00007FFE02E51000-memory.dmp

Filesize
4KB

Download